Edit tour

Windows Analysis Report
http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe

Overview

General Information

Sample URL:	http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe
Analysis ID:	1572835
Infos:

Detection

Poisonivy

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for dropped file

Yara detected Poisonivy

Submitted sample is a known malware sample

Installs new ROOT certificates

Yara detected Generic Downloader

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to communicate with device drivers

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

PE file does not import any functions

PE file overlay found

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

query blbeacon for getting browser version

Classification

Process Tree

System is w10x64

cmd.exe (PID: 7352 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wget.exe (PID: 7436 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

internet-explorer-7_8xx5-B1.exe (PID: 7504 cmdline: "C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe" MD5: 4CEF35CB56164E4427C8890CF5CDFD85)

internet-explorer-7_8xx5-B1.tmp (PID: 7560 cmdline: "C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp" /SL5="$2046E,1583588,832512,C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe" MD5: 02B1D8FF84BCD4EBCB01156636269B99)

saBSI.exe (PID: 5960 cmdline: "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)

WZSetup.exe (PID: 6100 cmdline: "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123 MD5: 3C17F28CC001F6652377D3B5DEEC10F0)

WeatherZeroService.exe (PID: 6092 cmdline: "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" install MD5: 2B149BA4C21C66D34F19214D5A8D3067)

conhost.exe (PID: 4208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WeatherZeroService.exe (PID: 4312 cmdline: "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silent MD5: 2B149BA4C21C66D34F19214D5A8D3067)

conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

internet-explorer-7.exe (PID: 7288 cmdline: "C:\Users\user\Downloads\internet-explorer-7.exe" MD5: AF5465B7E20FE89266A5B81BA1857BE1)

iesetup.exe (PID: 2516 cmdline: c:\b99fd08a604e45b5fc9f\update\iesetup.exe MD5: DDAB11B09B0310328B06F089DF750207)

chrome.exe (PID: 6952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.__/?typ=1 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1908,i,11294617880260353184,3263670613156315574,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

WerFault.exe (PID: 1404 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 1200 MD5: C31336C1EFC2CCB44B4326EA793040F2)

svchost.exe (PID: 3328 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 3904 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 3068 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7560 -ip 7560 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WeatherZeroService.exe (PID: 5848 cmdline: "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" MD5: 2B149BA4C21C66D34F19214D5A8D3067)

svchost.exe (PID: 5796 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Poison Ivy, poisonivy		GALLIUM Molerats Mustang Panda Nightshade Panda Pirate Panda Stone Panda TA428 Temper Panda	http://blog.fortinet.com/2017/08/23/deep-analysis-of-new-poison-ivy-variant http://blogs.360.cn/post/APT_C_01_en.html http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf https://attack.mitre.org/groups/G0011 https://blog.bushidotoken.net/2022/07/space-invaders-cyber-threats-that-are.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\WeatherZero\WeatherZero.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: iesetup.exe PID: 2516	JoeSecurity_Poisonivy	Yara detected Poisonivy	Joe Security

Sigma Signatures

System Summary

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2588, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe" > cmdline.out 2>&1, ProcessId: 7352, ProcessName: cmd.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3328, ProcessName: svchost.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-11T00:54:02.762011+0100	2028371	3	Unknown Traffic	192.168.2.4	49731	65.9.108.35	443	TCP
2024-12-11T00:54:05.908074+0100	2028371	3	Unknown Traffic	192.168.2.4	49732	65.9.108.35	443	TCP
2024-12-11T00:54:08.331494+0100	2028371	3	Unknown Traffic	192.168.2.4	49735	172.67.26.92	443	TCP
2024-12-11T00:54:10.738505+0100	2028371	3	Unknown Traffic	192.168.2.4	49738	65.9.108.35	443	TCP
2024-12-11T00:54:13.306771+0100	2028371	3	Unknown Traffic	192.168.2.4	49740	65.9.108.35	443	TCP
2024-12-11T00:55:11.280179+0100	2028371	3	Unknown Traffic	192.168.2.4	49790	18.161.108.175	443	TCP
2024-12-11T00:55:14.600892+0100	2028371	3	Unknown Traffic	192.168.2.4	49801	18.161.108.175	443	TCP
2024-12-11T00:55:27.514835+0100	2028371	3	Unknown Traffic	192.168.2.4	49830	18.161.108.175	443	TCP
2024-12-11T00:55:28.173254+0100	2028371	3	Unknown Traffic	192.168.2.4	49833	54.200.239.173	443	TCP
2024-12-11T00:55:30.499365+0100	2028371	3	Unknown Traffic	192.168.2.4	49840	18.161.108.175	443	TCP
2024-12-11T00:55:30.657772+0100	2028371	3	Unknown Traffic	192.168.2.4	49839	54.200.239.173	443	TCP
2024-12-11T00:55:34.369271+0100	2028371	3	Unknown Traffic	192.168.2.4	49852	18.161.108.175	443	TCP
2024-12-11T00:55:37.712612+0100	2028371	3	Unknown Traffic	192.168.2.4	49860	54.200.239.173	443	TCP
2024-12-11T00:55:53.642502+0100	2028371	3	Unknown Traffic	192.168.2.4	49915	54.200.239.173	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://www.DocURL.com/bar.htm

Avira URL Cloud: Label: phishing

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe

ReversingLabs: Detection: 50%

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000F5870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	10_2_000F5870
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000F6220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,	10_2_000F6220
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000F67B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,	10_2_000F67B0
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01004C6D InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,CreateFileA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,CreateFileA,CreateFileA,InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateFileA,CreateEventA,CreateThread,CreateFileA,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,ExpandEnvironmentStringsA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,	12_2_01004C6D
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_0100436F GetFileAttributesA,LoadLibraryA,GetProcAddress,DecryptFileA,GetLastError,	12_2_0100436F
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01004C6D InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,CreateFileA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,CreateFileA,CreateFileA,InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateFileA,CreateEventA,CreateThread,CreateFileA,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,ExpandEnvironmentStringsA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,	12_2_01004C6D

Source: C:\Users\user\Downloads\internet-explorer-7.exe

File created: c:\b99fd08a604e45b5fc9f\update\eula.rtf

Jump to behavior

Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.26.92:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.200.239.173:443 -> 192.168.2.4:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49852 version: TLS 1.2

Source:	Binary string: update.pdbH source: iesetup.exe, 00000017.00000003.2829277286.0000000002971000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: update.pdb source: iesetup.exe, 00000017.00000003.2829277286.0000000002971000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: internet-explorer-7.exe, internet-explorer-7.exe, 0000000C.00000000.2743303768.0000000001002000.00000020.00000001.01000000.00000012.sdmp, internet-explorer-7.exe, 0000000C.00000002.2852794205.0000000001002000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: msfeedsbs.pdbH source: msfeedsbs.dll.12.dr
Source:	Binary string: shdocvw.pdbE source: wshdocvw.dll.12.dr
Source:	Binary string: ImgUtil.pdb source: wimgutil.dll.12.dr
Source:	Binary string: ie4uinit.pdb source: wie4uinit.exe.12.dr
Source:	Binary string: vbscript.pdb source: wvbscript.dll.12.dr
Source:	Binary string: ieencode.pdb source: ieencode.dll.12.dr
Source:	Binary string: tdc.pdbL source: internet-explorer-7.exe, 0000000C.00000002.2852880836.0000000002DA2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vbscript.pdbPoE source: wvbscript.dll.12.dr
Source:	Binary string: iertutil.pdb source: wiertutil.dll.12.dr
Source:	Binary string: ieencode.pdbL source: ieencode.dll.12.dr
Source:	Binary string: ieframe.pdb source: wieframe.dll.12.dr
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net35\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.11.dr
Source:	Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: updspapi.pdbH source: updspapi.dll.12.dr
Source:	Binary string: tdc.pdb@UATAUH source: tdc.ocx.12.dr
Source:	Binary string: // PDB: s:\ntc.obj.x86fre\inetcore\rss\msfeeds\objfre\i386\msfeeds.pdb source: msfeeds.mof.12.dr
Source:	Binary string: msrating.pdb source: wmsrating.dll.12.dr
Source:	Binary string: mstime.pdb source: mstime.dll.12.dr, wmstime.dll.12.dr
Source:	Binary string: tdc.pdb source: internet-explorer-7.exe, 0000000C.00000002.2852880836.0000000002DA2000.00000004.00000020.00020000.00000000.sdmp, tdc.ocx.12.dr
Source:	Binary string: iesetup.pdbH source: iesetup.exe, 00000017.00000003.2824995132.0000000002971000.00000004.00000020.00020000.00000000.sdmp, iesetup.exe, 00000017.00000002.2851271269.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000000.2821516844.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000003.2824283034.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, iesetup.exe.12.dr
Source:	Binary string: iesetup.pdb source: iesetup.exe, iesetup.exe, 00000017.00000003.2824995132.0000000002971000.00000004.00000020.00020000.00000000.sdmp, iesetup.exe, 00000017.00000002.2851271269.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000000.2821516844.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000003.2824283034.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, wiesetup.dll.12.dr, iesetup.exe.12.dr
Source:	Binary string: msfeedsbs.pdb source: msfeedsbs.dll.12.dr
Source:	Binary string: shdocvw.pdb source: wshdocvw.dll.12.dr
Source:	Binary string: updspapi.pdb source: updspapi.dll.12.dr

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	11_2_00405A19
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_004065CE FindFirstFileA,FindClose,	11_2_004065CE
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_004027AA FindFirstFileA,	11_2_004027AA
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01004433 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	12_2_01004433

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Yara detected Generic Downloader

Source: Yara match

File source: C:\Program Files (x86)\WeatherZero\WeatherZero.exe, type: DROPPED

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: 2513624Connection: keep-aliveAccess-Control-Allow-Origin: Cache-Control: private, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0Content-Disposition: attachment; filename="internet-explorer-7_8xx5-B1.exe"; filename=UTF-8''internet-explorer-7_8xx5-B1.exeContent-Transfer-Encoding: binaryDate: Tue, 10 Dec 2024 23:53:49 GMTExpires: Mon, 26 Jul 1997 05:00:00 GMTPragma: publicX-Cache: Miss from cloudfrontVia: 1.1 b93a2a063e3f94fe345bc08072aed022.cloudfront.net (CloudFront)X-Amz-Cf-Pop: BAH53-P1X-Amz-Cf-Id: 1tCu0CCCym5EWfeHYW9S8qR4HHO5bMcr6tyLs_0uPNrDk2biL-dAxA==Age: 0Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 18 f2 ec 63 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 52 0b 00 00 5e 01 00 00 00 00 00 ec 5e 0b 00 00 10 00 00 00 70 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 06 00 00 00 06 00 01 00 00 00 00 00 00 80 0d 00 00 04 00 00 43 67 26 00 02 00 40 81 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 40 0c 00 9a 00 00 00 00 20 0c 00 dc 0f 00 00 00 70 0c 00 00 10 01 00 00 00 00 00 00 00 00 00 18 2f 26 00 c0 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 Data Ascii: MZP@!L!This program must be run under Win32$7PELcR^^p@Cg&@@@ p/&+`"T0.text9: `.itext
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 10 Dec 2024 23:54:24 GMTContent-Type: application/octet-streamContent-Length: 29662072Last-Modified: Thu, 14 Nov 2019 13:25:07 GMTConnection: keep-aliveETag: "5dcd55b3-1c49b78"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0f bd 8e f5 4b dc e0 a6 4b dc e0 a6 4b dc e0 a6 c8 d4 bd a6 44 dc e0 a6 4b dc e1 a6 27 dc e0 a6 c5 d4 bf a6 5f dc e0 a6 c8 d4 be a6 4a dc e0 a6 c8 d4 ba a6 4a dc e0 a6 52 69 63 68 4b dc e0 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e5 80 c1 42 00 00 00 00 00 00 00 00 e0 00 0f 0d 0b 01 07 0a 00 7a 00 00 00 1c 01 00 00 00 00 00 45 5a 00 00 00 20 00 00 00 a0 00 00 00 00 00 01 00 20 00 00 00 02 00 00 05 00 02 00 05 00 02 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 04 00 00 67 99 c5 01 02 00 00 84 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 8f 00 00 a0 00 00 00 00 c0 01 00 88 09 00 00 00 00 00 00 00 00 00 00 00 76 c4 01 78 25 00 00 00 00 00 00 00 00 00 00 d0 21 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 cc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 82 79 00 00 00 20 00 00 00 7a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 d4 10 01 00 00 a0 00 00 00 02 00 00 00 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 09 00 00 00 c0 01 00 00 f6 c3 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic

HTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.orgConnection: Keep-Alive

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 65.9.108.35:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 65.9.108.35:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 65.9.108.35:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 65.9.108.35:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 172.67.26.92:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49790 -> 18.161.108.175:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49801 -> 18.161.108.175:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49830 -> 18.161.108.175:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49833 -> 54.200.239.173:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49839 -> 54.200.239.173:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49840 -> 18.161.108.175:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49852 -> 18.161.108.175:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49860 -> 54.200.239.173:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49915 -> 54.200.239.173:443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /gen/internet-explorer-7-100x100.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.2.2Host: static.download.it
Source: global traffic	HTTP traffic detected: GET /f/WebAdvisor/images/943/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.2.2Host: d1e9165hyidvf5.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /f/WeatherZero/images/969/EN.png HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.2.2Host: d1e9165hyidvf5.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.2.2Host: d1e9165hyidvf5.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /f/WeatherZero/files/969/WZSetup.zip HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.2.2Host: d1e9165hyidvf5.cloudfront.net
Source: global traffic	HTTP traffic detected: GET /IDCVt99WXiQU.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: dcr0eadbm64ph.cloudfront.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /US/internet-explorer-7.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Inno Setup 6.2.2Host: dl.jalecdn.com
Source: global traffic	HTTP traffic detected: GET /json/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1Host: api.openweathermap.orgConnection: Keep-Alive

Source: whmmapi.dll.mui.12.dr	String found in binary or memory: #http://www.hotmail.com/secure/start'http://www.hotmail.msn.com/cgi-bin/sbox equals www.hotmail.com (Hotmail)
Source: wieframe.dll.12.dr	String found in binary or memory: http://de.search.yahoo.com/search/de?p=http://www.google.de/search?q= equals www.yahoo.com (Yahoo)
Source: wieframe.dll.12.dr	String found in binary or memory: http://ie5.rambler.ru/cgi-bin/query_ie5?words={searchTerms}Ramblerhttp://www.yandex.ru/yandsearch?useie5=1&text={searchTerms}Yandex equals www.rambler.ru (Rambler)

Source: global traffic	DNS traffic detected: DNS query: dcr0eadbm64ph.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: d1e9165hyidvf5.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: static.download.it
Source: global traffic	DNS traffic detected: DNS query: dl.jalecdn.com
Source: global traffic	DNS traffic detected: DNS query: analytics.apis.mcafee.com
Source: global traffic	DNS traffic detected: DNS query: localweatherfree.com
Source: global traffic	DNS traffic detected: DNS query: sadownload.mcafee.com
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ip-api.com
Source: global traffic	DNS traffic detected: DNS query: api.openweathermap.org

Source: unknown

HTTP traffic detected: POST /o HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 146Host: d1e9165hyidvf5.cloudfront.net

Source: iesetup.exe, 00000017.00000003.2829277286.0000000002971000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http:///isapi/pstream3.dll/InternetCloseHandleInternetErrorDlgInternetSetOptionAInternetWriteFileInt
Source: svchost.exe, 00000019.00000002.2962430353.000001E966531000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946412778.000001E966576000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS
Source: svchost.exe, 00000019.00000002.2963336761.000001E966A56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS%3C/ds:KeyName%3E%3C/ds:KeyInfo%3E%3CCipherData%3E%3CCipherValue%3EM.C558_BAY
Source: svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
Source: svchost.exe, 00000019.00000002.2962565730.000001E966537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2962260000.000001E966508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946412778.000001E966576000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb:pp
Source: svchost.exe, 00000019.00000002.2961555433.000001E965CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://Passport.NET/tb_
Source: wieframe.dll.12.dr	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: WeatherZero.exe.11.dr	String found in binary or memory: http://api.openweathermap.org/data/2.5/weather?zip=
Source: wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	String found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: wieframe.dll.12.dr	String found in binary or memory: http://autosearch.nate.com/search.asp?query=
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: wieframe.dll.12.dr	String found in binary or memory: http://cgi.search.biglobe.ne.jp/cgi-bin/search-ie?q=
Source: saBSI.exe, saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxFB
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxh
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxt
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxv
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/service/update2/crxy
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: svchost.exe, 0000000E.00000002.2985148268.0000024D51600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2963089646.000001E966A00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe
Source: wget.exe, 00000002.00000002.1711421090.0000000001190000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeROC
Source: wget.exe, 00000002.00000002.1711421090.0000000001190000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeVE
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exelis
Source: wieframe.dll.12.dr	String found in binary or memory: http://de.encarta.msn.com/encnet/refpages/SRPage.aspx?search=
Source: wieframe.dll.12.dr	String found in binary or memory: http://de.search.yahoo.com/search/de?p=http://www.google.de/search?q=
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.jalecdn.com/US/internet-explorer-7.exe8
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.000000000086A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.jalecdn.com/US/internet-explorer-7.exeoc=
Source: svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2858493498.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: svchost.exe, 00000019.00000002.2962260000.000001E966508000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
Source: svchost.exe, 00000019.00000002.2962945297.000001E966580000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdZaF300
Source: svchost.exe, 00000019.00000002.2962260000.000001E966508000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsde
Source: svchost.exe, 00000019.00000003.2946412778.000001E966576000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2858493498.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: svchost.exe, 00000019.00000002.2962260000.000001E966508000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
Source: wieframe.dll.12.dr	String found in binary or memory: http://dpxml.infospace.com/info/dog/webresults.htm?&qkw=
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D514C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D514C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D514C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D514C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D514C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D514C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D514FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: wieframe.dll.12.dr	String found in binary or memory: http://euroseek.com/system/search.cgi?mode=internet&string=
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D515B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: wieframe.dll.12.dr	String found in binary or memory: http://farejador.ig.com.br/query.cgi?utf8&query=
Source: WeatherZero.exe.11.dr	String found in binary or memory: http://freegeoip.net/json/
Source: iesetup.exe	String found in binary or memory: http://go.mi
Source: wieframe.dll.12.dr	String found in binary or memory: http://hladaj.atlas.sk/fulltext/?phrase=
Source: wieframe.dll.12.dr	String found in binary or memory: http://ie-search.findwhat.com/bin/templates/140/autosearch.asp?srch=~XXX~&mt=
Source: wshdocvw.dll.12.dr	String found in binary or memory: http://ie.search.msn.com/
Source: wieframe.dll.12.dr	String found in binary or memory: http://ie5.heureka.hu/?heureka=
Source: wieframe.dll.12.dr	String found in binary or memory: http://ie5.rambler.ru/cgi-bin/query_ie5?words=
Source: wieframe.dll.12.dr	String found in binary or memory: http://infoseek.go.com/Titles?col=WW&sv=IS&lk=ip-noframes&qt=
Source: WeatherZero.exe.11.dr	String found in binary or memory: http://ip-api.com/json/
Source: Newtonsoft.Json.dll.11.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: wieframe.dll.12.dr	String found in binary or memory: http://kr.altavista.com/cgi-bin/query?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://kr.search.yahoo.com/searchx?fr=kr-route-ie&websub=1&p=
Source: wieframe.dll.12.dr	String found in binary or memory: http://meta.ua/search.asp?v=ie5&FindRequest=
Source: wieframe.dll.12.dr	String found in binary or memory: http://msxml.excite.com/info.xcite/search/web/
Source: WZSetup.exe, WZSetup.exe, 0000000B.00000002.2866818559.000000000040A000.00000004.00000001.01000000.0000000E.sdmp, WZSetup.exe, 0000000B.00000003.2865837164.00000000029B1000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000000.2659654815.000000000040A000.00000008.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: WZSetup.exe, 0000000B.00000002.2866818559.000000000040A000.00000004.00000001.01000000.0000000E.sdmp, WZSetup.exe, 0000000B.00000003.2865837164.00000000029B1000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000000.2659654815.000000000040A000.00000008.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: svchost.exe, 00000019.00000002.2963681644.000001E966A73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://passport.net/tb
Source: wieframe.dll.12.dr	String found in binary or memory: http://rechercher.nomade.tiscali.fr/recherche.asp?src=msn&W=&s=
Source: wieframe.dll.12.dr	String found in binary or memory: http://s.teoma.com/search?q=
Source: ieapfltr.dat.12.dr	String found in binary or memory: http://safety.msn.com/phishing0
Source: svchost.exe, 00000019.00000002.2963089646.000001E966A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: svchost.exe, 00000019.00000002.2962260000.000001E966508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: svchost.exe, 00000019.00000002.2961740299.000001E965CE5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	String found in binary or memory: http://search.aol.com/aolcom/search?query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.bigfoot.com/en/index.jsp
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.bluewin.ch/bw/search/web/de/result.jsp?query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.digitalnames.net/search.html?srch=~XXX~&prov=msn&keyword=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.dreamwiz.com/cgi-bin/irs.cgi?so=2&utf=1&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.empas.com/search/all.html?en=utf8&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.excite.com/search.gw?c=web&search=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.excite.com/search.gw?search=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.ilse.nl/msie/index.jspx?search_for=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.ilse.nl/searchresults.dbl?msn=1&search_for=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.latam.msn.com/spresults.aspx?q=
Source: iesetup.exe, 00000017.00000003.2833019976.0000000002EA3000.00000004.00000020.00020000.00000000.sdmp, wieframe.dll.12.dr	String found in binary or memory: http://search.live.com/results.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.looksmart.com/p/search?qt=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.lycos.com/main/default.asp?query=http://search.aol.com/dirsearch.adp?from=msxp&query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.at/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.be/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.ch/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.co.in/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.co.jp/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.co.kr/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.co.kr/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.co.uk/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.co.za/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com.br/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com.cn/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com.hk/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com.my/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com.sg/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com.tw/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q=
Source: wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	String found in binary or memory: http://search.msn.com/results.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.com/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.de/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q=http://search.msn.fr/results.asp?
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.de/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.dk/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.es/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.fi/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.fr/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.it/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.nl/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.no/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.no/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q=http://kr.search.yahoo.com/bin/se
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.msn.se/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.naver.com/search.naver?where=nexearch&encoding=utf8&query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.netscape.com/search.psp?cp=nsckwpnscnetscape&search=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.nifty.com/cgi-bin/search.cgi?cflg=%8C%9F%8D%F5&select=23&htmltype=1&Text=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.ninemsn.com.au/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.paran.com/search/index.php?Query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.seznam.cz/search.cgi?w=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.sympatico.msn.ca/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.t1msn.com.mx/spresults.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.xtramsn.co.nz/previewx.aspx?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.yahoo.com/bin/search?p=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.yahoo.com/search/msie?p=
Source: wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	String found in binary or memory: http://search.yahoo.com/search?p=
Source: wieframe.dll.12.dr	String found in binary or memory: http://search.zoom.globo.com/glbzoomSearch/engine?q=
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: wieframe.dll.12.dr	String found in binary or memory: http://sidesearch.lycos.com/?query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://sm.aport.ru/scripts/template.dll?IniFilePath=ini%5Ctemplie4.ini&IrsBase=All%20World&UID=18%2E
Source: wieframe.dll.12.dr	String found in binary or memory: http://sm.aport.ru/scripts/template.dll?That=std&r=
Source: wieframe.dll.12.dr	String found in binary or memory: http://suche.lycos.de/autosearch.html?srch=~XXX~&query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://suche.lycos.de/main/default.asp?query=
Source: winetcpl.cpl.mui.12.dr	String found in binary or memory: http://treyresearch.net
Source: wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	String found in binary or memory: http://web.ask.com/web?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.DocURL.com/bar.htm
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.alltheweb.com/search?cat=web&query=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.altavista.com/cgi-bin/query?pg=q&kl=XX&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.altavista.com/web/iepane?itag=ody&hl=off&fr=ieas&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.altavista.de/cgi-bin/query?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.arabul.com/default.asp?ie4arama=1&search=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.askjeeves.com/main/askjeeves.asp?ask=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.atlas.cz/search.asp?mssrch=~XXX~&from=ms&query=
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1721649277.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000002.2959558242.0000000002216000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1729844820.0000000003490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.00000000075B6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.euroseek.net/query?domain=world&lang=world&query=
Source: wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	String found in binary or memory: http://www.google.com/search?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.google.com/search?q=http://www.altavista.com/cgi-bin/query?q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.hotbot.com/?SM=MC&DV=0&LG=any&DC=10&DE=2&_v=2&OPs=MDRTP&MT=
Source: whmmapi.dll.mui.12.dr	String found in binary or memory: http://www.hotmail.com/secure/start
Source: whmmapi.dll.mui.12.dr	String found in binary or memory: http://www.hotmail.msn.com/cgi-bin/sbox
Source: wmsrating.dll.12.dr	String found in binary or memory: http://www.icra.org/
Source: wmsrating.dll.12.dr	String found in binary or memory: http://www.icra.org/pics/vocabularyv03/
Source: internet-explorer-7.exe, 0000000C.00000002.2852880836.0000000002CB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.infoseek.co.jp/Titles?col=WW&svx=460400&sv=JE&enc=UTF8&qt=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.looksmart.com/r_search?look=&key=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.lycos.com/cgi-bin/pursuit?matchmode=and&cat=lycos&query=
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.mcafee.com
Source: Newtonsoft.Json.dll.11.dr	String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.overture.com/d/search/?type=home&mkt=us&Keywords=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.overture.com/d/search/p/iepanel/5/cold.jhtml?type=MSIE5panel&Keywords=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.overture.com/d/search/p/iepanel/?Partner=ie5panel_asp&Keywords=
Source: iesetup.exe, 00000017.00000003.2838043608.000000000366B000.00000004.00000020.00020000.00000000.sdmp, iesetup.exe, 00000017.00000003.2833019976.0000000002EA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.passport.com
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.rub.to/beta/search.cgi?m=~XXX~&utf8&s=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.searchalot.com/texis/open/ibar?srch=~XXX~&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.swissguide.ch/search/ie5/locationsearch/default.asp?option=~XXX~&search=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.switchboard.com/sb_ie4.htmSwitchboard
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.ubbi.com.br/busca/resultados.asp?lr=lang_pt&q=
Source: wieframe.dll.12.dr	String found in binary or memory: http://www.ubbi.com/resultados.asp?q=
Source: svchost.exe, 00000019.00000002.2961740299.000001E965D02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: WeatherZero.exe.11.dr	String found in binary or memory: http://xml.weather.yahoo.com/forecastrss?p=
Source: wieframe.dll.12.dr	String found in binary or memory: http://ypng.infospace.com/home.iemain/yellow-pages/redir.htm?fromform=qsearch&wqhqn=&qhqn=
Source: svchost.exe, 00000019.00000002.2960753429.000001E965C2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/InlineSignup
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E96652C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830919974.000001E966556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
Source: svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830919974.000001E966556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
Source: svchost.exe, 00000019.00000002.2962565730.000001E966537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830255566.000001E966557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/msangcwam
Source: svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/msangcwame
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record&
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordqdd
Source: saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.qa.apis.mcafee.com
Source: WeatherZero.exe.11.dr	String found in binary or memory: https://api.metwit.com/v2/weather/?location_lat=
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cassinilabs.com/privacy-policy/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cassinilabs.com/privacy-policy/ent=true&oc=
Source: saBSI.exe, 0000000A.00000003.2912884964.00000000056F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://confluence.int.mcafee.com/pages/viewpage.action?pageId=35264328
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1721649277.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000002.2959558242.000000000227D000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1729844820.0000000003490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003549000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.0000000002460000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003511000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2977981594.000000000361C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1721649277.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000002.2959558242.000000000227D000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1729844820.0000000003490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.0000000007490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003549000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.0000000002460000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003511000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1721649277.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000002.2959558242.000000000227D000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1729844820.0000000003490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003549000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.0000000002460000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2977981594.00000000035F1000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003511000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2773847809.000000000539F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.0000000002514000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2802770412.00000000053B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.00000000024E9000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/files/969/WZSetup.zip
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.00000000053AF000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658683759.00000000053A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipKXm
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2773847809.000000000539F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2802770412.00000000053B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipfXx
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.000000000086A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.000000000534F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/images/969/EN.png
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.000000000534F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/images/969/EN.pngn
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.00000000053AF000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658683759.00000000053A7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2773847809.000000000539F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2802770412.00000000053B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2773847809.000000000539F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2802770412.00000000053B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipf0
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipp5)
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.000000000086A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.000000000534F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WebAdvisor/images/943/EN.png
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.000000000534F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/f/WebAdvisor/images/943/EN.png.
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1721649277.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000002.2959558242.000000000227D000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1729844820.0000000003490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.00000000074A2000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003549000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.0000000002460000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003511000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/o
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1721649277.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000002.2959558242.000000000227D000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1729844820.0000000003490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2977981594.000000000362C000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003549000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.0000000002460000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003511000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/zbd
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/zbd8
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d1e9165hyidvf5.cloudfront.net/zbdini
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D51572000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D515AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D51572000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D51553000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.2780486727.0000024D515A4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.2780486727.0000024D515B7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D51572000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://home.mcafee.co
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://home.mcafee.com/R
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.00000000008FC000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eulaY
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000000.1721103740.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: WZSetup.exe, 0000000B.00000003.2866611067.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2720490640.0000000000603000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000002.2867158513.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/
Source: WZSetup.exe, 0000000B.00000002.2867071869.0000000000558000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/Zero
Source: WZSetup.exe, 0000000B.00000002.2867245231.00000000005FE000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2720490640.0000000000603000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2748979174.00000000005FE000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2865876045.00000000005FE000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2862906660.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000002.2867158513.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/forecast
Source: WZSetup.exe, 0000000B.00000003.2748979174.00000000005FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/forecast4
Source: WZSetup.exe, 0000000B.00000003.2797654435.00000000005FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/forecast86)
Source: WZSetup.exe, 0000000B.00000003.2720490640.0000000000603000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/forecastCgp8j6I3ZhW5WpkR5L6Rk%2FzVc6k%2BFp4%2BjTN02J%2FUAdGZPG7Wxex9a3h
Source: WZSetup.exe, 0000000B.00000003.2720490640.0000000000603000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/forecastd
Source: WZSetup.exe, 0000000B.00000002.2866818559.0000000000439000.00000004.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://localweatherfree.com/forecastlocation=mbyI8irfN4q97s8kd4MEd12WIa9ciwMwN%2FBu%2Fig%2BnNFPBE2t
Source: WZSetup.exe, 0000000B.00000003.2748979174.00000000005FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/forecastmR5L6R
Source: WZSetup.exe, 0000000B.00000002.2867245231.00000000005FE000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2865876045.00000000005FE000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2862906660.00000000005FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/hK
Source: WZSetup.exe, 0000000B.00000003.2748979174.00000000005FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localweatherfree.com/uK
Source: svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.icrosoftonl
Source: svchost.exe, 00000019.00000002.2963336761.000001E966A3A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2963681644.000001E966A73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ApproveSession.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ApproveSession.srf53457
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830919974.000001E966556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830919974.000001E966556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E96652C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
Source: svchost.exe, 00000019.00000002.2962565730.000001E966537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ListSessions.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageApprover.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ManageLoginKeys.srf
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2963681644.000001E966A73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/RST2.srf
Source: svchost.exe, 00000019.00000002.2961740299.000001E965CE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/RST2.srf(
Source: svchost.exe, 00000019.00000002.2961740299.000001E965CE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/RST2.srf0
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/RST2.srfA7826
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/didtou.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/getrealminfo.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/getuserrealm.srf
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 00000019.00000003.2830616607.000001E966527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srff
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830616607.000001E966527000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 00000019.00000003.2830616607.000001E966527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srfX
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E96652C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830919974.000001E966556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601suer
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
Source: svchost.exe, 00000019.00000003.2830452636.000001E96656B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
Source: svchost.exe, 00000019.00000003.2829266000.000001E96652C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfsuer
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960753429.000001E965C2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=806001
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830919974.000001E966556000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
Source: svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830255566.000001E966557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 00000019.00000003.2829419200.000001E96655A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E96652C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
Source: svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srfrf
Source: svchost.exe, 00000019.00000002.2961740299.000001E965CE5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 00000019.00000002.2962565730.000001E966537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/resetpw.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/retention.srf
Source: svchost.exe, 00000019.00000002.2963715401.000001E966A85000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2961555433.000001E965CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com:443/RST2.srf
Source: svchost.exe, 00000019.00000002.2962565730.000001E966537000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com:443/RST2.srfope
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
Source: svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
Source: svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsuer
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
Source: svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
Source: svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
Source: svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
Source: svchost.exe, 00000019.00000003.2830616607.000001E966527000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
Source: svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D51572000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000000E.00000003.2780486727.0000024D51522000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reasonlabs.com/policies
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/Y
Source: saBSI.exe	String found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FDE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727918904.0000000002FDF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 0000000A.00000003.2727821536.0000000005702000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2779666598.0000000005702000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F4D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2912884964.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonFB
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonFBC
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonGB
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPROCESS
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2On
Source: saBSI.exe, 0000000A.00000003.2803488101.00000000056F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2912884964.00000000056F8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.00000000056F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 0000000A.00000003.2912884964.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.000000000570D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlnload.mcafee.com
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binary
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F4D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exe
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exe7
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F4D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exeday
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exeexe
Source: saBSI.exe, 0000000A.00000003.2912884964.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.00000000056F0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F61000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 0000000A.00000003.2912884964.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.00000000056F0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 0000000A.00000003.2803488101.00000000056F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2912884964.00000000056F8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.00000000056F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 0000000A.00000003.2912884964.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.000000000570D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 0000000A.00000003.2912638220.0000000005746000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2912814964.0000000005730000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.0000000005746000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/saC
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/saLOCALA
Source: saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sadownload.mcafee.com:443/products/SA/v1/installer/4.1.1/990/64/installer.exehttps://sadownl
Source: wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exev
Source: svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signup.live.com/signup.aspx
Source: svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://signup.live.com/signup.aspxice
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.000000000090B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://static.download.it/gen/internet-explorer-7-100x100.png
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.000000000090B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://static.download.it/gen/internet-explorer-7-100x100.png3
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://static.download.it/gen/internet-explorer-7-100x100.pngba82621fbf0_ARCHITECTURE
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000088A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/en/license/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000088A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.360totalsecurity.com/en/privacy/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774067066.00000000053D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.__/?typ=1.
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.000000000090B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.__?typ=1xe.1
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-consumer-prod
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-consumer-produ
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-consumer-produc
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.000000000090B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.00000000008FC000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/p
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/pr
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.000000000090B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avast.com/privacy-policy
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/eula
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.avg.com/ww-en/privacyA
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000088A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ccleaner.com/about/privacy-policy
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreement
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2629616194.000000000537B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1726589343.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1724396806.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000000.1728303884.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.htD
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2773847809.000000000539F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2802770412.00000000053B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html089930eba82621fbf0KXm
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2773847809.000000000539F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlract
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlro.pngnt.net
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmls/969/WZSetup.zipR_At)
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlt
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.00000000008FC000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/en-us/pw
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.000000000090B000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000088A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000088A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/he/eula/computers
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.opera.com/he/privacy
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.0000000007566000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.0000000007566000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.c
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.00000000074AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservic
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.00000000074AD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservice
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.0000000007557000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.00000000008BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1089930
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1B.tmp-H
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.00000000008BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1B.tmpuK
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.000000000759F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/pr
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.0000000007591000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000088A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/privacy-policy3
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.000000000530F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.premieropinion.com/privacy-policyL
Source: internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1726589343.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1724396806.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000000.1728303884.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps

Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844

Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.26.92:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.9.108.35:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.200.239.173:443 -> 192.168.2.4:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.161.108.175:443 -> 192.168.2.4:49852 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Code function: 11_2_004054B6 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

11_2_004054B6

Source: wiertutil.dll.12.dr

Binary or memory string: DirectDrawCreateEx

memstr_a6b0f7d2-7

System Summary

Submitted sample is a known malware sample

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Dropped file: MD5: e346fcecd037f0be2777231949977587 Family: APT37 Alias: Reaper group, Geumseong121, Group 123, Scarcruft, APT-S-008, Red Eyes, TEMP.Reaper, Ricochet Chollima, sun team, APT37 Description: APT37 is a suspected North Korean cyber espionage group that has been in operation since at least 2012. Their targets are primarily located in South Korea, but also Japan, Vietnam, Russia, China, India, and some of the countries in the Middle East. A wider range of industries are affected, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare entities References: https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf https://securelist.com/operation-daybreak/75100/https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon

Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_0100334B NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	12_2_0100334B
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_0100377B OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,	12_2_0100377B
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_010033DB NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	12_2_010033DB

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_000F6220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,

10_2_000F6220

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		11_2_004033B3
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_0100377B OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,		12_2_0100377B

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp			Jump to behavior
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	File created: C:\Windows\ie7_main.log

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000F4F50	10_2_000F4F50
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000F8FB0	10_2_000F8FB0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000F70D9	10_2_000F70D9
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000FF110	10_2_000FF110
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001173B0	10_2_001173B0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0012D540	10_2_0012D540
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00131840	10_2_00131840
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00113AC0	10_2_00113AC0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00128190	10_2_00128190
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001383A0	10_2_001383A0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0012A540	10_2_0012A540
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000DA610	10_2_000DA610
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00178609	10_2_00178609
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00140660	10_2_00140660
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001347C0	10_2_001347C0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001328A0	10_2_001328A0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001868E0	10_2_001868E0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00160919	10_2_00160919
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00180992	10_2_00180992
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00180AB2	10_2_00180AB2
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000D2B00	10_2_000D2B00
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00160B4B	10_2_00160B4B
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00136D43	10_2_00136D43
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00160DB0	10_2_00160DB0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0015ADD0	10_2_0015ADD0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00108EA0	10_2_00108EA0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000DCF40	10_2_000DCF40
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0012F150	10_2_0012F150
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0011D2C0	10_2_0011D2C0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0016933A	10_2_0016933A
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0016B340	10_2_0016B340
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000D5400	10_2_000D5400
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001714AF	10_2_001714AF
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0013B4F0	10_2_0013B4F0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00137602	10_2_00137602
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000DF830	10_2_000DF830
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0017D8E0	10_2_0017D8E0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001639A4	10_2_001639A4
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00133A30	10_2_00133A30
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0010FB40	10_2_0010FB40
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00103C50	10_2_00103C50
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000FBCB0	10_2_000FBCB0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_000D7D10	10_2_000D7D10
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0012FFE0	10_2_0012FFE0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_0040727F	11_2_0040727F
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_00406AA8	11_2_00406AA8
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01004C6D	12_2_01004C6D
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01008C00	12_2_01008C00
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01008402	12_2_01008402
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01008845	12_2_01008845
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_0100804A	12_2_0100804A
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01004C6D	12_2_01004C6D
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_010079DF	12_2_010079DF
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01007CEF	12_2_01007CEF
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005AF05B	16_2_005AF05B
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_00511860	16_2_00511860
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_00512810	16_2_00512810
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005A101F	16_2_005A101F
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005A5560	16_2_005A5560
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005B150E	16_2_005B150E
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005AC9E8	16_2_005AC9E8
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005115B0	16_2_005115B0
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005115B5	16_2_005115B5
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_00513690	16_2_00513690
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_00511F60	16_2_00511F60
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005B13EE	16_2_005B13EE
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_00512FB0	16_2_00512FB0

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 00159600 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 001585BF appears 71 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 00158E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 00174231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 00158DFE appears 103 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 000E1BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 00158713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 0015A3A0 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: String function: 00118650 appears 192 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7560 -ip 7560

Source: internet-explorer-7_8xx5-B1.tmp.3.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.10.dr	Static PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 22992124 bytes, 135 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 845 datablocks, 0x1 compression
Source: wieakui.dll.mui.12.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: ieakui.dll.mui.12.dr	Static PE information: Resource name: RT_STRING type: COM executable for DOS
Source: wieframe.dll.mui.12.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: wieframe.dll.mui.12.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: ieframe.dll.mui.12.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: ieframe.dll.mui.12.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: wiexplore.exe.mui.12.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: iexplore.exe.mui.12.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary

Source: wieframe.dll.mui.12.dr	Static PE information: Resource name: RT_ACCELERATOR type: GLS_BINARY_LSB_FIRST
Source: wieframe.dll.mui.12.dr	Static PE information: Resource name: RT_ACCELERATOR type: GLS_BINARY_LSB_FIRST
Source: ieframe.dll.mui.12.dr	Static PE information: Resource name: RT_ACCELERATOR type: GLS_BINARY_LSB_FIRST
Source: ieframe.dll.mui.12.dr	Static PE information: Resource name: RT_ACCELERATOR type: GLS_BINARY_LSB_FIRST
Source: wiexplore.exe.mui.12.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: iexplore.exe.mui.12.dr	Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary

Source: wiedkcs32.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: ieakui.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: msfeedsbs.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: advpack.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: iexplore.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: wieframe.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wwinfxdocobj.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: ieaksie.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: ieui.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: icardie.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: iernonce.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wextmgr.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: iedkcs32.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wicardie.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wiepeers.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: urlmon.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wieunatt.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: wurlmon.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wiernonce.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: mshtmler.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wieui.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: mshtml.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wieaksie.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: webcheck.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: ieakeng.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wininet.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: ie4uinit.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: wieakeng.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wwininet.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wmshtml.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: woccache.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: whmmapi.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wadmparse.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: iesetup.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wmshta.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: wmshtmler.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: ieunatt.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: winseng.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: mshta.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: hmmapi.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wmsrating.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: iepeers.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wwebcheck.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wie4uinit.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: ieframe.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: inseng.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wiesetup.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: occache.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: mshtmled.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: winfxdocobj.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: wadvpack.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: admparse.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wlicmgr10.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: extmgr.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: ieakui.dll.12.dr	Static PE information: No import functions for PE file found
Source: licmgr10.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wmshtmled.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wiedw.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: wiexplore.exe.mui.12.dr	Static PE information: No import functions for PE file found
Source: wieakui.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: wmsfeedsbs.dll.mui.12.dr	Static PE information: No import functions for PE file found
Source: msrating.dll.mui.12.dr	Static PE information: No import functions for PE file found

Source: installer.exe.10.dr

Static PE information: Data appended to the last section found

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Key value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon version

Jump to behavior

Source: ieakui.dll.mui.12.dr	Static PE information: Section .rsrc
Source: msfeedsbs.dll.mui.12.dr	Static PE information: Section .rsrc
Source: advpack.dll.mui.12.dr	Static PE information: Section .rsrc
Source: iexplore.exe.mui.12.dr	Static PE information: Section .rsrc
Source: ieaksie.dll.mui.12.dr	Static PE information: Section .rsrc
Source: ieui.dll.mui.12.dr	Static PE information: Section .rsrc
Source: icardie.dll.mui.12.dr	Static PE information: Section .rsrc
Source: iernonce.dll.mui.12.dr	Static PE information: Section .rsrc
Source: iedkcs32.dll.mui.12.dr	Static PE information: Section .rsrc
Source: urlmon.dll.mui.12.dr	Static PE information: Section .rsrc
Source: mshtmler.dll.mui.12.dr	Static PE information: Section .rsrc
Source: mshtml.dll.mui.12.dr	Static PE information: Section .rsrc
Source: webcheck.dll.mui.12.dr	Static PE information: Section .rsrc
Source: ieakeng.dll.mui.12.dr	Static PE information: Section .rsrc
Source: wininet.dll.mui.12.dr	Static PE information: Section .rsrc
Source: ie4uinit.exe.mui.12.dr	Static PE information: Section .rsrc
Source: iesetup.dll.mui.12.dr	Static PE information: Section .rsrc
Source: ieunatt.exe.mui.12.dr	Static PE information: Section .rsrc
Source: mshta.exe.mui.12.dr	Static PE information: Section .rsrc
Source: hmmapi.dll.mui.12.dr	Static PE information: Section .rsrc
Source: iepeers.dll.mui.12.dr	Static PE information: Section .rsrc
Source: ieframe.dll.mui.12.dr	Static PE information: Section .rsrc
Source: inseng.dll.mui.12.dr	Static PE information: Section .rsrc
Source: occache.dll.mui.12.dr	Static PE information: Section .rsrc
Source: mshtmled.dll.mui.12.dr	Static PE information: Section .rsrc
Source: winfxdocobj.exe.mui.12.dr	Static PE information: Section .rsrc
Source: admparse.dll.mui.12.dr	Static PE information: Section .rsrc
Source: extmgr.dll.mui.12.dr	Static PE information: Section .rsrc
Source: ieakui.dll.12.dr	Static PE information: Section .rsrc
Source: licmgr10.dll.mui.12.dr	Static PE information: Section .rsrc
Source: msrating.dll.mui.12.dr	Static PE information: Section .rsrc

Source: classification engine

Classification label: mal72.troj.evad.win@47/261@15/11

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Code function: 11_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

11_2_004033B3

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Code function: 11_2_00404766 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

11_2_00404766

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_000E4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

10_2_000E4C8E

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_000E5C1E CoCreateInstance,OleRun,

10_2_000E5C1E

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00105318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,

10_2_00105318

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

File created: C:\Program Files (x86)\WeatherZero

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7560
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\InternetExplorerInstaller
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\ServicePackOrHotfix
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Mutant created: \Sessions\1\BaseNamedObjects\Global\{909a0a8a-0a1e-480c-ac4c-0d932cdcb16b}Installer
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4208:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Mutant created: \Sessions\1\BaseNamedObjects\{909a0a8a-0a1e-480c-ac4c-0d932cdcb16b}Installer

Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe

File created: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp

Jump to behavior

Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: iesetup.exe	String found in binary or memory: %s---Starting update installation
Source: iesetup.exe	String found in binary or memory: %sUnable to configure installation files to run after reboot. Re-installation unsuccessful. (Error code: 0x%08x).
Source: iesetup.exe	String found in binary or memory: %sOperating System is Windows Vista or later, performing branding instead of full-install
Source: iesetup.exe	String found in binary or memory: alling Windows Internet Explorer required updates.../Installing Windows Internet Explorer updates...6Downloading updates for Windo
Source: iesetup.exe	String found in binary or memory: Preparing installation...4Running Microsoft Malicious Software Removal Tool.../Installing Windows Internet Explorer updates...8Ins

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe"
Source: unknown	Process created: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe "C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe"
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Process created: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp "C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp" /SL5="$2046E,1583588,832512,C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe"
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\Downloads\internet-explorer-7.exe "C:\Users\user\Downloads\internet-explorer-7.exe"
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.__/?typ=1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1908,i,11294617880260353184,3263670613156315574,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" install
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7560 -ip 7560
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 1200
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silent
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Process created: C:\b99fd08a604e45b5fc9f\update\iesetup.exe c:\b99fd08a604e45b5fc9f\update\iesetup.exe
Source: unknown	Process created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe"	Jump to behavior
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Process created: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp "C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp" /SL5="$2046E,1583588,832512,C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\Downloads\internet-explorer-7.exe "C:\Users\user\Downloads\internet-explorer-7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.__/?typ=1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" install	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe "C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silent	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Process created: C:\b99fd08a604e45b5fc9f\update\iesetup.exe c:\b99fd08a604e45b5fc9f\update\iesetup.exe	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1908,i,11294617880260353184,3263670613156315574,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7560 -ip 7560
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 1200
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: zipfldr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: clusapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: kernel.appcore.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: apphelp.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: aclayers.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: sfc.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: sfc_os.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: version.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: windows.storage.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: wldp.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: msasn1.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: cryptsp.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: rsaenh.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: cryptbase.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: gpapi.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: devrtl.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: spinf.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: drvstore.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: duser.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: uxtheme.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: xmllite.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: atlthunk.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: textshaping.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: kernel.appcore.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: textinputframework.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: coreuicomponents.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: coremessaging.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: ntmarta.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: coremessaging.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: wintypes.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: wintypes.dll
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gamestreamingext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msauserext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: tbs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptngc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptprov.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elscore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elstrans.dll

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: C:\Users\user\Downloads\internet-explorer-7.exe

File written: C:\b99fd08a604e45b5fc9f\occache.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Automated click: Run

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: update.pdbH source: iesetup.exe, 00000017.00000003.2829277286.0000000002971000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: update.pdb source: iesetup.exe, 00000017.00000003.2829277286.0000000002971000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: internet-explorer-7.exe, internet-explorer-7.exe, 0000000C.00000000.2743303768.0000000001002000.00000020.00000001.01000000.00000012.sdmp, internet-explorer-7.exe, 0000000C.00000002.2852794205.0000000001002000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: msfeedsbs.pdbH source: msfeedsbs.dll.12.dr
Source:	Binary string: shdocvw.pdbE source: wshdocvw.dll.12.dr
Source:	Binary string: ImgUtil.pdb source: wimgutil.dll.12.dr
Source:	Binary string: ie4uinit.pdb source: wie4uinit.exe.12.dr
Source:	Binary string: vbscript.pdb source: wvbscript.dll.12.dr
Source:	Binary string: ieencode.pdb source: ieencode.dll.12.dr
Source:	Binary string: tdc.pdbL source: internet-explorer-7.exe, 0000000C.00000002.2852880836.0000000002DA2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vbscript.pdbPoE source: wvbscript.dll.12.dr
Source:	Binary string: iertutil.pdb source: wiertutil.dll.12.dr
Source:	Binary string: ieencode.pdbL source: ieencode.dll.12.dr
Source:	Binary string: ieframe.pdb source: wieframe.dll.12.dr
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net35\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.11.dr
Source:	Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: updspapi.pdbH source: updspapi.dll.12.dr
Source:	Binary string: tdc.pdb@UATAUH source: tdc.ocx.12.dr
Source:	Binary string: // PDB: s:\ntc.obj.x86fre\inetcore\rss\msfeeds\objfre\i386\msfeeds.pdb source: msfeeds.mof.12.dr
Source:	Binary string: msrating.pdb source: wmsrating.dll.12.dr
Source:	Binary string: mstime.pdb source: mstime.dll.12.dr, wmstime.dll.12.dr
Source:	Binary string: tdc.pdb source: internet-explorer-7.exe, 0000000C.00000002.2852880836.0000000002DA2000.00000004.00000020.00020000.00000000.sdmp, tdc.ocx.12.dr
Source:	Binary string: iesetup.pdbH source: iesetup.exe, 00000017.00000003.2824995132.0000000002971000.00000004.00000020.00020000.00000000.sdmp, iesetup.exe, 00000017.00000002.2851271269.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000000.2821516844.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000003.2824283034.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, iesetup.exe.12.dr
Source:	Binary string: iesetup.pdb source: iesetup.exe, iesetup.exe, 00000017.00000003.2824995132.0000000002971000.00000004.00000020.00020000.00000000.sdmp, iesetup.exe, 00000017.00000002.2851271269.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000000.2821516844.00007FF72B0E1000.00000020.00000001.01000000.00000017.sdmp, iesetup.exe, 00000017.00000003.2824283034.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, wiesetup.dll.12.dr, iesetup.exe.12.dr
Source:	Binary string: msfeedsbs.pdb source: msfeedsbs.dll.12.dr
Source:	Binary string: shdocvw.pdb source: wshdocvw.dll.12.dr
Source:	Binary string: updspapi.pdb source: updspapi.dll.12.dr

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00122B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,

10_2_00122B30

Source: INetC.dll.11.dr	Static PE information: real checksum: 0x0 should be: 0xb6cc
Source: installer.exe.10.dr	Static PE information: real checksum: 0x16ce3c7 should be: 0x10ca17
Source: Helper.dll.5.dr	Static PE information: real checksum: 0x0 should be: 0x205ce6
Source: internet-explorer-7_8xx5-B1.tmp.3.dr	Static PE information: real checksum: 0x0 should be: 0x3128e9
Source: uninstall.exe.11.dr	Static PE information: real checksum: 0x60081f should be: 0x4fd62

Source: internet-explorer-7_8xx5-B1.exe.2.dr	Static PE information: section name: .didata
Source: internet-explorer-7_8xx5-B1.tmp.3.dr	Static PE information: section name: .didata
Source: saBSI.exe.5.dr	Static PE information: section name: .didat
Source: installer.exe.10.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Code function: 5_2_00190898 pushfd ; retf	5_2_0019089B
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Code function: 5_2_00190D6D push es; iretd	5_2_00190D6F
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Code function: 5_2_00191263 push 00000057h; retf	5_2_0019126B
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00158DDB push ecx; ret	10_2_00158DEE
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00187CFD push ecx; ret	10_2_00187D12
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Code function: 23_2_00007FF72B0EA9B9 push rsp; retf	23_2_00007FF72B0EA9C9

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 Blob

Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iesetup.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File created: C:\Users\user\Downloads\internet-explorer-7.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiexplore.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iepeers.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\update.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wadmparse.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieudinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wwininet.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\occache.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wadvpack.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wwebcheck.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wininet.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\spmsg.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iepeers.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wimgutil.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wshdocvw.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\licmgr10.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\occache.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\jscript.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\advpack.dll.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	File created: C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieencode.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\legitlibm.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshtmled.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmsfeedssync.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshtml.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshta.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\jsproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wlicmgr10.dll.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wcorpol.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iesetup.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\whtml.iec	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshtml.dll.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-PDPK8.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wextmgr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	File created: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\winfxdocobj.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wdxtmsft.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\corpol.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\inetcpl.cpl	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmsfeedsbs.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshta.exe.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	File created: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieframe.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieunatt.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieakeng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\browseui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshtmler.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\msfeedssync.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\custsat.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wtdc.ocx	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\inetcpl.cpl.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieframe.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieapfltr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\whmmapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\winetcpl.cpl.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\msfeedsbs.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wwinfxdocobj.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieaksie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\winseng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\inseng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\winetcpl.cpl	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\msfeedsbs.dll.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	File created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\installer.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieaksie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\woccache.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\pngfilt.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshtml.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wvgx.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshtml.tlb	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ie4uinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wextmgr.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iexplore.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmsfeeds.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\vbscript.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmsls31.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiernonce.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wurlmon.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wie4uinit.exe.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	File created: C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\dxtrans.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiedkcs32.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\url.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshtmler.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieakui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iernonce.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmsrating.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wicardie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiertutil.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\dxtmsft.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieakeng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\extmgr.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wwinfxdocobj.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\html.iec	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\shdocvw.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\idndl.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\webcheck.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmsfeedsbs.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\extmgr.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\woccache.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieakui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\advpack.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieudinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\winfxdocobj.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiesetup.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\msfeeds.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\imgutil.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\winseng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\icardie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshta.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\updspapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\vgx.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wie4uinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshtmled.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieencode.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ie4uinit.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshtmler.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\msrating.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iexplore.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wininet.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieapfltr.dat	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	File created: C:\Program Files (x86)\WeatherZero\WeatherZero.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieframe.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiedw.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\whmmapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wurlmon.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\webcheck.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiedw.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieakui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshtmled.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\hmmapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\icardie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieakeng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiexplore.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieapfltr.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmsrating.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe	File created: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\licmgr10.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iedkcs32.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wvbscript.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiesetup.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mstime.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wdxtrans.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieframe.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iertutil.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieunatt.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieakeng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\html.iec.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\tdc.ocx	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wlicmgr10.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiedkcs32.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wwebcheck.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieakui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wadmparse.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmstime.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\urlmon.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wshlwapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshta.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieaksie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iernonce.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\xmllitesetup.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\inseng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\urlmon.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\hmmapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshtmled.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\admparse.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wadvpack.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiernonce.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshtml.tlb	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\nlsdl.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\ieproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\admparse.dll.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\internet-explorer-7.exe (copy)	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiepeers.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wpngfilt.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\iedkcs32.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wicardie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wwininet.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wiepeers.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\msrating.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	File created: C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\WeatherZeroNSISPlugin.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wurl.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\iecustom.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\spupdsvc.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\update\iereseticons.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wmshtmler.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\mshtml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	File created: C:\Program Files (x86)\WeatherZero\uninstall.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\shlwapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wjscript.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\spuninst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\Helper.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wcustsat.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wieaksie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wbrowseui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\msls31.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\wjsproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\whtml.iec.mui	Jump to dropped file

Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\html.iec	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\whtml.iec	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\inetcpl.cpl	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	File created: C:\b99fd08a604e45b5fc9f\wow\winetcpl.cpl	Jump to dropped file

Source: C:\Users\user\Downloads\internet-explorer-7.exe

File created: c:\b99fd08a604e45b5fc9f\update\eula.rtf

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00110540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,

10_2_00110540

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\b99fd08a604e45b5fc9f\update\iesetup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT

Source: C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_000E4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

10_2_000E4C8E

Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iesetup.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\idndl.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\webcheck.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmsfeedsbs.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\extmgr.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiexplore.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iepeers.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\woccache.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\update.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieakui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\advpack.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieudinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\winfxdocobj.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\msfeeds.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiesetup.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wadmparse.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieudinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\imgutil.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\occache.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wadvpack.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wwebcheck.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\spmsg.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iepeers.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\winseng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\icardie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wimgutil.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\licmgr10.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshta.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\vgx.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\updspapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\occache.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wie4uinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\jscript.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshtmled.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\advpack.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieencode.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieencode.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshtmled.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\legitlibm.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ie4uinit.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshtmler.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmsfeedssync.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshtml.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshta.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\jsproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\msrating.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wlicmgr10.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iexplore.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieapfltr.dat	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WeatherZero\WeatherZero.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiedw.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wcorpol.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\whmmapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iesetup.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\whtml.iec	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\webcheck.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshtml.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiedw.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieakui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wextmgr.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\hmmapi.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshtmled.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\icardie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\winfxdocobj.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieakeng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wdxtmsft.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieapfltr.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiexplore.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmsrating.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\corpol.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\licmgr10.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\inetcpl.cpl	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iedkcs32.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmsfeedsbs.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wvbscript.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshta.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieunatt.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieakeng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiesetup.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wdxtrans.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mstime.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\browseui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\msfeedssync.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshtmler.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\custsat.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wtdc.ocx	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieunatt.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\tdc.ocx	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\inetcpl.cpl.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieakeng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\html.iec.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wlicmgr10.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiedkcs32.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wwebcheck.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmstime.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieakui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wadmparse.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieapfltr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\whmmapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\msfeedsbs.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\winetcpl.cpl.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieaksie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wwinfxdocobj.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\winseng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\inseng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshta.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieaksie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iernonce.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\winetcpl.cpl	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\xmllitesetup.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\inseng.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\msfeedsbs.dll.mui	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\installer.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\hmmapi.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieui.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshtmled.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieaksie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\admparse.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wadvpack.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\woccache.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\pngfilt.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshtml.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiernonce.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wvgx.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshtml.tlb	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\nlsdl.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\admparse.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshtml.tlb	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ie4uinit.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wpngfilt.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wextmgr.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiepeers.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iexplore.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iedkcs32.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wicardie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiepeers.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\msrating.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\WeatherZeroNSISPlugin.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wurl.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmsfeeds.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\vbscript.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmsls31.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\spupdsvc.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\iecustom.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiernonce.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\update\iereseticons.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshtmler.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wie4uinit.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\mshtml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WeatherZero\uninstall.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\spuninst.exe	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wjscript.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\Helper.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\dxtrans.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wiedkcs32.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\url.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmshtmler.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wcustsat.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieaksie.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wieakui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\iernonce.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wmsrating.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wicardie.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\dxtmsft.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wbrowseui.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\ieakeng.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\extmgr.dll.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\msls31.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wwinfxdocobj.exe.mui	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\html.iec	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\wjsproxy.dll	Jump to dropped file
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Dropped PE file which has not been started: C:\b99fd08a604e45b5fc9f\wow\whtml.iec.mui	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_10-84836

Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe

API coverage: 9.0 %

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp TID: 7640	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp TID: 7636	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 6936	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File Volume queried: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File Volume queried: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	11_2_00405A19
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_004065CE FindFirstFileA,FindClose,	11_2_004065CE
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	Code function: 11_2_004027AA FindFirstFileA,	11_2_004027AA
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01004433 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	12_2_01004433

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00142782 VirtualQuery,GetSystemInfo,

10_2_00142782

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.000000000535B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.00000000035DC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: "RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd
Source: svchost.exe, 00000019.00000002.2963336761.000001E966A56000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NXTVMWare
Source: saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWE
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.0000000000870000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.0000000000868000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000002.2867158513.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2866611067.00000000005B1000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2866492625.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2866492625.00000000005AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ,"VMware
Source: WZSetup.exe, 0000000B.00000003.2866611067.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000002.2867158513.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: svchost.exe, 00000019.00000002.2960753429.000001E965C2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: wget.exe, 00000002.00000002.1711351863.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Downloads\internet-explorer-7.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_001770B4 IsDebuggerPresent,OutputDebugStringW,

10_2_001770B4

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_000F5204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,

10_2_000F5204

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_000E4C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

10_2_000E4C8E

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00187BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

10_2_00187BC0

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00122B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,

10_2_00122B30

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0016E8FE mov eax, dword ptr fs:[00000030h]	10_2_0016E8FE
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00177C6A mov eax, dword ptr fs:[00000030h]	10_2_00177C6A
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00177CAE mov eax, dword ptr fs:[00000030h]	10_2_00177CAE
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00177CF2 mov eax, dword ptr fs:[00000030h]	10_2_00177CF2
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00177D23 mov eax, dword ptr fs:[00000030h]	10_2_00177D23
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005A9D02 mov eax, dword ptr fs:[00000030h]	16_2_005A9D02
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005A433F mov eax, dword ptr fs:[00000030h]	16_2_005A433F

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_000E463F GetProcessHeap,

10_2_000E463F

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00159018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00159018
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_001593F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_001593F2
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_0015D453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0015D453
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: 10_2_00159586 SetUnhandledExceptionFilter,	10_2_00159586
Source: C:\Users\user\Downloads\internet-explorer-7.exe	Code function: 12_2_01005E64 SetUnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_01005E64
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_0059D11E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_0059D11E
Source: C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	Code function: 16_2_005A2603 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_005A2603

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe "C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Users\user\Downloads\internet-explorer-7.exe "C:\Users\user\Downloads\internet-explorer-7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.__/?typ=1	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7560 -ip 7560
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 1200

Source: unknown

Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://dcr0eadbm64ph.cloudfront.net/idcvt99wxiqu.exe" > cmdline.out 2>&1

Source: C:\Users\user\Downloads\internet-explorer-7.exe

Code function: 12_2_01004C6D InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,CreateFileA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,CreateFileA,CreateFileA,InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateFileA,CreateEventA,CreateThread,CreateFileA,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,ExpandEnvironmentStringsA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,

12_2_01004C6D

Source: C:\Users\user\Downloads\internet-explorer-7.exe

Code function: 12_2_01003AC5 AllocateAndInitializeSid,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLengthSid,GetTokenInformation,GetLengthSid,

12_2_01003AC5

Source: wieframe.dll.12.dr	Binary or memory string: Shell_TrayWnd
Source: wshdocvw.dll.12.dr	Binary or memory string: Shell_TrayWndSHELLHOOK

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00159215 cpuid

10_2_00159215

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	10_2_001745DA
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_0017C907
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_0017C952
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_0017C9ED
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	10_2_0017CA80
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	10_2_0017CCE0
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	10_2_0017CE06
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoW,	10_2_0017CF0C
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	10_2_0017CFDB
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: GetLocaleInfoEx,	10_2_00157E28
Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	Code function: EnumSystemLocalesW,	10_2_00173F6D

Source: C:\Windows\SysWOW64\wget.exe	Queries volume information: C:\Users\user\Desktop\download VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\loader.gif VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\mainlogo.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\WebAdvisor.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\WeatherZero.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\finish.png VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Code function: 10_2_00174619 GetSystemTimeAsFileTime,

10_2_00174619

Source: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

11_2_004033B3

Source: C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Poisonivy

Source: Yara match

File source: Process Memory Space: iesetup.exe PID: 2516, type: MEMORYSTR

Remote Access Functionality

Yara detected Poisonivy

Source: Yara match

File source: Process Memory Space: iesetup.exe PID: 2516, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
1 Software	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 Input Capture	1 System Time Discovery	Remote Services	1 Archive Collected Data	11 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Input Capture	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	12 Process Injection	2 Obfuscated Files or Information	Security Account Manager	47 System Information Discovery	SMB/Windows Admin Shares	1 Clipboard Data	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Install Root Certificate	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	161 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	22 Masquerading	Cached Domain Credentials	3 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Virtualization/Sandbox Evasion	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	2 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	12 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll	0%	ReversingLabs
C:\Program Files (x86)\WeatherZero\WeatherZero.exe	0%	ReversingLabs
C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe	3%	ReversingLabs
C:\Program Files (x86)\WeatherZero\uninstall.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\Helper.dll	8%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\internet-explorer-7.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-PDPK8.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\INetC.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\WeatherZeroNSISPlugin.dll	3%	ReversingLabs
C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe	50%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\Downloads\internet-explorer-7.exe	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\admparse.dll	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\admparse.dll.mui	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\advpack.dll	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\advpack.dll.mui	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\browseui.dll	3%	ReversingLabs
C:\b99fd08a604e45b5fc9f\corpol.dll	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\custsat.dll	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\dxtmsft.dll	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\dxtrans.dll	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\extmgr.dll	0%	ReversingLabs
C:\b99fd08a604e45b5fc9f\extmgr.dll.mui	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.overture.com/d/search/p/iepanel/?Partner=ie5panel_asp&Keywords=	0%	Avira URL Cloud	safe
https://www.premieropinion.com/common/termsofservice-v1	0%	Avira URL Cloud	safe
http://search.msn.com.hk/previewx.aspx?q=	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/Y	0%	Avira URL Cloud	safe
https://d1e9165hyidvf5.cloudfront.net/f/	0%	Avira URL Cloud	safe
http://www.altavista.de/cgi-bin/query?q=	0%	Avira URL Cloud	safe
http://search.empas.com/search/all.html?en=utf8&q=	0%	Avira URL Cloud	safe
http://infoseek.go.com/Titles?col=WW&sv=IS&lk=ip-noframes&qt=	0%	Avira URL Cloud	safe
https://api.metwit.com/v2/weather/?location_lat=	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/	0%	Avira URL Cloud	safe
http://search.msn.com.my/previewx.aspx?q=	0%	Avira URL Cloud	safe
http://search.msn.dk/previewx.aspx?q=	0%	Avira URL Cloud	safe
http://search.msn.de/spresults.aspx?q=	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/sa/bsi/win/binary/	0%	Avira URL Cloud	safe
http://ie-search.findwhat.com/bin/templates/140/autosearch.asp?srch=~XXX~&mt=	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/en-us/policy/legal.htmlt	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exe7	0%	Avira URL Cloud	safe
http://search.msn.co.kr/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q=	0%	Avira URL Cloud	safe
http://www.swissguide.ch/search/ie5/locationsearch/default.asp?option=~XXX~&search=	0%	Avira URL Cloud	safe
https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipfXx	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml	0%	Avira URL Cloud	safe
https://login.icrosoftonl	0%	Avira URL Cloud	safe
https://shield.reasonsecurity.com/rsStubActivator.exev	0%	Avira URL Cloud	safe
http://search.dreamwiz.com/cgi-bin/irs.cgi?so=2&utf=1&q=	0%	Avira URL Cloud	safe
http://sm.aport.ru/scripts/template.dll?That=std&r=	0%	Avira URL Cloud	safe
https://www.mcafee.com/consumer/en-us/policy/legal.htmls/969/WZSetup.zipR_At)	0%	Avira URL Cloud	safe
http://search.sympatico.msn.ca/previewx.aspx?q=	0%	Avira URL Cloud	safe
https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/	0%	Avira URL Cloud	safe
https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/images/969/EN.png	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exeexe	0%	Avira URL Cloud	safe
http://www.switchboard.com/sb_ie4.htmSwitchboard	0%	Avira URL Cloud	safe
http://www.icra.org/pics/vocabularyv03/	0%	Avira URL Cloud	safe
http://kr.altavista.com/cgi-bin/query?q=	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/v1/bsi	0%	Avira URL Cloud	safe
http://search.t1msn.com.mx/spresults.aspx?q=	0%	Avira URL Cloud	safe
https://d1e9165hyidvf5.cloudfront.net/zbdini	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/sa/bsi/win/binary	0%	Avira URL Cloud	safe
https://www.premieropinion.	0%	Avira URL Cloud	safe
http://euroseek.com/system/search.cgi?mode=internet&string=	0%	Avira URL Cloud	safe
http://search.msn.fr/spresults.aspx?q=	0%	Avira URL Cloud	safe
http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeROC	0%	Avira URL Cloud	safe
http://dpxml.infospace.com/info/dog/webresults.htm?&qkw=	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/	0%	Avira URL Cloud	safe
http://search.msn.co.za/previewx.aspx?q=	0%	Avira URL Cloud	safe
https://home.mcafee.co	0%	Avira URL Cloud	safe
http://sm.aport.ru/scripts/template.dll?IniFilePath=ini%5Ctemplie4.ini&IrsBase=All%20World&UID=18%2E	0%	Avira URL Cloud	safe
http://auto.search.msn.com/response.asp?MT=	0%	Avira URL Cloud	safe
http://www.ubbi.com/resultados.asp?q=	0%	Avira URL Cloud	safe
https://sadownload.mcafee.com:443/products/SA/v1/installer/4.1.1/990/64/installer.exehttps://sadownl	0%	Avira URL Cloud	safe
https://d1e9165hyidvf5.cloudfront.net/o	0%	Avira URL Cloud	safe
http://sidesearch.lycos.com/?query=	0%	Avira URL Cloud	safe
http:///isapi/pstream3.dll/InternetCloseHandleInternetErrorDlgInternetSetOptionAInternetWriteFileInt	0%	Avira URL Cloud	safe
http://www.overture.com/d/search/?type=home&mkt=us&Keywords=	0%	Avira URL Cloud	safe
https://www.premieropinion.com/common/termsofservice-v1B.tmpuK	0%	Avira URL Cloud	safe
http://search.msn.co.uk/previewx.aspx?q=	0%	Avira URL Cloud	safe
http://www.DocURL.com/bar.htm	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
static.download.it	172.67.26.92	true	false	high
google.com	142.250.181.142	true	false	high
eu-api.openweathermap.org	141.95.99.79	true	false	high
dl.jalecdn.com	95.168.168.24	true	false	unknown
d1e9165hyidvf5.cloudfront.net	65.9.108.35	true	false	unknown
www.google.com	216.58.208.228	true	false	high
ip-api.com	208.95.112.1	true	false	high
mosaic-nova.apis.mcafee.com	54.200.239.173	true	false	unknown
localweatherfree.com	104.21.48.1	true	false	high
dcr0eadbm64ph.cloudfront.net	18.165.213.23	true	false	unknown
analytics.apis.mcafee.com	unknown	unknown	false	unknown
sadownload.mcafee.com	unknown	unknown	false	unknown
api.openweathermap.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/images/969/EN.png	false	Avira URL Cloud: safe	unknown
https://d1e9165hyidvf5.cloudfront.net/o	false	Avira URL Cloud: safe	unknown
http://ip-api.com/json/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.overture.com/d/search/p/iepanel/?Partner=ie5panel_asp&Keywords=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://search.msn.com.hk/previewx.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://d1e9165hyidvf5.cloudfront.net/f/	internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1721649277.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000002.2959558242.000000000227D000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1729844820.0000000003490000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003549000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2962567120.0000000002460000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2977981594.00000000035F1000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2970261031.0000000003511000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	false		high
https://api.metwit.com/v2/weather/?location_lat=	WeatherZero.exe.11.dr	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/	saBSI.exe, 0000000A.00000003.2727821536.0000000005702000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2779666598.0000000005702000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.msn.com/previewx.aspx?q=	wieframe.dll.12.dr	false		high
http://www.altavista.de/cgi-bin/query?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://localweatherfree.com/	WZSetup.exe, 0000000B.00000003.2866611067.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000003.2720490640.0000000000603000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000002.2867158513.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://infoseek.go.com/Titles?col=WW&sv=IS&lk=ip-noframes&qt=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://www.premieropinion.com/common/termsofservice-v1	internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.0000000007557000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.empas.com/search/all.html?en=utf8&q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/Y	saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.msn.dk/previewx.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/Prod.C:	svchost.exe, 0000000E.00000003.2780486727.0000024D515AF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://sadownload.mcafee.com/products/sa/bsi/win/binary/	saBSI.exe, 0000000A.00000003.2912884964.000000000570D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.000000000570D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.msn.com.my/previewx.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://search.msn.de/spresults.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://ie-search.findwhat.com/bin/templates/140/autosearch.asp?srch=~XXX~&mt=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://www.remobjects.com/ps	internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1726589343.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1724396806.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000000.1728303884.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false		high
https://www.mcafee.com/consumer/en-us/policy/legal.htmlt	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml	saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.innosetup.com/	internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1726589343.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.exe, 00000003.00000003.1724396806.00000000026E0000.00000004.00001000.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000000.1728303884.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdZaF300	svchost.exe, 00000019.00000002.2962945297.000001E966580000.00000004.00000020.00020000.00000000.sdmp	false		high
http://search.msn.com/spresults.aspx?q=	wieframe.dll.12.dr	false		high
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf	svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exe7	saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://Passport.NET/tb_	svchost.exe, 00000019.00000002.2961555433.000001E965CC8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 0000000E.00000003.2780486727.0000024D51572000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.swissguide.ch/search/ie5/locationsearch/default.asp?option=~XXX~&search=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://search.msn.co.kr/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://d1e9165hyidvf5.cloudfront.net/f/WeatherZero/files/969/WZSetup.zipfXx	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2773847809.000000000539F000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2802770412.00000000053B4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml	saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.icrosoftonl	svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://shield.reasonsecurity.com/rsStubActivator.exev	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008C5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ccleaner.com/legal/end-user-license-agreement	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812754454.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://search.dreamwiz.com/cgi-bin/irs.cgi?so=2&utf=1&q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsuer	svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://account.live.com/msangcwam	svchost.exe, 00000019.00000002.2962565730.000001E966537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829465487.000001E966552000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830255566.000001E966557000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2829266000.000001E966529000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.ver)	svchost.exe, 0000000E.00000002.2985148268.0000024D51600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2963089646.000001E966A00000.00000004.00000020.00020000.00000000.sdmp	false		high
http://passport.net/tb	svchost.exe, 00000019.00000002.2963681644.000001E966A73000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.opera.com/he/eula/computers	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000088A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sm.aport.ru/scripts/template.dll?That=std&r=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://nsis.sf.net/NSIS_Error	WZSetup.exe, WZSetup.exe, 0000000B.00000002.2866818559.000000000040A000.00000004.00000001.01000000.0000000E.sdmp, WZSetup.exe, 0000000B.00000003.2865837164.00000000029B1000.00000004.00000020.00020000.00000000.sdmp, WZSetup.exe, 0000000B.00000000.2659654815.000000000040A000.00000008.00000001.01000000.0000000E.sdmp	false		high
https://www.mcafee.com/consumer/en-us/policy/legal.htmls/969/WZSetup.zipR_At)	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.000000000090B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.sympatico.msn.ca/previewx.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r	saBSI.exe, 0000000A.00000000.2630287925.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, saBSI.exe, 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/	saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	svchost.exe, 00000019.00000002.2961740299.000001E965CE5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2962806380.000001E96655F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://search.seznam.cz/search.cgi?w=	wieframe.dll.12.dr	false		high
https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/990/64/installer.exeexe	saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://search.yahoo.com/search?p=	wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	false		high
http://kr.altavista.com/cgi-bin/query?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://www.switchboard.com/sb_ie4.htmSwitchboard	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://www.icra.org/pics/vocabularyv03/	wmsrating.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://search.t1msn.com.mx/spresults.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://d1e9165hyidvf5.cloudfront.net/zbdini	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://sadownload.mcafee.com/products/SA/v1/bsi	saBSI.exe, 0000000A.00000003.2803488101.00000000056F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2912884964.00000000056F8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.00000000056F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.premieropinion.	internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3043160061.0000000007566000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://freegeoip.net/json/	WeatherZero.exe.11.dr	false		high
https://sadownload.mcafee.com/products/sa/bsi/win/binary	saBSI.exe, 0000000A.00000003.2803488101.00000000056F4000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2912884964.00000000056F8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2962832215.00000000056F6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.avast.com/eula-avast-consumer-produ	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1840559055.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://euroseek.com/system/search.cgi?mode=internet&string=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://www.altavista.com/web/iepane?itag=ody&hl=off&fr=ieas&q=	wieframe.dll.12.dr	false		high
http://search.msn.fr/spresults.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://dpxml.infospace.com/info/dog/webresults.htm?&qkw=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	false		high
http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeROC	wget.exe, 00000002.00000002.1711421090.0000000001190000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://localweatherfree.com/forecastCgp8j6I3ZhW5WpkR5L6Rk%2FzVc6k%2BFp4%2BjTN02J%2FUAdGZPG7Wxex9a3h	WZSetup.exe, 0000000B.00000003.2720490640.0000000000603000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/	saBSI.exe, 0000000A.00000003.2779747486.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2727879308.0000000002FCC000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000003.2803530890.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 0000000A.00000002.2960705073.0000000002F6A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf	svchost.exe, 00000019.00000002.2960849461.000001E965C40000.00000004.00000020.00020000.00000000.sdmp	false		high
http://search.msn.co.za/previewx.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://home.mcafee.co	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf	svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	wget.exe, 00000002.00000002.1711421090.0000000001195000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3007496995.000000000510A000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2658944656.0000000005376000.00000004.00000020.00020000.00000000.sdmp, WeatherZeroService.exe.11.dr	false		high
http://sm.aport.ru/scripts/template.dll?IniFilePath=ini%5Ctemplie4.ini&IrsBase=All%20World&UID=18%2E	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://search.msn.com/results.asp?FORM=sCPN&RS=CHECKED&un=doc&v=1&q=	wieframe.dll.12.dr	false		high
https://login.microsoftonline.com/MSARST2.srf	svchost.exe, 00000019.00000003.2830220478.000001E96653B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2960954797.000001E965C5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830281643.000001E966540000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2830313914.000001E966563000.00000004.00000020.00020000.00000000.sdmp	false		high
http://auto.search.msn.com/response.asp?MT=	wieframe.dll.12.dr, iedkcs32.dll.mui.12.dr	false	Avira URL Cloud: safe	unknown
http://Passport.NET/STS	svchost.exe, 00000019.00000002.2962430353.000001E966531000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946412778.000001E966576000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.ubbi.com/resultados.asp?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://localweatherfree.com/Zero	WZSetup.exe, 0000000B.00000002.2867071869.0000000000558000.00000004.00000020.00020000.00000000.sdmp	false		high
https://reasonlabs.com/policies	internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.3010963078.00000000052F0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sadownload.mcafee.com:443/products/SA/v1/installer/4.1.1/990/64/installer.exehttps://sadownl	saBSI.exe, 0000000A.00000002.2960705073.0000000002F0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sidesearch.lycos.com/?query=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://a9.com/-/spec/opensearch/1.1/	wieframe.dll.12.dr	false		high
http:///isapi/pstream3.dll/InternetCloseHandleInternetErrorDlgInternetSetOptionAInternetWriteFileInt	iesetup.exe, 00000017.00000003.2829277286.0000000002971000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.overture.com/d/search/?type=home&mkt=us&Keywords=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
https://www.premieropinion.com/common/termsofservice-v1B.tmpuK	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.2774168091.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, internet-explorer-7_8xx5-B1.tmp, 00000005.00000002.2960487885.00000000008BC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://account.live.com/InlineSignup	svchost.exe, 00000019.00000002.2960753429.000001E965C2B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.w3.o	svchost.exe, 00000019.00000002.2961740299.000001E965D02000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.avast.com/pr	internet-explorer-7_8xx5-B1.tmp, 00000005.00000003.1812695637.00000000008F7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://search.msn.co.uk/previewx.aspx?q=	wieframe.dll.12.dr	false	Avira URL Cloud: safe	unknown
http://www.DocURL.com/bar.htm	wieframe.dll.12.dr	false	Avira URL Cloud: phishing	unknown
http://Passport.NET/tb	svchost.exe, 00000019.00000002.2962565730.000001E966537000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.2962260000.000001E966508000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946412778.000001E966576000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp	false		high
http://search.yahoo.com/bin/search?p=	wieframe.dll.12.dr	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	svchost.exe, 00000019.00000003.2946412778.000001E966576000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2946329277.000001E966574000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.2858493498.000001E966529000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.165.213.23	dcr0eadbm64ph.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
65.9.108.35	d1e9165hyidvf5.cloudfront.net	United States	16509	AMAZON-02US	false
104.21.48.1	localweatherfree.com	United States	13335	CLOUDFLARENETUS	false
54.200.239.173	mosaic-nova.apis.mcafee.com	United States	16509	AMAZON-02US	false
172.67.26.92	static.download.it	United States	13335	CLOUDFLARENETUS	false
95.168.168.24	dl.jalecdn.com	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
18.161.108.175	unknown	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.208.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572835
Start date and time:	2024-12-11 00:52:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.troj.evad.win@47/261@15/11
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 86% Number of executed functions: 106 Number of non-executed functions: 163

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 217.20.58.99, 192.229.221.95, 2.19.198.75, 23.32.238.139, 172.217.19.238, 64.233.162.84, 172.217.21.35, 172.217.17.46, 20.190.147.5, 20.190.147.0, 20.190.147.1, 20.190.177.84, 20.190.147.3, 20.190.147.2, 20.190.147.11, 20.190.177.22, 23.218.208.109, 20.109.210.53, 13.107.246.63
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, a866.dscd.akamai.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, e16604.g.akamaiedge.net, sadownload.mcafee.com.edgesuite.net, clients.l.google.com, prod.fs.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target iesetup.exe, PID 2516 because there are no executed function
Execution Graph export aborted for target internet-explorer-7_8xx5-B1.tmp, PID 7560 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe

Simulations

Behavior and APIs

Time	Type	Description
18:54:03	API Interceptor	7x Sleep call for process: internet-explorer-7_8xx5-B1.tmp modified
18:55:40	API Interceptor	2x Sleep call for process: svchost.exe modified

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	447488
Entropy (8bit):	6.049704714571602
Encrypted:	false
SSDEEP:	12288:Pf2wvmWyF2kVbFNCK9FGFMSvmEzBIyDInI:19yFpbfcFBIyDInI
MD5:	E346FCECD037F0BE2777231949977587
SHA1:	50E571B3AEA31DB3DF2610A1CA4DFC94612A2CC4
SHA-256:	EFD8CF9A3BC2AB4E15FA33D42771E18D78539759CBF30652DF4C43E6825CE5F0
SHA-512:	FFC183626899D1AD1806786BC95C4809AAB3947C78FBFDB38A01D312F2F679DC7DC82F8389074CBCC470D055982CFC370D482FF4D0B3B91532CA409B1FCA32A9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^W.........." ..0.............&.... ........... .......................@......y.....@.....................................O.......d.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...d...........................@..@.reloc....... ......................@..B........................H.......d...`...............X.............................................(......(8..."..(9.....(...."..(....&...(....&...(....F...(.......s......{...."..}......{...."..}....V.(......(......(.......}".....(....}%.....}#.....}$.....0..E........{"......YE................+..{$...o.....X.{#...j(.....Xr...ps....z....0...........{"......YE........R...R....{$.....~!...o......!.r...po....&..o....&.r...po....&.o.....1....o....&..o....&*..[o....&..{#...o....&..]o....&

C:\Program Files (x86)\WeatherZero\WeatherZero.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2876688
Entropy (8bit):	7.928270982940127
Encrypted:	false
SSDEEP:	49152:g6+PPRw4iT/VLUBIGR6KmgG5sMU+Fojk7DcPfKZOHUULruOdHqDOAfCFkw:6nq44Az8gB22jkXufKs0ULruMHcOAfCp
MD5:	7DC1C6AB3BF2DD1C825914F7F6F31B45
SHA1:	50DA5DF89A759DD1D6F123B98B8AA35298699B3B
SHA-256:	9B92A8F962D7F8FFC9A06BAFECAFF854D88999107641229B17B68D5532E6E17C
SHA-512:	695FFAC94223F5419229D84C5E46BACA22C9AC5C57E27B87CDE347A80F343926A529F9EA008390053F7306E8140D421FCBE7789D636B2E489C089F0CB7B7F752
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\WeatherZero\WeatherZero.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b..............0..D)..F......6c).. ....)...@.. ........................,.....c.,...@..................................b).O.....).\|C............+..Y....+......a).............................................. ............... ..H............text...<C).. ...D)................. ..`.rsrc...\|C....)..D...F).............@..@.reloc........+.......+.............@..B.................c).....H.......d_..H.......r........O(...........................................(.....~....-.r...p.....(....o....s.........~.....~............~......(....Vs....( ...t..........0..5........s!...}.....(......}.....s"...}.....{....(#...o$...(%...o&.....('......{...........s(...o)....{...........s(...o....{.....o+....{...........s,...o-...rE..ps.............s,...o/....{....o0....o1...&rO..ps.............s,...o/....{....o0....o1...&.{.....{....o2....{...........s,...o3....{.....

C:\Program Files (x86)\WeatherZero\WeatherZero.exe.config

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	200
Entropy (8bit):	4.747046586710027
Encrypted:	false
SSDEEP:	6:TMVBd1IGMfVKNS7VNQAofS7V2bofJuAW4QIm:TMHdGGsVOAzofLSJ93xm
MD5:	3F15E291A768459274F9B10338692974
SHA1:	F1BFC8F7525487B18E05B99C40249C7873C75E4F
SHA-256:	4C246E60C38399126CA36408BDA7E63BF43B9ECB18F9DAA6E224D36633DC0B69
SHA-512:	0CDA1129BD34EB72E4927782C3D9BDF3BE7B5E2FE92279E73DE068FC7E4BF4035323AEBB9578CDE8F7630248B47CC67A5EF64AF7B144621CAB10E86010BCF85B
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>..

C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3385616
Entropy (8bit):	7.769464020201907
Encrypted:	false
SSDEEP:	98304:EuOjRHrd1zBPC474Iz8pEeVJmUXyevkUL38/cSUJ9yElx7W91a8G8C:91VzF38/LUJ9yE37KGH
MD5:	2B149BA4C21C66D34F19214D5A8D3067
SHA1:	8E02148B86E4B0999E090667EF9B926A19B5CA7D
SHA-256:	95F0E021C978DDD88E2218A7467579255A5AE9552AF2508C4243A4ADEC52D2B8
SHA-512:	C626F89BC01FDB659F4EE2CF86BA978F04E4BF0DEC2624170C83C21D5AD29E20335566B1F7545D9BADC4E47CA2EA90535C4CB08B4AFA3457B72A5801053706D8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................^..........................................u...T.....T.D....,...T.....Rich..........................PE..L.....b.................&...4)..............@....@...........................3.......4...@...........................................2.0............P3..Y...`3.X,......8...........................@...@............@..(............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data....d'..0...X'.................@....rsrc...0.....2......h2.............@..@.reloc..X,...`3......"3.............@..B................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\WeatherZero\uninstall.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	320035
Entropy (8bit):	7.891495118554517
Encrypted:	false
SSDEEP:	6144:V1ssjvm3L1cBg+0FaZLqKxIyCMVr8ozzirUi:gsoL1c++0FCGKTCkpm
MD5:	44C6F7F2084D37AAD08C078A43F2E7BC
SHA1:	FBD6EB7B7BCADD6257CCB30FDC5344B895AFB5BA
SHA-256:	010D36593138E29B90EE5D344BA720369B9D21C20FDBDA93FC5A6C2AA1E46FA3
SHA-512:	A8806E66405B9AE160CB2F41332506659FAE3594CE6906B6B53153F4BC884A4ADA99532828F075E68C0886F9C4AF2A99879B7C4BDA8FC6CBC8FA519DE253B741
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG._...PG..PF.IPG._...PG.sw..PG..VA..PG.Rich.PG.........PE..L...<.Oa.................f...\|.......3............@.......................... ........`...@.................................D...........HD...........2_..Y...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8U...........~..............@....ndata...................................rsrc...HD.......F..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\WeatherZero\wz.ico

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
Category:	dropped
Size (bytes):	146222
Entropy (8bit):	6.2734588250494
Encrypted:	false
SSDEEP:	3072:I0GLQ/1t912mCTFpbEoAu6QRG38ulhJ/eSk91MjXYqMFgK1s2BylAvKirweQpeUB:IFE5Nli9Ux2K
MD5:	D1DE53F6C0818C7137207D5B6A95158F
SHA1:	64FEFD3B51375198E52D932E193AB3BC0790A60D
SHA-256:	6F8107DB61996754E700964B2716E055914D2ADF475BE8FDA12234B5B98DC4E4
SHA-512:	2F4A2E586A133173540768081A4CA681001CBF5E37B5F55140CF26F919898F0B4D2F83366B38E81E14DEAE6084A32F2E08B7165F7908D272358730B1B681EDD4
Malicious:	false
Reputation:	low
Preview:	...... ......................(.......00.............. ..........n...........h............. .(...~!..``.... ......)..@@.... .(B..N...00.... ..%..v... .... ......&........ .h....6..(... ...@.................................................................................................ssssssssssss...s...........17..0.............0...............8s...............0..............7q...............1..............7p...............1...............p...............1.w....w@.......0H.......wwwv.w.0wggvwvw.gww.ww.pxww.wwwwxww.xw.1(.......wRwwwr.p.x.............0.......q1......q.....wws0......0.....{{........q....s...70.....0....1..........q....s[.s.......0......07.......q......p........0...............q...............1..............#...............8...............p..............7....3ss77777777..................................................................................................................................(....... .................................................................

C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	211
Entropy (8bit):	5.091386203258507
Encrypted:	false
SSDEEP:	6:rtRpa+k2JM0RG0DKhSm0tRpbwZVjwOrADGq:ZRJk2JTDFnRxwrjhroZ
MD5:	37E71EED3D30534ADCB3C8A8F49DA410
SHA1:	BFE11A78365290BDD9779D012BF168C9464DB792
SHA-256:	FD6600C4577B1014B383B88A8C3885AD5E95537F693DF4A07EBB79AC3E5500E4
SHA-512:	19C04C6671BD6414EFC2B0798EB9C27A08FDC6C154C5E21FC762A673B3F16433DFF626677EAC50DF7E6884D3349FB82C815A3A41908A3CCA9E83EA68D4D0D736
Malicious:	false
Reputation:	low
Preview:	[ERR][20241210 20:45:50.096][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 476. Error 31..[ERR][20241210 20:46:18.238][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3073557452839115
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrY:KooCEYhgYEL0In
MD5:	76A5EAFC4BE2F47B4DC5F319A70695EF
SHA1:	6B19408BF94E0A994340882AAD5A55061CA0E6ED
SHA-256:	A85ADBB127132C11A5E0199B22601CDF1129F71336EB179C3AEAECB9E631386A
SHA-512:	66F17FB7E6CA0A512E652BAB7900A8FA28BE302D94D902D8F2FDF929E0B24A8A2F06340DEA6DA32E8AE70C1D26FC4E69E93E14D6B198EF67AD90649F809C81E4
Malicious:	false
Reputation:	low
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x43a9fdfe, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.42213027674469117
Encrypted:	false
SSDEEP:	1536:xSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:xaza/vMUM2Uvz7DO
MD5:	E8F375F046F746ACEEC9E8AE7A777761
SHA1:	516D829F4D9AEE51F999055F4028F6ECAB8C8B45
SHA-256:	8CFC3F78CA6C1CEF7CD32A8636FACAF33750AFA5419E8755D7160068C8D4A5A3
SHA-512:	F3BE0D941E4DB5E3CDCE52477259B05B730981C58F3C4A17D5EEC6FBD2BEDCBF13EB848E79B6458E1B7798D341CFD2983BFA16FB707BFE665E4338695734AEA5
Malicious:	false
Reputation:	low
Preview:	C...... .......A.......X\...;...{......................0.!..........{A.)7...\|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................7 .t)7...\|...................x".)7...\|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07568025751744088
Encrypted:	false
SSDEEP:	3:dDEYe7BlgCjn13a/R8TyvsYllcVO/lnlZMxZNQl:NEz7Bx53qa+0IOewk
MD5:	A4F12AA92F4AD92C7A4AEE67D80E4D9A
SHA1:	2965C58ACFC63BDF519FF12B5A0E78E86AD201EE
SHA-256:	BADB4F5191BE1EC8AB4F01F464DE2B99D2F1CE2F4FE0FC5E320D8366EC0CB0E0
SHA-512:	17547E8E4938299398B8A6D5A30F38D3076888A1E91EFB8EDC47F2C80C421178B901C78E6DB115DD0C189B449C3A778D376719AC54D86D23780BE3DAE14ACA39
Malicious:	false
Reputation:	low
Preview:	';.......................................;...{..)7...\|.......{A..............{A......{A..........{A].................x".)7...\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FB5.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Tue Dec 10 23:55:44 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	131588
Entropy (8bit):	2.2153505024428872
Encrypted:	false
SSDEEP:	768:7DVGmt9T2Wb9cKkkJqhs4L4g2af04m07iSBoMGkn:fhhkkis4L4g2af04m07ivPW
MD5:	86AA19604C0FF44346DB7476E6DEE96B
SHA1:	6C387ABEBB75C5D4499ACC41DA0C1BEF077C2CF6
SHA-256:	242F362AFF2DEA50E7AA00F4181CC7EED029DCEE2908FF0949D6797C9D907375
SHA-512:	48B0ED122CC795065DFA9E6715EDF12A02EAE96CE01D71EA74AFE88DF57B083FEE17AA8F28BC2DF07DB521BB681212EC9D5CC7641B975BA6B7D705A57FC58014
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .........Xg........................./..(............8...........n..........`.......8...........T............l..\...........\|:..........h<..............................................................................eJ.......=......GenuineIntel............T.............Xg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER63BD.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8486
Entropy (8bit):	3.7025844929858804
Encrypted:	false
SSDEEP:	192:R6l7wVeJP5w68ViU6Y4bv6ftTgmfJNpprh89btysfYvm:R6lXJRw68ViU6Yc6lTgmfJQtxfd
MD5:	DC5FC5438BCC6B7ADB886A6DDB75D326
SHA1:	6E6CB29667298638D913AF1D74049EB60DBAA0D9
SHA-256:	C46D078AA929FD7D618387D8962922D3396567801C73687BC3333205F7730D04
SHA-512:	1599454F598F3ECA40434C691DC91655D120D57600679E6F43A0514ABE51E65B5C326E13217213C03094821B6396732655AF527A8B20D4F6F4F06408BB3144EC
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER643B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4815
Entropy (8bit):	4.4793013732681235
Encrypted:	false
SSDEEP:	48:cvIwWl8zsKJg77aI9aVWpW8VY6Ym8M4JeXDuX/F1+q8rXuXFseyPBd:uIjfYI7Uk7V2JeXaX/SXuXmeyPBd
MD5:	A2028CB1A137BB2A673D86F72A4A1799
SHA1:	D6248489BBF280DCBBA30821495D73640DB07581
SHA-256:	B20032C4592C68C8D8B1D4EB94C79F06C72F2F53C2BA315C20F7586961EB363D
SHA-512:	B286D7A113EB40001BCAED17BFC9A400DCE60EBBEF6B756899F9B8F1B8592119B3E96FAD19B1B06A682058B3F9F0A9A4C4EE72FB13564E802C55DD9984143D37
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625858" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6449.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	91462
Entropy (8bit):	3.0457825968593055
Encrypted:	false
SSDEEP:	1536:9rOcvVlssU0zdyJyZoTU+jBFXTVpt7OscGHiN8:9rOcvVlssU0zdyJyZoTUEBFXTVpt7Osj
MD5:	AB880652D0DC7DD08721F9BEC15C258C
SHA1:	35AAF36EA2D9985DBF8C3DCB404A81D66A0662BA
SHA-256:	0BF32D10DC2B60F945FDF48C209BE49EC2E5D4166D054746F49B42DEEA1DF8AF
SHA-512:	126500E15BB039D4DDD3BD16CF5CD2969A2F5683B5451B51FBD0234E6ED2E0433B1321D0F7466499FB47D1165F5B65FF9576C525AE904DC87F3533CA009860B9
Malicious:	false
Reputation:	low
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER64E6.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.686976030733541
Encrypted:	false
SSDEEP:	96:TiZYW12TLjiY4oYOWdHCQYEZbIVtKiGIv43wH+o9Man5sMN+kIyo3:2ZD1vFopFyan5sMN+Tyo3
MD5:	3067EBCA43B5899D0C77CE9A9A66F0B8
SHA1:	5319F08A4F19DFC5D8A69EE3295F7E432A8FD488
SHA-256:	41B055D2D4804C6AFD2BC9294F56354A3D89ACCFFAFF1DC025FB2AF8E5CB4D08
SHA-512:	5FB94BE59851291BE9F5D8BA4DBCD85AA797FCA490BB32FBD86D3122073ABC5D6E8F725D06B4A9E2179B2E36DEADCB608E3158A3AFABB1240A4D5B72444A5B23
Malicious:	false
Reputation:	low
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\Helper.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2058752
Entropy (8bit):	6.610135572277166
Encrypted:	false
SSDEEP:	49152:FtDCT6XR9MsiubS8JDv6BzxllWR08G2rBqPnkvZ4yEuuk:FQW/DiubdJL6BzxlY08G2rBqPnkJ
MD5:	4EB0347E66FA465F602E52C03E5C0B4B
SHA1:	FDFEDB72614D10766565B7F12AB87F1FDCA3EA81
SHA-256:	C73E53CBB7B98FEAFE27CC7DE8FDAD51DF438E2235E91891461C5123888F73CC
SHA-512:	4C909A451059628119F92B2F0C8BCD67B31F63B57D5339B6CE8FD930BE5C9BAF261339FDD9DA820321BE497DF8889CE7594B7BFAADBAA43C694156651BF6C1FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........-..~..~..~.....~.....~....~......~.....~....~..~..~.....~.....~......~q....~q....~q.w~..~..~..~q....~Rich..~........................PE..L......b...........!.....d...J............................................................@......................... ..........T........A..........................4...p...............................@............................................text....c.......d.................. ..`.rdata..&I.......J...h..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\WeatherZero.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30586
Entropy (8bit):	7.919646221064304
Encrypted:	false
SSDEEP:	768:Fk7fJC9WjOI1DaGmnitN039DODp56Ys+9S/IUM+:FktpB4FiQ3qd9S/BN
MD5:	9AC6287111CB2B272561781786C46CDD
SHA1:	6B02F2307EC17D9325523AF1D27A6CB386C8F543
SHA-256:	AB99CDB7D798CB7B7D8517584D546AA4ED54ECA1B808DE6D076710C8A400C8C4
SHA-512:	F998A4E0CE14B3898A72E0B8A3F7154FC87D2070BADCFA98582E3B570CA83A562D5A0C95F999A4B396619DB42AB6269A2BAC47702597C5A2C37177441723D837
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...w.IDATx....]Wu.5....$...U....!...t.H"...#9.yI'...30H........$'a6...D..NwB...4.tB.$...'......0.d.z}W.+/-.3.[u.=....S..{X{.i.}....B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!D.1#.I....C.g.~.....1...3_r....OB.!..bJ...2k......;..~....q`.f..ov.B.!...!.w.....<..S..w.}?f.^\|..w.s.=o.i..M.!...&2.&...~..mt.a;`.>h.....o.}........n.u..?...B.!D-d.N2../...3g..5k.o...<.....s..7C.I....3f._I.!..B.B....n.i.......f...[..}.........;b...........k.Gg.{.....v...fa...^x_.B.!......dFFF0:....Uf.>...,<{..6..C........g.s.=.f.....;<<\|8.!..B.Z...$..../8~....h]o...8.Q./.../..?OB.!...cd.N....^j...;........N.....\|......B..`.....W.............1..#....C........ ..C...X.\|.U.....^...;.x...w../..;6.a....W-Z..$..B4.3t.mpg{{..6;.[.z.8...t..!3t....<Xg.....p....F.o.\|.+_y.y.>k..........=.IO.&....Y..a.c....k...[....{$.!....

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\WebAdvisor.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	48743
Entropy (8bit):	7.952703392311964
Encrypted:	false
SSDEEP:	768:RtwR1Dy4rQznr1GYfvLn6froelhVNSyCPtSOeVlTTqYueg:zwR1DybhPwhvSyClSOk/geg
MD5:	4CFFF8DC30D353CD3D215FD3A5DBAC24
SHA1:	0F4F73F0DDDC75F3506E026EF53C45C6FAFBC87E
SHA-256:	0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
SHA-512:	9D616F19C2496BE6E89B855C41BEFC0235E3CE949D2B2AE7719C823F10BE7FE0809BDDFD93E28735B36271083DD802AE349B3AB7B60179B269D4A18C6CEF4139
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx...eIu....(..Y31.}q....`...t....Z..8t;x3._@.3.0.{.E.".&.5.g.C..@..%.>r.5....B...O...^.*..s....{.7..{....r..+W...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(.n+.t.B.p.x.....^.?/....p,..7...{.P(...B.H...r.y..\|.....{l\tO.\|..<..P(....w......o..P(.<h...n[\tO..?......E...}...F.P83....<z.....W..7...w.....?..?.YW(.N.......?N[..E..A..z..[...'.$..'....8...?~.K.\|........[#.....6........;.......s.=...}.c...{.._..z....;w..........(../..n...?..??..?.........z.......~....[o.<.......x.).Z.(..s.N..Wb.....f....../.P8.\|.......?..#......2vO....F......@.\|..w7].\|..$..}?.L.Go...A.1..^...j...$.6....~..x...{..IwD`\|..?.....?...{..~~........).........`$.......tG....\|.n.2..........[..._....e.}.=..<........h.7\|?Kg....+

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\error.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2119
Entropy (8bit):	7.875991234163615
Encrypted:	false
SSDEEP:	48:FUjb7V7K5RzCMjHQ/JIofuSr/6FlzMUVq0Qsp8xns1QfkfhK:6bB7K51D2IofNWFlMUVqy8S1QfkhK
MD5:	3E0EF82A84C2729BB4DFD1D2C6559661
SHA1:	B5781871F581A16C2CFC5CDC86FB86FCBF191A58
SHA-256:	F61146882B17147067AEBDF4594C6CBAF93E1891500623567ED404F5FFCF94C2
SHA-512:	79316C50513B98C909144BD7F1A37119F52A0AA7A40A17E23C5F3E5510C5DDF523DF09ACBADBE9CCE240BD0A51DF4CBFD60F00537DF235BC50425291AE17E20A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[l.U..wN.(..4.$.%./.O.>hb....1.rQ4J.. $ .EEi...tU.J ^.Q$U.....I..\|h.!.#....Ha.....?.v.vggv.[[.K.........;.9c.......}.+.....0....9..k.0.....g..`...3....?..O..k.........W."w.....uu.Ue2K j.D.!_...9......]....A.#uFd..g...-.."..r....p.2....g......p+.......X..+...rL.Ne...:B.......i.....4,k.h.'....{3..\|.@.`..`_.....$...T..c......b.....G...'V.iL.j1..cU<..LLeQ..p..e..B.J1.I..N.N.....\)..h.j....!.....U.6..4...T.O.h....4:..i\`+..z..^Npu........G.#...n.....u~..'.;5H.....^e..Jr\cUU.P.wpt.....{........nt.'.U.... .&.O....F.E...%B..WP..*.f....c{.....t?.01j..#.6..u..=.....7.m......'P..gu!..uk.......94...Ka...Fz{...j.3.....K..>....D.+...;...........XJm....$.4....../....(.G.^.H<1...U}.B\|wLL........h...j.VI.E..jm._(-.+9N...H..;.... .mI..&.......4p./.x...s[...L..M...'(..n.5..d.j.I...J......0..,kk&.xS...._.......$..mskk.$....&..yb.M^3.........sd.M./..3.{u9..#k.

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\finish.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2228
Entropy (8bit):	7.889184193604226
Encrypted:	false
SSDEEP:	48:otXC9fCR/7nbbsHw3f6lkqUIfRihkj7FhMnZYYMHZuuI:PCRjn3sJ6qU4rj7Qno8uI
MD5:	C22FCE016D422F84213A414D01CEE6D7
SHA1:	84C2D4BAA1A2380E87013C0748B3F6B7553D3565
SHA-256:	26AAE139966F128AAC4185263E04DD8C7E65F42B3FDC81397EC80CC350E8BB12
SHA-512:	897834F5686A495D81EF7D5AFFCA09D83D58C9A008D018635CF3AA39C03E52266ABC764A501C107A95EB245590E2D931892F6C6925239A4C09C382590913515A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d...IIDATx^.[mh.E......4..T9cLjz-....RA.\..?.....b[..%........CQk.?.?...Q...3..?Z.#"m.5M...........>w.5...{.v..<p...........J.@..!..g.-.[.m}..b.-.R.i\..!...-.IeST6..8"..C..!......c.r.....+@...}.F-.{...i.{.....R..R...6>.O....P+....+RmK.u.A:.l.q..".,.<B-.......gORQ` n ..O?fi....r..aB.r.B.....u....j.e......A7...2..JH{.h..SQ.@....]lU^...R............ck..)[.T.....>`.s.....=...c.lM.?..&o./...<...7+a.L(k.{I..V.u....w..YX..e\|Q...}.....}Q..9._..fc.....V...D.....y/p..0ZBB.u~...M..\|.....?(.t..@IO.....R..m.9;.....S..b..@..JV..W..y<V......;..7.i....j.~B.%............p.s..f.@..!;.....mX..`n......,A.%.........T.Z......Lc.v.m...TY....,C..8y.rn....4...+.p...SA.CZ...2!..z.Vp..`2..B..sQK<....Z...t@....Aja.8..vD....p.=..R......^..............6...~.~LO...L.b.`...\+s.........]H.KaS%...x.....H(L].go.........2.u,.{..-...!i=,.....I3...........u.....%#.....l..G..........W...4.

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\internet-explorer-7.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29662072
Entropy (8bit):	7.9998174862194125
Encrypted:	true
SSDEEP:	393216:lk7fdwdiU/l3us6xz1wtmMbHAzobPUJGdHYBVm0lD3aLw1PuCtDdO13JhgLV9+yr:y7uiyeFt1sHAzAYiHYBMwIw1kV8G5x4
MD5:	AF5465B7E20FE89266A5B81BA1857BE1
SHA1:	1B9EF0777397B6781BBC27A90D4D9894F19ADEB1
SHA-256:	1050F2620A2646CA007A473953EE2E6CBA6F561CE88DF34A681E7680A4A6D032
SHA-512:	06B176C3B139EF2E05F4276F10C825ACAD5B4F5E923430569E9542CF8215E0F8862BAEA68BBA8257217AAF6CB5E40A6BD17337EA0D92D0CA3EBB435648732844
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K.....D..K..'....._.....J.....J..RichK..................PE..L.....B.................z..........EZ... ........... ..............................g............ ...................................................v..x%...........!............................................... ...............................text....y... ...z.................. ..`.data................~..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-4VL28.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	527389
Entropy (8bit):	7.995975187354872
Encrypted:	true
SSDEEP:	12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
MD5:	F68008B70822BD28C82D13A289DEB418
SHA1:	06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
SHA-256:	CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
SHA-512:	FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
Malicious:	false
Reputation:	low
Preview:	PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.lz..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k\|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..\|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.\|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......\|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.\|.....$....^.YR..R...<.`.....l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-GBGU4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30586
Entropy (8bit):	7.919646221064304
Encrypted:	false
SSDEEP:	768:Fk7fJC9WjOI1DaGmnitN039DODp56Ys+9S/IUM+:FktpB4FiQ3qd9S/BN
MD5:	9AC6287111CB2B272561781786C46CDD
SHA1:	6B02F2307EC17D9325523AF1D27A6CB386C8F543
SHA-256:	AB99CDB7D798CB7B7D8517584D546AA4ED54ECA1B808DE6D076710C8A400C8C4
SHA-512:	F998A4E0CE14B3898A72E0B8A3F7154FC87D2070BADCFA98582E3B570CA83A562D5A0C95F999A4B396619DB42AB6269A2BAC47702597C5A2C37177441723D837
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a...w.IDATx....]Wu.5....$...U....!...t.H"...#9.yI'...30H........$'a6...D..NwB...4.tB.$...'......0.d.z}W.+/-.3.[u.=....S..{X{.i.}....B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!D.1#.I....C.g.~.....1...3_r....OB.!..bJ...2k......;..~....q`.f..ov.B.!...!.w.....<..S..w.}?f.^\|..w.s.=o.i..M.!...&2.&...~..mt.a;`.>h.....o.}........n.u..?...B.!D-d.N2../...3g..5k.o...<.....s..7C.I....3f._I.!..B.B....n.i.......f...[..}.........;b...........k.Gg.{.....v...fa...^x_.B.!......dFFF0:....Uf.>...,<{..6..C........g.s.=.f.....;<<\|8.!..B.Z...$..../8~....h]o...8.Q./.../..?OB.!...cd.N....^j...;........N.....\|......B..`.....W.............1..#....C........ ..C...X.\|.U.....^...;.x...w../..;6.a....W-Z..$..B4.3t.mpg{{..6;.[.z.8...t..!3t....<Xg.....p....F.o.\|.+_y.y.>k..........=.IO.&....Y..a.c....k...[....{$.!....

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-N0EF1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16730
Entropy (8bit):	7.981239381412648
Encrypted:	false
SSDEEP:	384:1l6KCZCjMJjf9PtKYRPQUjP7Hpr6QKlHtPJ+52xO76z0UJn:1lGCgrtcy1AHtPJY0Oc/B
MD5:	11ECD80FB428E4778EF4C263ED7F067E
SHA1:	3346EE43C53E0A91E8480DCB74BAC5F1FEA8B71A
SHA-256:	EA6FAA1D91CC4AA8AE9363C9DBB49A3AC7470FA8BCE21DCADC65EA129224311C
SHA-512:	DB0ABC44957848A2FBD80D18B55E69E86B005583EF7FEA0299C3117A2C4D8145437B86FB70ED6C1ABD0686F010F6EA3F7D9EE1792E18B361BD68876F9625C933
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..@.IDATx....\.Y...}K-]..%uk.%y.-..a.....N.a.a`2.....&0a`H..=.....0.@.!$$..cb;..E.l....Z.....r.7.^.[....DY..O...U..N.....zU.=.f.;...D.Y"tF3.:.A. ......&.)%.)h.BjQ."[.......=......b1....w._..$.@B........ut#..'..qa.G.m.C..Va.e..u.UM......{.>..%..E..b.L.W.X.....g.T.q....+..&.....Q..+.L\...su..F.....B.....J.{T@.u...J.8)..U...W~l....g..C..w..j.~A..@Pj7..g<....kF..\|u...]..fW....-I.^..XG.Q...b..zs.6.."b.Fu..}.;......i.......Co..U.~.....Cm..t..E..Q"(.0\|.yj.F....j7;...Lu.Z..HS..H0.Ja45.^'.GT.#.D......25).P.}..o.`...y.q..O.wU.j.U._...._<.]!.2....c0.../\Ce.J.......v.n.N...a.$M.?.Hx0..O'.O$x{S.&c..)o..`y..C+.;:..Jt..xbK)..q.....\|{%.=.U...r....6...A.T%C._.<.?G..+...T.ZH.A]7b6...)n;....96.....W...i.:.4r..+.CD...F...\|........`.....bF..e8.....n.W.>..;.{.....xO.W..OJk^.....s.*..B."@....m)..G.^-C.E...tlV..WQd.^p..o.1....}..14j..8h..;..x.a.....U.=...t..?N.+..8...Iy.9

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-P0M4E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	6227973
Entropy (8bit):	7.999704627939555
Encrypted:	true
SSDEEP:	98304:ppxj2IwVGwxnd+P0fY8eHeM1euEuR+HW84l7mKN2Yjwov3I7qs4zLGGlFtSNNkoo:ppxZ7k00fxeHejFHW3l113I7d4zLGGTL
MD5:	7CC0288A2A8BBE014F9E344F3068C8F1
SHA1:	EB47D401AE30A308DD66BDCAFDE06CDD35E25C94
SHA-256:	200E9BC4FCF2C6682DDC8C7F172A0D02BEFECD25CA882F66C6ABC868A54B8975
SHA-512:	869F0A01EF0BCBBFC501C1786E14BFFEAA2DAAA00210C312874FC67A724C77EF61394BB5854B9A02AF654CD045C4D39AE30D73F1B4EC8AA9E531DFEEA1714476
Malicious:	false
Reputation:	low
Preview:	PK........v..U......_..._.....WZSetup.exe.}xT.7..+...{..F.....R4`.Ct..!X.&.....Bp.#......l6c9.zlk-.=.-..Z.....IP..Q.Bk.T.8Q..a.....g..y.{......?Np.^..Z.^..Zko=...Y8..".:...?7...u!................77......uk7m....-l.6.n.TX..Wx_....99YE)..z...q..p.].G.,^yt!K_}.#<..x...../?..t. .O..+p.".....%k.y..o.6ep..$...$.[...!L5.F.(.P.=._..%&....a.........@....pU....\|..\.....9.i..]<C.....Z......$..B.[3.a.Z...>.3...z=7..aT......R..O..glJU.......S...u.3..7\%.-_...?#......F..W.M.^,.o..I9rU.S.68.S..^]r.C..z...n.>..q>.:{&..s./+Z.".v.S.GT.3..6....:aM.m....r)......FS...h..c......z....(.F..........S_G.Z,..;.P...-8-...{.........'.q..Y..B....C.....t)O?&....I.w....r].....U..m.....2.:.>'..)hv<..E..oY......:;.H@?aL8X.z..,....v..@9..x2P...w..i....'.......#..G.......l.:`..D.c.]....q....CT..0.U.P.,Z.$&...(..%.Cba.9.sJ..;%....J.Q.m.....]..<`..Vk.X./7.Q.:..Pr.r&.x..B....Y...8...yJ....Q...........gRy.GV.T...II.4m(..-.0<.3.6<.H$]6..v7.R...:`..aN<#7%91C^lw'>V

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-PDPK8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29662072
Entropy (8bit):	7.9998174862194125
Encrypted:	true
SSDEEP:	393216:lk7fdwdiU/l3us6xz1wtmMbHAzobPUJGdHYBVm0lD3aLw1PuCtDdO13JhgLV9+yr:y7uiyeFt1sHAzAYiHYBMwIw1kV8G5x4
MD5:	AF5465B7E20FE89266A5B81BA1857BE1
SHA1:	1B9EF0777397B6781BBC27A90D4D9894F19ADEB1
SHA-256:	1050F2620A2646CA007A473953EE2E6CBA6F561CE88DF34A681E7680A4A6D032
SHA-512:	06B176C3B139EF2E05F4276F10C825ACAD5B4F5E923430569E9542CF8215E0F8862BAEA68BBA8257217AAF6CB5E40A6BD17337EA0D92D0CA3EBB435648732844
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K.....D..K..'....._.....J.....J..RichK..................PE..L.....B.................z..........EZ... ........... ..............................g............ ...................................................v..x%...........!............................................... ...............................text....y... ...z.................. ..`.data................~..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\is-POR1B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	48743
Entropy (8bit):	7.952703392311964
Encrypted:	false
SSDEEP:	768:RtwR1Dy4rQznr1GYfvLn6froelhVNSyCPtSOeVlTTqYueg:zwR1DybhPwhvSyClSOk/geg
MD5:	4CFFF8DC30D353CD3D215FD3A5DBAC24
SHA1:	0F4F73F0DDDC75F3506E026EF53C45C6FAFBC87E
SHA-256:	0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
SHA-512:	9D616F19C2496BE6E89B855C41BEFC0235E3CE949D2B2AE7719C823F10BE7FE0809BDDFD93E28735B36271083DD802AE349B3AB7B60179B269D4A18C6CEF4139
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx...eIu....(..Y31.}q....`...t....Z..8t;x3._@.3.0.{.E.".&.5.g.C..@..%.>r.5....B...O...^.*..s....{.7..{....r..+W...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(.n+.t.B.p.x.....^.?/....p,..7...{.P(...B.H...r.y..\|.....{l\tO.\|..<..P(....w......o..P(.<h...n[\tO..?......E...}...F.P83....<z.....W..7...w.....?..?.YW(.N.......?N[..E..A..z..[...'.$..'....8...?~.K.\|........[#.....6........;.......s.=...}.c...{.._..z....;w..........(../..n...?..??..?.........z.......~....[o.<.......x.).Z.(..s.N..Wb.....f....../.P8.\|.......?..#......2vO....F......@.\|..w7].\|..$..}?.L.Go...A.1..^...j...$.6....~..x...{..IwD`\|..?.....?...{..~~........).........`$.......tG....\|.n.2..........[..._....e.}.=..<........h.7\|?Kg....+

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\loader.gif

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	GIF image data, version 89a, 220 x 19
Category:	dropped
Size (bytes):	10819
Entropy (8bit):	7.880417994044762
Encrypted:	false
SSDEEP:	192:a1/Yx3h/7fCa68MSQ0MF5yRKCv86/xnehvaJx/mXxqeQucMaLKGo4iWuj0:o/y/zF71MFkkC06/xnavcEcZKGhko
MD5:	12D7FD91A06CEE2D0E76ABE0485036EE
SHA1:	2BF1F86CC5F66401876D4E0E68AF8181DA9366AC
SHA-256:	A6192B9A3FA5DB9917AEF72D651B7AD8FD8CCB9B53F3AD99D7C46701D00C78CB
SHA-512:	17AB033D3518BD6D567F7185A3F1185410669062D5EC0A0B046A3A9E8A82EE8F8ADB90B806542C5892FC1C01DD3397EA485EBC86E4D398F754C40DAF3C333EDB
Malicious:	false
Reputation:	low
Preview:	GIF89a....................................................................................................!.......!.#................1...................!..NETSCAPE2.0.....,........... .di.h..l.p,.tm.x..\|....pH.....r.l:..tJ.Z..v:.......(....z.......H....x.h..h\|{~.z..x.k.w..u.ys.............t`f.^+]d................dpn..........p.............................,.................................;x/!A....{.....N....F...}\...H....\....:....YE.....r..0...V8w........<:...G...T..U.>...Z.r..jW.+..X.A.-ZpSY.K..vpg.;.n^.....w/_....E\8.`.q..&.Y.]....Y.b.-.E.B-...,.,Jk....;....u...]....,.e...\|7..y...\........s_W.t..-.m.........`.......~~z..../......v_].x..x.p..f.1....v.o.N.Z..bH...I.!..YX.......?.8...Yh...A..o.5U.S.t.a..).cs;.h\.8.x.TBGc...i......L..&.P.......^...a.W&~`JI..bn.Xo^..Wh....`4.....F.}>.'..N.gj....g...h.+....H:...M.........j.].........j.'...!.......,........... .di.h..l.p,.tm.x..\|....pH.....r.l:..tJ.Z..v:.......(.6..

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\mainlogo.png (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16730
Entropy (8bit):	7.981239381412648
Encrypted:	false
SSDEEP:	384:1l6KCZCjMJjf9PtKYRPQUjP7Hpr6QKlHtPJ+52xO76z0UJn:1lGCgrtcy1AHtPJY0Oc/B
MD5:	11ECD80FB428E4778EF4C263ED7F067E
SHA1:	3346EE43C53E0A91E8480DCB74BAC5F1FEA8B71A
SHA-256:	EA6FAA1D91CC4AA8AE9363C9DBB49A3AC7470FA8BCE21DCADC65EA129224311C
SHA-512:	DB0ABC44957848A2FBD80D18B55E69E86B005583EF7FEA0299C3117A2C4D8145437B86FB70ED6C1ABD0686F010F6EA3F7D9EE1792E18B361BD68876F9625C933
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..@.IDATx....\.Y...}K-]..%uk.%y.-..a.....N.a.a`2.....&0a`H..=.....0.@.!$$..cb;..E.l....Z.....r.7.^.[....DY..O...U..N.....zU.=.f.;...D.Y"tF3.:.A. ......&.)%.)h.BjQ."[.......=......b1....w._..$.@B........ut#..'..qa.G.m.C..Va.e..u.UM......{.>..%..E..b.L.W.X.....g.T.q....+..&.....Q..+.L\...su..F.....B.....J.{T@.u...J.8)..U...W~l....g..C..w..j.~A..@Pj7..g<....kF..\|u...]..fW....-I.^..XG.Q...b..zs.6.."b.Fu..}.;......i.......Co..U.~.....Cm..t..E..Q"(.0\|.yj.F....j7;...Lu.Z..HS..H0.Ja45.^'.GT.#.D......25).P.}..o.`...y.q..O.wU.j.U._...._<.]!.2....c0.../\Ce.J.......v.n.N...a.$M.?.Hx0..O'.O$x{S.&c..)o..`y..C+.;:..Jt..xbK)..q.....\|{%.=.U...r....6...A.T%C._.<.?G..+...T.ZH.A]7b6...)n;....96.....W...i.:.4r..+.CD...F...\|........`.....bF..e8.....n.W.>..;.{.....xO.W..OJk^.....s.*..B."@....m)..G.^-C.E...tlV..WQd.^p..o.1....}..14j..8h..;..x.a.....U.=...t..?N.+..8...Iy.9

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0 (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	527389
Entropy (8bit):	7.995975187354872
Encrypted:	true
SSDEEP:	12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
MD5:	F68008B70822BD28C82D13A289DEB418
SHA1:	06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
SHA-256:	CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
SHA-512:	FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
Malicious:	false
Reputation:	low
Preview:	PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.lz..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k\|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..\|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.\|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......\|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.\|.....$....^.YR..R...<.`.....l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0.zip (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	527389
Entropy (8bit):	7.995975187354872
Encrypted:	true
SSDEEP:	12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
MD5:	F68008B70822BD28C82D13A289DEB418
SHA1:	06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
SHA-256:	CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
SHA-512:	FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
Malicious:	false
Reputation:	low
Preview:	PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.lz..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k\|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..\|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.\|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......\|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.\|.....$....^.YR..R...<.`.....l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\installer.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1048576
Entropy (8bit):	7.674962853489101
Encrypted:	false
SSDEEP:	24576:9K+VKKjd4lNjAtySlZ8iFHeU0nQvGlSSQgrPbbWG:9K+4KZWlcWiFHeHQvs9PKG
MD5:	3EC20929591AAC6A6C58CB8AE62C82DF
SHA1:	B2F382A234CA73069968A3A2956F0CFBD629A016
SHA-256:	61C07ADC912BE48F463A78D61C7BC3CE76E7748594517DA03267AB386CD3A6E4
SHA-512:	8E36E9CADDFA46768897F4BAD2DD65F746EFB7B413C57EEC1A5546B52164E17DC5569CF0DB032C07E3D4A0ED5943FCA271EF433DB0833FE856B27A7564BA3589
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d...^2.f.........."...........e................@..............................i.......l...`..................................................$..(.......l.c.....\|2...vi..W....i.....p...p.......................(.......8...............p...."..`....................text............................... ..`.rdata..V...........................@..@.data....1...@......................@....pdata..\|2.......4...6..............@..@_RDATA...............j..............@..@.rsrc...l.c.......c..l..............@..@.reloc........i......ji.............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1184128
Entropy (8bit):	6.623147525519113
Encrypted:	false
SSDEEP:	24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
MD5:	143255618462A577DE27286A272584E1
SHA1:	EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
SHA-256:	F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
SHA-512:	C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1 (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	6227973
Entropy (8bit):	7.999704627939555
Encrypted:	true
SSDEEP:	98304:ppxj2IwVGwxnd+P0fY8eHeM1euEuR+HW84l7mKN2Yjwov3I7qs4zLGGlFtSNNkoo:ppxZ7k00fxeHejFHW3l113I7d4zLGGTL
MD5:	7CC0288A2A8BBE014F9E344F3068C8F1
SHA1:	EB47D401AE30A308DD66BDCAFDE06CDD35E25C94
SHA-256:	200E9BC4FCF2C6682DDC8C7F172A0D02BEFECD25CA882F66C6ABC868A54B8975
SHA-512:	869F0A01EF0BCBBFC501C1786E14BFFEAA2DAAA00210C312874FC67A724C77EF61394BB5854B9A02AF654CD045C4D39AE30D73F1B4EC8AA9E531DFEEA1714476
Malicious:	false
Reputation:	low
Preview:	PK........v..U......_..._.....WZSetup.exe.}xT.7..+...{..F.....R4`.Ct..!X.&.....Bp.#......l6c9.zlk-.=.-..Z.....IP..Q.Bk.T.8Q..a.....g..y.{......?Np.^..Z.^..Zko=...Y8..".:...?7...u!................77......uk7m....-l.6.n.TX..Wx_....99YE)..z...q..p.].G.,^yt!K_}.#<..x...../?..t. .O..+p.".....%k.y..o.6ep..$...$.[...!L5.F.(.P.=._..%&....a.........@....pU....\|..\.....9.i..]<C.....Z......$..B.[3.a.Z...>.3...z=7..aT......R..O..glJU.......S...u.3..7\%.-_...?#......F..W.M.^,.o..I9rU.S.68.S..^]r.C..z...n.>..q>.:{&..s./+Z.".v.S.GT.3..6....:aM.m....r)......FS...h..c......z....(.F..........S_G.Z,..;.P...-8-...{.........'.q..Y..B....C.....t)O?&....I.w....r].....U..m.....2.:.>'..)hv<..E..oY......:;.H@?aL8X.z..,....v..@9..x2P...w..i....'.......#..G.......l.:`..D.c.]....q....CT..0.U.P.,Z.$&...(..%.Cba.9.sJ..;%....J.Q.m.....]..<`..Vk.X./7.Q.:..Pr.r&.x..B....Y...8...yJ....Q...........gRy.GV.T...II.4m(..-.0<.3.6<.H$]6..v7.R...:`..aN<#7%91C^lw'>V

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1.zip (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	6227973
Entropy (8bit):	7.999704627939555
Encrypted:	true
SSDEEP:	98304:ppxj2IwVGwxnd+P0fY8eHeM1euEuR+HW84l7mKN2Yjwov3I7qs4zLGGlFtSNNkoo:ppxZ7k00fxeHejFHW3l113I7d4zLGGTL
MD5:	7CC0288A2A8BBE014F9E344F3068C8F1
SHA1:	EB47D401AE30A308DD66BDCAFDE06CDD35E25C94
SHA-256:	200E9BC4FCF2C6682DDC8C7F172A0D02BEFECD25CA882F66C6ABC868A54B8975
SHA-512:	869F0A01EF0BCBBFC501C1786E14BFFEAA2DAAA00210C312874FC67A724C77EF61394BB5854B9A02AF654CD045C4D39AE30D73F1B4EC8AA9E531DFEEA1714476
Malicious:	false
Reputation:	low
Preview:	PK........v..U......_..._.....WZSetup.exe.}xT.7..+...{..F.....R4`.Ct..!X.&.....Bp.#......l6c9.zlk-.=.-..Z.....IP..Q.Bk.T.8Q..a.....g..y.{......?Np.^..Z.^..Zko=...Y8..".:...?7...u!................77......uk7m....-l.6.n.TX..Wx_....99YE)..z...q..p.].G.,^yt!K_}.#<..x...../?..t. .O..+p.".....%k.y..o.6ep..$...$.[...!L5.F.(.P.=._..%&....a.........@....pU....\|..\.....9.i..]<C.....Z......$..B.[3.a.Z...>.3...z=7..aT......R..O..glJU.......S...u.3..7\%.-_...?#......F..W.M.^,.o..I9rU.S.68.S..^]r.C..z...n.>..q>.:{&..s./+Z.".v.S.GT.3..6....:aM.m....r)......FS...h..c......z....(.F..........S_G.Z,..;.P...-8-...{.........'.q..Y..B....C.....t)O?&....I.w....r].....U..m.....2.:.>'..)hv<..E..oY......:;.H@?aL8X.z..,....v..@9..x2P...w..i....'.......#..G.......l.:`..D.c.]....q....CT..0.U.P.,Z.$&...(..%.Cba.9.sJ..;%....J.Q.m.....]..<`..Vk.X./7.Q.:..Pr.r&.x..B....Y...8...yJ....Q...........gRy.GV.T...II.4m(..-.0<.3.6<.H$]6..v7.R...:`..aN<#7%91C^lw'>V

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	6261520
Entropy (8bit):	7.998950113701314
Encrypted:	true
SSDEEP:	98304:O/KXgWUBu+NlRk9OfK2GTyYX+eyaB135PSuXTm0LuM74eL3o1+ykb5io5dtWx9eJ:O/KXNs6OfxGTyHwnXZB3o1jkb5ioPtE2
MD5:	3C17F28CC001F6652377D3B5DEEC10F0
SHA1:	EEB13CF47836FF0A0D5CC380618F33E7818F9D75
SHA-256:	FA352552306B80F3F897F8F21D8579AE642C97D12298E113AE1ADC03902C69B8
SHA-512:	240B31F29D439C09A56D3BF8D4A3EA14F75C2286E209E7DF3F4FF301BFA3AD8228D7BEBE01ACEA6F2F702A0BA7ECDB5583B97372725C77EF497E749740F644B3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG._...PG..PF.IPG._...PG.sw..PG..VA..PG.Rich.PG.........PE..L...<.Oa.................f...\|.......3............@.......................... ........`...@.................................D...........HD...........2_..Y...........................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...8U...........~..............@....ndata...................................rsrc...HD.......F..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Download File

Process:	C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3199488
Entropy (8bit):	6.32507380865548
Encrypted:	false
SSDEEP:	49152:2WGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbQ333TY:6tLutqgwh4NYxtJpkxhGj333T
MD5:	02B1D8FF84BCD4EBCB01156636269B99
SHA1:	15BA86430B90264DA7D9F2C05BE57C56640D4BA9
SHA-256:	A6497DDDDD577CAEFE5A39958A604F9EE4BFE93E9DA285B147BA6FC6788E75CA
SHA-512:	640227915B78FB8E0FD8E6A6CA883E4ED4E3FA45524FCA5A9344C067840B3FC11C7B98FD05351EABAEE3D4AFA21711DC0999175CBC154D13B02135706EF5B47A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,.....&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\INetC.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.666921368237103
Encrypted:	false
SSDEEP:	384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i
MD5:	2B342079303895C50AF8040A91F30F71
SHA1:	B11335E1CB8356D9C337CB89FE81D669A69DE17E
SHA-256:	2D5D89025911E2E273F90F393624BE4819641DBEE1606DE792362E442E54612F
SHA-512:	550452DADC86ECD205F40668894116790A456FE46E9985D68093D36CF32ABF00EDECB5C56FF0287464A0E819DB7B3CC53926037A116DE6C651332A7CC8035D47
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9<.EXR.EXR.EXR.b.).LXR.EXS..XR.b. .FXR.b.(.DXR.b...DXR.b.*.DXR.RichEXR.................PE..L....T.[...........!.....8...P......I?.......P...................................................................... G..l....?..d.......(...............................................................................P............................text....7.......8.................. ..`.data....<...P.......<..............@....rsrc...(............D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf23B6.tmp\WeatherZeroNSISPlugin.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	711952
Entropy (8bit):	6.021498979818168
Encrypted:	false
SSDEEP:	12288:1WNrNNNifmpPFyCrHQnfYWiWJHA7LeLJRHRNJOYHQ93AjN:1WNrNNNifmpPFyCrHQnfYWiWJHcLeLJ3
MD5:	2EAF88651D6DE968BF14EC9DB52FD3B5
SHA1:	1C37626526572FDB6378AA4BEDBF7B941886A9A1
SHA-256:	070190292DF544DA87F84DC8CF8ECC0A0337085A3FE744FA60CE00A6879B6146
SHA-512:	15754A8F097F9C8D7BDA65FB881720AF5E4C4DB1E35F555563B9BAFE6426A6A0E50953A47F628FE3DC0F461E48ABBF77DB7C997902FF483CF33396D0D8E2CD17
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S...G...^...G.......G...E.....\.....F.........G...V...S...:.....V.....R.....N.R.....R...RichS...........PE..L.....b...........!.........f.......n.......@............................................@......................... H.......H..<........................Y......x,..(+..8...........................`+..@............@..h............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...\|#...`.......D..............@....rsrc................T..............@..@.reloc..x,...........V..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\cmdline.out

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	4472
Entropy (8bit):	2.872561136390538
Encrypted:	false
SSDEEP:	24:x5KwxePgWdE7cIBbsOflIQL1g6tCtTZtP731aqADy7C7MvjtdCg0dvKbshK6:VN73bsQqZtPj0qAG7C7eLCgYvKbe
MD5:	19475549B9EA9BBB2EB2A492F351FA74
SHA1:	C3E9101FAB9FB5419CEA0750397356E406319868
SHA-256:	B6EE6AC9C72B02B74483262DC96D53D49FEB41621D32F861001823ED75DF572C
SHA-512:	1442A44C5A4FC63DD5CC0A04D6E188A4E1FFF3C4BB252F1CC4A51DD378B846A28BC4D7FA59600BEC1191D767A4FC1E889EE9A935326777900E5B5259E46E2E99
Malicious:	false
Reputation:	low
Preview:	--2024-12-10 18:53:47-- http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe..Resolving dcr0eadbm64ph.cloudfront.net (dcr0eadbm64ph.cloudfront.net)... 18.165.213.23, 18.165.213.82, 18.165.213.147, .....Connecting to dcr0eadbm64ph.cloudfront.net (dcr0eadbm64ph.cloudfront.net)\|18.165.213.23\|:80... connected...HTTP request sent, awaiting response... 200 OK..Length: 2513624 (2.4M) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/internet-explorer-7_8xx5-B1.exe'.... 0K .......... .......... .......... .......... .......... 2% 121K 20s.. 50K .......... .......... .......... .......... .......... 4% 326K 13s.. 100K .......... .......... .......... .......... .......... 6% 500K 10s.. 150K .......... .......... .......... .......... .......... 8% 519K 9s.. 200K .......... .......... .......... .......... .......... 10% 1.31M 7s.. 250K .......... .......... .......... .......... .......... 12% 1.62M 6s.. 300K .......... .......... .......... .....

C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe

Download File

Process:	C:\Windows\SysWOW64\wget.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2513624
Entropy (8bit):	7.686108203667922
Encrypted:	false
SSDEEP:	49152:eBuZrEUNje0NQq5rISAGFuf79j6pjIMGFTKakp:YkLtNNC7eE9aEbJcp
MD5:	4CEF35CB56164E4427C8890CF5CDFD85
SHA1:	242815E66819F32D46C37A57ED707030F57CA2C2
SHA-256:	564B8E327A13C948CEA21587245B7B0005F786EA57F62BD602EF4ECEC66171C6
SHA-512:	10D9755FDA076E6F363A13BAFBD186F7161B434D54165057B06C6EC0F1B8292444BC90CD558048B228BE0D5E46EBD3C99AE379BB71C27EE300224D7D9EB1200F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...^.......^.......p....@.................................Cg&...@......@...................@....... .......p.............../&..+...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

C:\Users\user\Downloads\internet-explorer-7.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	29662072
Entropy (8bit):	7.9998174862194125
Encrypted:	true
SSDEEP:	393216:lk7fdwdiU/l3us6xz1wtmMbHAzobPUJGdHYBVm0lD3aLw1PuCtDdO13JhgLV9+yr:y7uiyeFt1sHAzAYiHYBMwIw1kV8G5x4
MD5:	AF5465B7E20FE89266A5B81BA1857BE1
SHA1:	1B9EF0777397B6781BBC27A90D4D9894F19ADEB1
SHA-256:	1050F2620A2646CA007A473953EE2E6CBA6F561CE88DF34A681E7680A4A6D032
SHA-512:	06B176C3B139EF2E05F4276F10C825ACAD5B4F5E923430569E9542CF8215E0F8862BAEA68BBA8257217AAF6CB5E40A6BD17337EA0D92D0CA3EBB435648732844
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K.....D..K..'....._.....J.....J..RichK..................PE..L.....B.................z..........EZ... ........... ..............................g............ ...................................................v..x%...........!............................................... ...............................text....y... ...z.................. ..`.data................~..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	low
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\ie7_main.log

Download File

Process:	C:\b99fd08a604e45b5fc9f\update\iesetup.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	658
Entropy (8bit):	5.013042182244657
Encrypted:	false
SSDEEP:	12:q6r2ONpTtXk4YuzOlYf21gXFoOIJqHh0vj/tnYCuYtHtZn:P7N4bwOlYfNmOIJpNYCuIZn
MD5:	BBFA76A548F5704B6284FA6EEB71E8BC
SHA1:	88F5005BE7EFDDD77AF7A35678E45F2B007178F4
SHA-256:	D06750414176F4F5C4A927C3799CF0083BA8A2FB25CFEC4FA5025260629E7FA4
SHA-512:	9BD70912A1D59FF1B56620B5400DB891D200ADFE3583648040F1C5167C9BAD418FB91FABFC852FBEDF90B064008DDA437D3F03EE9A4516B02199C144473DD40B
Malicious:	false
Reputation:	low
Preview:	00:00.000: ====================================================================..00:00.015: Started: 2024/12/10 (Y/M/D) 18:55:44.740 (local)..00:00.015: Time Format in this log: MM:ss.mmm (minutes:seconds.milliseconds)..00:00.015: Command line: c:\b99fd08a604e45b5fc9f\update\iesetup.exe..00:00.609: INFO: Acquired Package Installer Mutex..00:00.609: INFO: Operating System: Windows Workstation: 6.2.9200..00:01.578: ERROR: Failed to pass system version validation checks...00:01.609: ERROR: Message to User: Your operating system is not supported by this setup program..00:02.640: ERROR: Setup exit code: 0x00000007 (Can't install on this OS)...

C:\b99fd08a604e45b5fc9f\$shtdwn$.req

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	data
Category:	dropped
Size (bytes):	788
Entropy (8bit):	0.09823380614560741
Encrypted:	false
SSDEEP:	3:lbll/:lB
MD5:	DF7119A5D3CAEDA80BF0FB6F8E53DE8F
SHA1:	76458E1D2E0FA4519FACB71A5F23F8799713BE2B
SHA-256:	3C418A401CBE09F64EDE6E598C5CA36717830446147C8EF6327168EDC7B1CB0C
SHA-512:	85142D1942111783303FA060348BC76B1DD361336DCCC9DC9CDD3432EC6CF215756CBA66A367E560C9D5719BA4F585434319A66D9A97D9A09F5AC4A752B00B6C
Malicious:	false
Reputation:	low
Preview:	Sdwn................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\admparse.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	88576
Entropy (8bit):	5.574153070755456
Encrypted:	false
SSDEEP:	1536:ukzEepFazj8uGrfU2018i2ZysVdDbP5TDbl0y3ceO1z0BYJ+EH30nM4wIgvxo2X:fEoFakh8P2ZysHDbPxDbl0y3ceDBC+ED
MD5:	496D4E7597E8E81AD51678A6D788E8D9
SHA1:	0FA05EB48F1C2B64D91C0875590E594F71230588
SHA-256:	D5BF25CED924E745B2A34093D97F2E256BB2FE8FDF50EC59E95DC78D345D980C
SHA-512:	EC046D68E3088B8A5FD5A219D4EBFDAFA026BC50451D41EB56D4DEE6D0BD4CBB8DC481866A0228612DF325DEAB41CCBA03ECB8741A367E69A5831A404EA30038
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........4...g...g...g.k.g...g.k.g...g...g...g.k.g...g.k.g...g.k.g...g.k.g...g.k.g...g.k.g...g.k.g...gRich...g........PE..d......F.........." .....4...........$.........p.............................`............@..........................................A......<2.......@.......0...............P.......................................................................................text....3.......4.................. ..`.data... ....P.......8..............@....pdata.......0.......>..............@..@.rsrc........@.......D..............@..@.reloc..d....P.......R..............@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\admparse.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5120
Entropy (8bit):	3.649997830790069
Encrypted:	false
SSDEEP:	48:KuR6q+CIZWJdUf5mkss/GvvIgd3G6uqofbOYZE4zeD9RgDNkbFK0oZW:VEWoff3mvf3G6FofbOYaGg9cmK0oZ
MD5:	46C8BA60665D67C12F46A07787C0293A
SHA1:	21819CFDBC6C9CFC8F6702DDAE92EF83CE2ACFE5
SHA-256:	6E767028CFFA819A357C1F045F2384C0C1393247D1137BD3D7E5F169846DB084
SHA-512:	FB9EAF81530A31B35AB7C338D955896E553A025DC6DDEEAC06CD0712349184193F3ED46304F86554801C1D4F0FC552BF03D00F45BBE5F314A9D1B7D5992471E3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........................................................0............@.............................................................x............................................................................................................rsrc...x...........................@..@................................................j...@.......X...............................................................................................0...................e...H...................~...`...................Z...x...P................................................................................................................................................................................................... .......................0.......................@.... ..............(...................(...

C:\b99fd08a604e45b5fc9f\advpack.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	158720
Entropy (8bit):	5.964819368363849
Encrypted:	false
SSDEEP:	3072:pmwgomCiE8KQc6zMs9PSqUuUyTDR+TUnxQVAiADyQ1VO6:MwfD/0hFxQtA
MD5:	D582A89F6D632D0CF764A80F683B5F4B
SHA1:	D8CED79EB57DC6011AE4E7A732C90AC624182D09
SHA-256:	3FD9ABC8C02EC18F55280476504E804C2FAAF8F820B9F5755B601556EF47B9F5
SHA-512:	659A7E7D87D7007075425B63AF14518F9612735C271BEF07FFE23EBC7A457F6E5EB8F519046E844E0748DBC60A23FEC8BA53C399DFB36B9C600B9A45CBFBD387
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..\P..\P..\P..{..^P..{...SP..\P..YQ..{..OP..{...eP..{..]P..{..DP..{..]P..{..]P..{..]P..Rich\P..................PE..d......F.........." .....F..........0..........e..........................................@.......................................... ..'....).......`.......P..d............p......0?..8............................................................................text....D.......F.................. ..`.data...L....`.......J..............@....pdata..d....P.......R..............@..@.rsrc........`.......^..............@..@.reloc.......p.......f..............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\advpack.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	3.412092806080996
Encrypted:	false
SSDEEP:	96:jfQvbgwpqEW+nxyrmvbyWcG4+hfi/l7POOObLzfA1Tfzfz1zmjSnSFXUDaH0mjaN:jfaW+nxyirq/th3SFCa/jan
MD5:	437A84CAB4C4B9A5B8D464CE19568170
SHA1:	86329BE73A28AF62DB5101215583B643C67D6E34
SHA-256:	09019813ACD4C62E2C5408B73BB6D6AC996878E1F231259C849AD344C6D2E078
SHA-512:	667403996F8CAFF662AB19083C42DBCDA7CF39905305438FDB4494D7E26D6981FDE62358FDCF503CF76003A295E508CBEF42F5B283AB0C83DC33B00A4824FB3D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........$...............................................@......f.....@.............................................................`#...........................................................................................................rsrc...`#.......$..................@..@....................................................0.......H.......h...................................................................................?.......E...(...F...@...G...X...H...p...I.......J........................................................................................................................................................................... .......................0.......................@.......................P.......................`.......................p....2......................

C:\b99fd08a604e45b5fc9f\browseui.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1604608
Entropy (8bit):	6.402893755343285
Encrypted:	false
SSDEEP:	24576:VKFat3VwyW1BmWNEDuIyLISmRaCTkghfyFRir2B8sIGFOty7g+u:V8ewyWaNuJIJRaCT1fyFRiaB6G8M7vu
MD5:	E10CE65AB6C9744773F4B612C66AC3E3
SHA1:	8F197749D08B56A27759D76A8F6C674B759E6462
SHA-256:	EA5A040D2371DE15E14B749BFA5C424308C22DB4E73C047CC729A20A3E4D07F2
SHA-512:	DF7B67CA2E2B27F4D4B4C6A3D9E4E1F8661325DE99F0738099CB64F85512FC299D0B35E54B5D92A7B2AE03DFB65DF11851D7141194274151866C7B78107AFE25
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o..Mo..Mo..Mo..MT..M.W.M`..M...Mn..M.W.M...M.W.Mm..M.W.MH..M.W.Mn..M..Mn..M.W.Mn..MRicho..M........................PE..d...q..E.........." ................0N.........\|........................................................................................R....Y..........@.... ..D................#.....8....................................................M..@....................text............................... ..`.data...h&..........................@....pdata..D.... ......................@..@.rsrc...@...........................@..@.reloc...#.......$...X..............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\corpol.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.538445886732732
Encrypted:	false
SSDEEP:	384:lVCVwScDT7cnVnKa+JehPCq3eIZe8zK8ZwDHRC4Ms9u7JTqjWFBC:vCKoMa5h6qOI+fQhs6n
MD5:	62FE18948CF74D19C924D883146CBE67
SHA1:	EDD94C79C4B103810B930FBE094EC1976607F97A
SHA-256:	62A80AEC17AD2E8E6FB98FABC3F8C75F0DA749A9DC8833EB0D018DAD377F4558
SHA-512:	3EAA51F8F22C1CFDD92CC3D73671818B6198CBEFE13D0411E6B7B2FAE048ECCCA679E7A0A6EEF1D53D4B178A9B7A05D5D231AB0A1611E64E90D4217E718D4A41
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........je....K...K...K..vK...K...KE..K..pK...K..eK...K..fK...K..qK...K..yK...K..uK...K..wK...K..sK...KRich...K........................PE..d......F.........." .....@..........t>........@.....................................\Q....@..........................................M.......F.......p.......`..@...............L....................................................................................text....>.......@.................. ..`.data........P.......D..............@....pdata..@....`.......J..............@..@.rsrc........p.......N..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\custsat.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	53248
Entropy (8bit):	5.9729564296459134
Encrypted:	false
SSDEEP:	384:KPEG8kiFeswhAGFPjDPa423WvjFpAEiQtyuHidE9PeVb9rntlqgflDDqiCM20nkr:oj+JOdFjWFhxbKdO1Ww9N4Tk++Sx
MD5:	5485DCB421729E0453C54FD6D9198762
SHA1:	A4FFE83C27316ED829E55231D4FA3031B64F55D0
SHA-256:	D17701BAFF8AE3B818AD0138547BFF02D7724BDBEDA920D3DEA9290BAFBB69D9
SHA-512:	AC085D8B23ED39587697695407B5BACB0D5947210A25DF900A8E3CE74D1D1DABFF5C2BA75342775E5AD7E11CC1B21F594394C530320F2B92936C45A669C1CBD7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(.e.l..Ml..Ml..Ml..M...M.HpMa..M.HvMn..M.HfM`..M.HqMm..M.HeMd..M..UMm..M.HsMm..MRichl..M........................PE..d....PiB.........." ......... ......P.........@......................................6..................................................x.......x....................................................................................................................text............................... ..`.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\dxtmsft.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	505856
Entropy (8bit):	6.145270889335649
Encrypted:	false
SSDEEP:	6144:AVzi20MeKPwaVIKnLXBBCIQzIjAq9d8XS1rptXWtR4irn2eBJ+Q4W:A9E4wKnlJd92kr
MD5:	5436E301B93E784537D57FC0A6DA1F0B
SHA1:	E877FD67A3A7840F259C602310DE9510B79DC4E3
SHA-256:	86B373F21FCB02585ECC2058A5DB8957FC0BE75C622FC687BDE27CA11AEB9BE6
SHA-512:	0CB92FCECD1F65164C35FB3EB8164B41650507C1776482B1CCB835AA96594A17EAAA27461DC6D8090EA818114CFEE8E879EC605EC465381EBDA5C4BE3ED8159E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.U."..."..."......."......."..."...#......."......."......."......."......."......."......."..Rich."..........................PE..d...(..F.........." ...........................5....................................g.....@.................................................L_..........@6.......e..............d!..Li..8...............................................X............................text............................... ..`.data....-.......*..................@....pdata...e.......f..................@..@.rsrc...@6.......8...^..............@..@.reloc..d!......."..................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\dxtrans.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	308736
Entropy (8bit):	6.113992664940269
Encrypted:	false
SSDEEP:	3072:XMN1E9rTQrY/CBXXp7WZFQDex42upWK9qaKOKt82WIFEDua8HtoEzSSG59UMDVyh:XyE9rYcFtxoSHm2DFEDua8Hqdo//nYk
MD5:	551A281EEF1BEFF155D8D69AC744EAD1
SHA1:	F8FFFB08590F35F0222A2AA21E2F201DDA5879B9
SHA-256:	19214E267EB9BD35EFBA82D1FD2EB88A4C9180D7C46C5AECABFC1E6C5077EA23
SHA-512:	DC4C60451422883BAD9806FBF9D11590575385694E06E8F8C6F767DED6F31FD313DF81D5C4044E041956C0EA3F7DE7025FF5DE9D6CF09C7CF83AED4156DE3AA6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.g%!p.v!p.v!p.v..tv#p.v..gv.p.v!p.v<q.v..rv4p.v..dvlp.v..sv p.v..wv p.v..{v.p.v..uv p.v..qv p.vRich!p.v........................PE..d......F.........." .................V.........5..........................................@.............................................+....q.......P..........>..............d.......8............................................................................text...$........................... ..`.data....:......."..................@....pdata...>.......@..................@..@.rsrc.......P......."..............@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\extmgr.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	184832
Entropy (8bit):	5.770036513776001
Encrypted:	false
SSDEEP:	3072:oyXbXP8AUDMzUoM2rbHb8rys/48snxQJzNjaOsvMMPZyR4dv:hrXrQMrr02S1qwjs
MD5:	A18E61E04DD007CC632A0F6D2E2556C2
SHA1:	D1AA0586A10F6A168BC999CA95BC27C2259EF804
SHA-256:	A77A8E7615E644D9E9D5494532D864101AC342C3F896167535D0A81202C7EEE2
SHA-512:	57280C9DD0104EAFD7CE11496595BDD2E33E9436B2806E6173462ED588C9EBEDBE1087859E185BBD1561E35D8D7663ED1D704FC05D3DCD7DACECB43068F32245
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.V............-w.............-w......-w..8...-w..O...-w......-w..(...-w......-w......-w......Rich............PE..d......F.........." ..........................@...........................................@.................................................(........@..h....0..........................................................................X............................text...c........................... ..`.data... =.......6..................@....pdata.......0......................@..@.rsrc...h....@......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\extmgr.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	33792
Entropy (8bit):	5.15867807867129
Encrypted:	false
SSDEEP:	768:3K6+1GrrWr/hh4ixGcjvKtKyFz63DZEvC0H:3KT1Zr0MdvKEyFz63DZEvC0H
MD5:	A86E28E5D9C277C035B1D0F37056CAC9
SHA1:	0015604E8A4C59E8D52E8F05A3004357CC84C7E0
SHA-256:	E616BDDD97111EA61AE5F343E38D0F709EF6A92E8AA35CCF8B69028977B52B09
SHA-512:	AABEC67EB7278ACA08125B53500A994F6BEAE78DBAA4BD9331AD14B271BE04C60596A4085BBB9953734E83A64F5CDF16195F294B2989286F804CCF93511EA84B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .................................................................a....@..........................................................................................................................................................................rsrc...............................@..@....................................................@.......X....................... .......8.......................P.......................h...............................................................(....................`..@....p..X.......................p...............................................................................0.......................H.......................`.......................p...........................................................................................................

C:\b99fd08a604e45b5fc9f\feeddisc.wav

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz
Category:	dropped
Size (bytes):	8636
Entropy (8bit):	7.091327998703502
Encrypted:	false
SSDEEP:	192:jLErYYQfwzXDxMiJCMJYeM3Uembafju3YwW9A2r5iksv9A:jaYRfwzXE3Ueahzh9A
MD5:	94F139C13358BC3E4DE27CFDA595905B
SHA1:	511F88B758A8E78117F40A331304BEF5C76A70D4
SHA-256:	E7D4BE139BF82A1E2DA8C3238E0154B923020756032ED9C090BF057AEE26CC47
SHA-512:	9AAC45644F8EDF5D2101F7E48DD012D098AE9233B8D07CC77744CCFDBC3C20828AD6B3A7E17548879171B347E9EEB8F96CD62CC6BA4AEAA8C9F2FCE281A4DFF8
Malicious:	false
Reputation:	low
Preview:	RIFF.!..WAVEfmt ....................data.!......9.;.W.Y.u.x.....................................................................c.d.C.D.".$...................}.c._.G.C...(.................................................4.0.V.S.}.z.............2.3.b.e...................5.G.P.[.d.g.p.m.v.k.t.b.k.S.[.?.F.$.+.................i.l.?.?.................m.j.I.E..$.................................................................>.9.e.b.............8.:.u.x.........&...Y.b.....................................m.v.A.F.............c.d.).(.........\|.w.G.A.....................x.n.l.b.h.^.i.^.n.d.y.o.........................!...@.=.c.a.................G.I.............2.:.j.s............... ..8.2.@.0.=."...............i.q.".(.........4.4.........>.8.........w.m.F.;.............................)...H.>.l.c.................7.4.a._.................E.H.{...........+.2.g.p............./.>.R.`.g.v.s...q...b.o.H.U...).........W.].........C.C.....~.z.........t.j.-.!...............~...v...}...................#.

C:\b99fd08a604e45b5fc9f\hmmapi.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	71168
Entropy (8bit):	5.255762124358852
Encrypted:	false
SSDEEP:	1536:qu/n+cZn8b/EpMW/Nx4C4TBUQFe47yUAf:qCxZn8b/EpMW/NeXjegy3f
MD5:	15F6698D989843645BB58A813F9E29AD
SHA1:	C5A9F6DC40356924E47E67BDDD17A0DC2D62FC68
SHA-256:	FDE984EA03F63E96A058F1EB7D7418904C187320695430A0440FE4C31C820684
SHA-512:	BD661FBE0387F34C542D0AF4391559B3D9073BB98165BEFF00E4F27CF7F4917003B49EBBCA63774B9D1ACEC3FB3C8BB93F25C80E11D5F11989B8B93F34240BFC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a:L.%["\%["\%["\.._\$["\..L\*["\%[#\.["\..Y\4["\..O\.["\..X\$["\..P\&["\..\\$["\..^\$["\..Z\$["\Rich%["\........PE..d...c..F.........." .........v...............@..............................@............@............................................................h^......4............0..\|....................................................................................text............................... ..`.data...............................@....pdata..4...........................@..@.rsrc...h^.......`..................@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\hmmapi.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25088
Entropy (8bit):	5.5933877240501975
Encrypted:	false
SSDEEP:	384:VWcNYrM4VtJNaqAT/+IC4QBVGBKFTFIxSji8ye3eh7y8JA0a:1CMW/NxK/VC4GwBUFLjiFe47y81
MD5:	34C986A18E5686C3A3189618641C0976
SHA1:	824E0B3CD59A24CAD06BA1A8F85D4A131F15ACC7
SHA-256:	D11BD8A4B1391D8C6B0EEFC23ECC0C2B59A3D7E7129E9F0A36750E39D87F1AA2
SHA-512:	4331ED4E379EBCA5EF9A55E3F10D712F8317250256896F6CF4F021706C3F4EE8F521E071319C7178212E67569227AC380770F364685EB57766B2DC6A30FBBC98
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d...`..F.........." .........`...............................................p......X.....@.............................................................h_...........................................................................................................rsrc...h_.......`..................@..@................................................h...8.......P....................................................................................... .......8.......P.......h...............................................................................................................................................................................................................................................(.......................8.......................H.......................X....n..............................

C:\b99fd08a604e45b5fc9f\html.iec

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	560640
Entropy (8bit):	5.993201901073553
Encrypted:	false
SSDEEP:	12288:1n8sqqrrrrH1l7pEDOavqSGyARW7i5xC0db/+c:1xl7pEDOa9GyARRx/ZN
MD5:	05EC084141D091543E050D97F46A7F24
SHA1:	9D175238118239F2060372272899FD9E8CBA10D5
SHA-256:	C09EE2E86A0FF3FE84AA7D47C8947AD486604441BFA73F1C8B5A35F402CB8104
SHA-512:	740B9C07736CE4F185A69EAD9635C275B05E9F223BE1D8E80427B50E02494233A31C2C5B3483A99B3A11AF22FF77AC02C60A8199E6ADE4244B652CD13230CCCC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L_...>...>...>../....>../...>...>...>../....>../..1>../....>../...7>../....>../....>../....>..Rich.>..........PE..d...&..F.........." .....t...`.......2........@.....................................(G....@..........................................t..I...8c...................%...............0...................................................................................text...9g.......h.................. ..`RTFOUT_P.............l.............. ..`.data...~............x..............@....pdata...%.......&...,..............@..@.rsrc................R..............@..@.reloc...4.......6...X..............@..B................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\html.iec.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	3.409098053922339
Encrypted:	false
SSDEEP:	96:KdLJEWn6wWwZhYviNlJ88vpdltdy60KyHK9XtFpjlnl13cZAAWdvjpaxCb934ENQ:m2Wn6wWCfnN93J9rAU7iRl
MD5:	F3BCF845602D034ECED3D7B69BC67440
SHA1:	1EBAEB28F3AE6E434AC180CC45DAE6E2641AFA0B
SHA-256:	B4AD7B782267AB7EAD512142BC7EFC9FC1A2397DC58C8B49CB379E3FAAF280C5
SHA-512:	A8ABA124C12BA555E5A9A4191B5F4BAE9831803A09563F5FA01E6769A3202F3BCDD0E05B3FC1A7E9DE564BF44348A271D547BC6EEFEA5D0135B8206B559938A8
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........&...............................................@............@..............................................................%...........................................................................................................rsrc....%.......&..................@..@....................................................0.......H.......`...................................................e.......................?.......@... ...B...8...E...P...L...h...~........................................................................................................... .......................0.......................@.......................P.......................`.......................p...........................................................................................................

C:\b99fd08a604e45b5fc9f\icardie.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	82944
Entropy (8bit):	5.830057931838752
Encrypted:	false
SSDEEP:	1536:DoY1thhWtrIwSaCRw52/m7dgFQl6iKPFic4r:DoYlYtrIXCz6y9KNY
MD5:	F13EC7DBF824CE69927FA0B6A891C99A
SHA1:	CB10CFB3759DBAC537C478D7C9061F3BFEED7504
SHA-256:	62A5C5814A53DA85BBBB394A704ABC7D94C6156D31F9E3D3DBA9173F540DE702
SHA-512:	3ECFD30BA7BA4B1E79EF63107DAFBF465BF5E8EB43792E07DE57D5CF550616BBC6FD8F6C81CC321E6B189111220FD784477A3BBDE1A9705D385044CB812FCFC5
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3a..3a..3a......3a..3`.W3a......3a......3a.....3a......3a......3a......3a......3a......3a.Rich.3a.........PE..d......F.........." .........D......H.........@..............................p............@......................................... ...j............@.......0..@............`.......................................................................................text............................... ..`.data........ ......................@....pdata..@....0......................@..@.rsrc........@... ... ..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\icardie.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	4.794613979173039
Encrypted:	false
SSDEEP:	192:jgWWDYlJDTZc7nKDrZewuifbxgDnSndqbf:VWDYl47nUsK9Bk
MD5:	2D5CBCD50E551C5796BE7176F3559EF0
SHA1:	418561065719C9263E591CB84D8D04C86B492292
SHA-256:	9265F151AFAABB0A7900A17DDEB3F3FA450E847780EFC46B3C442CA797C81E0A
SHA-512:	AFC862D2C37C271EBAC8CA348E86809CA23F086809C7DCAF2BA06B8DABE6F5B4FE4F3A70639780EA6A57F2EA7F0C23F73A782E4E4614417B41EF4A36CE09175A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........................................................0............@.............................................................@............................................................................................................rsrc...@...........................@..@....................................................0.......H.......`.......x.......................................................................................................................................0.......................@.......................P.......................`.......................p............................,..............8,..J...............................................4............$..V.............S.A.F.E._.P.A.G.E...H.T.M.L...N.O.T._.I.N.S.T.A.L.L.E.D...H.T.M.L...S.E.R.V.I.C.E._.F.

C:\b99fd08a604e45b5fc9f\icrav03.rat

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8798
Entropy (8bit):	4.561625225703478
Encrypted:	false
SSDEEP:	96:hX8sNkVzalbK/0rgperQz6YqygW+m5h05ZC05BU6S5H1x:hX0+Fo0merQm5ygW+KuZNZqHj
MD5:	ECD81B99477AB4A93D7838EB40B870D0
SHA1:	4308EE93F0AFE592DA1C1ACCE02CD85228B9E0A9
SHA-256:	CD6F87C6F319425CC819D3A8F87CF1B2F7ABA0FEB29799562B70B11632E8D16E
SHA-512:	12C9FA7AF0470839E5C77FF2B0987D97BB52E6196CCEE7D152DEEFC2529FAD8E7784E43209246C02A8B4A416E62DB18240AB7B72578FDDD1CBDD841E8451F5E5
Malicious:	false
Reputation:	low
Preview:	((PICS-version 1.1).. (rating-system "http://www.icra.org/").. (rating-service "http://www.icra.org/pics/vocabularyv03/").. (name "ICRA3").. (description "This file defines a simplified implementation of the ICRA vocabulary for use in legacy PICS-based systems. The full version of the current ICRA vocabulary can be seen at http://www.icra.org/vocabulary/.").... (category .. (transmit-as "n").. (name "Nudity").. (label.. (name "None").. (description "No bare buttocks, breasts or genitals in any context").. (value 0) ).. (label.. (name "Limited").. (description "Bare buttocks and/or bare breasts in artistic, medical, educational, sports or news context. No genitals in any context").. (value 1) ).. (label.. (name "Some").. (description "Bare buttocks and/or bare breasts in any context, genitals only in artistic, medical, educational, sports or news context").. (value 2) ).. (label.. (name "Unrestricted").. (description "Nudity of any kind in any context, altho

C:\b99fd08a604e45b5fc9f\ie4uinit.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	67584
Entropy (8bit):	4.87745747354403
Encrypted:	false
SSDEEP:	1536:VMkY89VErmB63gQALcRQUzXgErLayQkP:iErEr3gLitzXgE/aJkP
MD5:	E2263E5675452B1508204871AE89376D
SHA1:	CF22C790B285A4389CBB7804A8C9F4EC83866C46
SHA-256:	7E4D59FCECB92D69BED56FF4E6C1837EAD4BE5D45FA71A87F946AE1A5F77DA97
SHA-512:	FC7C07328B0E56B214BB5DB7809065B7CA764D3018B05D4DA59046FBC2BF34994D0F34B0DFF264E843D10CD24C07AC652AAEE0A46ADA1E6CF0D08101887B6122
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qy...........b.....q.....d......5....r.....m.....a.....c.....g...Rich...........PE..d......F.........."..........*...............................................@......:.....@.......... ............................................... .. .......`............0..........................................................X............................text............................... ..`.data...............................@....pdata..`...........................@..@.rsrc... .... ......................@..@.reloc..x....0......................@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ie4uinit.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	2.9733967978033826
Encrypted:	false
SSDEEP:	96:eEWz69GZmvmviHYvkvfvAvZfvwvtv8Iv3fv3wASvUZj:zWm9G4HkSXD
MD5:	402CF37897D87B4A7812984F9E6F567E
SHA1:	569F4898EE1A33018A3AF1B67EB0C1F6A7F6E737
SHA-256:	168B6F09DB15598C325824103B4CBAA16F001D9C5451B78B7846B551F7F46AF4
SHA-512:	A6382111B5F7B11AF530FA9CE7FE6ACC0F77F19FBA4B8A5DB4C2D969CBAD2E5A8F8FE4F64E6F61E966C32A052FBD52F71211F3052B4B9A6CD9503586585D0043
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... ............@.............................................................@............................................................................................................rsrc...@...........................@..@................................................x...(.......@.......p.................................................................../...........................................................................(.......................8.......................H.......................X.......................h...................(...............................................8...X.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.

C:\b99fd08a604e45b5fc9f\ieakeng.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	194560
Entropy (8bit):	5.969373997111784
Encrypted:	false
SSDEEP:	3072:RtDb4TNCMUOrUHmHxpeo6DEBHX30i6jVUd58XhlxGFerx+TStY+fJVBggfN81fns:RtDb4TNCMUOrUENCjVUd58Xhllrx+TSS
MD5:	09BBBC3943AEF5916711FC9AC5F69610
SHA1:	906F01D221F06774F8D3216AB1FFDB5A8032C847
SHA-256:	3973F53F0A4AD04EAEBEC8AEA2FEF4F4B2615683FB446B83DC1024C3B5EFA2A3
SHA-512:	ADAE56AC9DB444333A9715E1FDF7D98EA7B076510B16EB45BF071E60FE60437C71EE66A9A7CE529AE17BBD0FBF2FC1D576C78F787979E28BBFD71E4EB8443739
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Fe.f..k5..k5..k5%..5..k5%..5..k5..j5S.k5%..5!.k5%..5<.k5%..5..k5%..5..k5%..5..k5%..5..k5%..5..k5Rich..k5................PE..d......F.........." .........4......<..........a.............................@.......s....@.............................................v...<...T.... ..8....................0.......................................................................................text...F........................... ..`.data...............................@....pdata..............................@..@.rsrc...8.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieakeng.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7168
Entropy (8bit):	3.3347920898843086
Encrypted:	false
SSDEEP:	96:KPOEWhvW0humvYQnPInGem/y5uaFFWwYlZtmKqyWa07hzwhXEYjXftiadIb:eWxtASr0Fz00uGb
MD5:	B812B6C1F835DFAED53864EAB4CE4BAA
SHA1:	8D8E4C2A11DC5B4B0638BAA761EC0B7687564F20
SHA-256:	08A95E1BB36A1832AC3E50AE3A2F1E39FA9FEF77F7815D67F8FBAD92A9FC052D
SHA-512:	8A2AA2BFD82359820C242B06E88F4E92EB6BED152A9327C528B7CA76DA37D5E54FAC34A0FBA4AB8B3C8F151D10F8F1246E131E6E3F8DEFBBBB7F18F605B51351
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........................................................0.......{....@.............................................................h............................................................................................................rsrc...h...........................@..@....................................................(.......@...........................................................?.......@.......~... .......8.......P.......h.......................................................................................................................................................(.......................8.......................H.......................X.......................h.......................x...................................................................................

C:\b99fd08a604e45b5fc9f\ieakmmc.chm

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	54197
Entropy (8bit):	7.5464662852452875
Encrypted:	false
SSDEEP:	1536:QXjJKsaCGf9+bXbVtJlp5N8Z7AQ3tIdw/eM:kRaCGf9qxrlreqTdw/eM
MD5:	875A6099E32E9C725616378F88052099
SHA1:	E43786084C9C801EBF95C4BB838875C91DD0AFD2
SHA-256:	8FC59DFFE4DBCEBCA4A6A3762C234BF3A80133DC30514383BEBB78C32D83F9A0
SHA-512:	C50E87569EA575E2E71A5013FC9A709F30CC45582075817D63A502696D38F1E773E41E842CF80A09ABA48B51A046579DFA9F5DCBE93E071E64A9BD9B6D4833E6
Malicious:	false
Reputation:	low
Preview:	ITSF....`........Rv;.......\|.{.......".....\|.{......."..`...............x.......T.......................................ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR......./#ITBITS..../#STRINGS...^.../#SYSTEM..^.S./#TOCIDX.....0./#TOPICS...E.P./#URLSTR.....M./#URLTBL.....\|./#WINDOWS...2.L./$FIftiMain...E..P./$OBJINST.....?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/Property...~../html/..../html/0350ecfc-9a8d-431c-b3c3-bda48c2551df.htm...#.!./html/07168040-baeb-4318-9944-70791048fac2.htm...X.e./html/08644b31-7b3e-4bf5-8ff3-e398cba9e657.htm...R.%./html/0aa0d091-0ea0-4593-bcb4-2a6995c06128.htm..[.../html/34d3661f-14b7-4efa-acfc-c4a97b682c32.htm...D.l./html/398a253c-eafd-4525-b20e-7203ff5e8be4.htm...T.g./html/4053d590-a653-4dfd-8014-dc7b888f520c.htm...0."./html/40cf587b-d970-4ee6-8466-b1fd1f0032f5.htm...L.W./html/4288771c-0d75-4fa1-a530-6fdc60d1646c.htm...Q.../htm

C:\b99fd08a604e45b5fc9f\ieaksie.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	266240
Entropy (8bit):	5.913512972583315
Encrypted:	false
SSDEEP:	3072:J8i75BIIt2ck/mbMPuR0bV1M2+4oJZZTjxkn5+aGbmr5vr0mhAU/HGJrX:9t2ck/mYS0z21jxk5+aTt4aOJ
MD5:	C9C0B509E3F41BE9EB976CE9B21655E2
SHA1:	91D33AD8BFBF9F718CE87744B536D224A94F1E74
SHA-256:	0F2CE0E09AE628B25DBF70B0327AED98E01135AA18BD14B67AE042D7924A9284
SHA-512:	E4B6020C925885CC28178B80613B69CC027CAFC3904307FDF95AEAEBBE5C0CBD41E0749709DA763F0905790A3F5D862F4369D8955803A9C26BA1793B37423F67
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.R.).<.).<.).<..CA.+.<..CR.&.<.).=.Q.<..CG...<..CQ...<..CF.(.<..CN...<..CB.(.<..C@.(.<..CD.(.<.Rich).<.........................PE..d......F.........." .........Z.................p....................................C0....@.................................................L...T.......H....p...............p..........................................................0............................text...4........................... ..`.data....P..........................@....pdata.......p......................@..@.rsrc...H...........................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieaksie.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	91648
Entropy (8bit):	4.5096679450656785
Encrypted:	false
SSDEEP:	768:t19gC9R1J/G2qH0DU5WVcQ2i/g/sUgcRafG6WCUBo5Sag:t19LZJ/H20QJR//TRafDhI
MD5:	FC613CF994E8666778D6375AC9A54F64
SHA1:	1013F7D33DB7931DF3A1A894CD79627EE3BC9848
SHA-256:	EE8F9ED10F8D5F77FA97533A7DC054CBB719083D0BFF2FFFB0BE89EE3532D8E1
SHA-512:	A047DF9D35205F587083670BD3D4287A9EB6A24AA3BECDCF4DC9D5CEE4C18E403CCFFA64265D5393DD0768527A6D8E8E71B1DC42A9045E9D567B485BE312BB95
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........d......................................................O.....@..............................................................c...........................................................................................................rsrc....c.......d..................@..@................................................h...H.......`...............p...................................................................-...........0.../...H...0...`.......x....................................................................... .......8.......P.......h...............................................................(.......@.......X.......p...................................................8.......B.......C.......D...0...E...H...F...`...G...x...H.......I.......J.......K.......L.......M.......

C:\b99fd08a604e45b5fc9f\ieakui.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	161792
Entropy (8bit):	5.521703382958054
Encrypted:	false
SSDEEP:	1536:PBCu3xHgR6ulyZVUySmieY1G2jaor7cpXZ8SxaSn/srx6SbzJKn4:PBh3xAoulyZVUySntE4
MD5:	ECECC3E7FA3D52F090A61C8B8493090B
SHA1:	244D6AD7D3E01B26B37E54AF583DC9258E7E343C
SHA-256:	1A85767E5044BA6B9CED9ACA243EBB8399199F63980CC00994F8DA6566F38704
SHA-512:	A8F6B67A31EC0B5348E3774114BA0E28FF23CAEB462AE677C538E6BA61BC980063990AD6B8FD06E03A12D504FF90C619F1F764B2AC78EAF3F2E7BBA609E424E6
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........v.................p....................................=.....@.............................................................0t...........................................................................................................rsrc...0t.......v..................@..@....................................................@.......`.......x...............0.......h...............................................................................................................(.......@.......X.......p...............................................................................0.......H.......`.......x...................#.......$.......%.......&.......'................................................... .......................0.......................@.......................P...........

C:\b99fd08a604e45b5fc9f\ieakui.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	257024
Entropy (8bit):	5.0083976857100065
Encrypted:	false
SSDEEP:	3072:FXmIrfEdxAoulyZVUySntGFUf8mcLlF7NGTuH:FWup5nlTSH
MD5:	189EABC53F9442AABAFDBB4E658ECD33
SHA1:	41B1FBD44B63CFF06554780B38185DD6F34470E8
SHA-256:	CE9034C1420A23A2643CB70BB67C177FEDDBD139052DA3EB32F7AAA1D3E6A8CC
SHA-512:	BFBCE844C9E4EEC8EA4C8C1F96E1B23DE59B51BFF38396463E5258F07DFF7DD0A648783F2FACAE07F0E5416DAD769682AF01027E59C317AA7F73B07F9C50C898
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................................@.............................................................x............................................................................................................rsrc...x...........................@..@....................................................H.......`.......................................................................................................0.......H.......`.......x....................................................................... .......8.......P.......h.........................................=.....................................(.......@.......X.......p...............................................................0.......H.......`.......x...........................................

C:\b99fd08a604e45b5fc9f\ieapfltr.dat

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2451312
Entropy (8bit):	3.594006527014336
Encrypted:	false
SSDEEP:	12288:wARo/CPNOHcIME7PrzbRg/bMrxKa9HIBpfzz21RF6v0bW39zCP+Jp8b0o:+MgeGKaBIBpfzzwRF6vYwzCPak0o
MD5:	96AB0AE8CA6A0F9EFD9277C3ABB32675
SHA1:	82F9AC976DE98E3339242A45D0891B1B2E619709
SHA-256:	C45025383D6658A41D3DB070A60446B804E5B96B15AEAAE802CA1F20E5D4050E
SHA-512:	C63BB243B879DC5A359C64D00A1F0FBFD9F555B0519622ADBDDFFEFDC612C1CCDEFBE1E3DE714EDBC7FFA8C4510F7C2870BB9075D072E321AA31F0BF0777EB61
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f...........$............Rich...........................PE..L....a=E...........!.........H%...................@..........................p%.......%..................................................D%..........L%.p....`%......................................................................................rsrc....D%......F%.................@..@.reloc.......`%......J%.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieapfltr.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	424448
Entropy (8bit):	6.422268448720248
Encrypted:	false
SSDEEP:	12288:mlE6PZvUEnsKF7E505NIcSWHv5S8N302fHGGC2YIMvIo:U7ftdIcSWhS81LeGCNIMvIo
MD5:	9266F0888628001B3BF49B549A9C8311
SHA1:	A08B24CA79CDE7F1A633586BEDE3FD9FB863B692
SHA-256:	4111CD34C287767DC50220C9993D3973EA6A667F81E188E830FE0B778D72D943
SHA-512:	872544DB46D41A4CE531D18A2444C486A18B293E2307CDE78E13F6E991409738830D3C97FCFF81791F7031C6F65061A2C554A267B9C6E8A3D809487146F4568E
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........w...$...$...$.;.$...$...$...$.;.$...$.;.$...$.;.$...$.;.$...$.;.$...$.;.$...$.;.$...$.;.$...$Rich...$........PE..d...5.FE.........." .........v.................r....................................i.....@.........................................<.......8................ ...S..............<.......8...............................................8.......@....................text...l........................... ..`.data...$...........................@....pdata...S... ...T..................@..@.rsrc................`..............@..@.reloc..<............p..............@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iedkcs32.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	467456
Entropy (8bit):	5.736814360337487
Encrypted:	false
SSDEEP:	6144:4c9NiR4KCh1TyPFXM3oVK3H+cLgJtw8bhetogILJ:XjTeFXMYVS+cLIdItg
MD5:	A50A5B0B2970413872D15E9222F61BB8
SHA1:	CD91D5A363E6897363DE0BC383DCD521B47AE308
SHA-256:	2CE2CD46FD5A00397A2DB36877A5AF56160EEA2FAE52946153BDF88A5C20D5B0
SHA-512:	223483A723F486A9F5DD9064B984EC5A0A7F53C9CE42B561743B0856EEE2F5CA66F27FC4FC8BB9448D562DB793DB0A3F438F36C8565F0EB23A44C43EF8E12B66
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nze...6...6...6..i6...6..z6...6...6d..6..o6...6..y6...6..n6...6..f6...6..j6...6..h6...6..l6...6Rich...6................PE..d......F.........." ................4H.........p..........................................@.........................................0...............`.......@...............p......................................................................................text...^........................... ..`.data....t.......P..................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iedkcs32.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	71680
Entropy (8bit):	5.330616607798005
Encrypted:	false
SSDEEP:	384:Rsma+WzbeYom/h5Ov5jbPToDLQ3w+XxmN7fEQPzdMyRjtwLe10vt157Hj/7fDWRf:RsmaTbeUyeG2IlMuef8eGST/Vz
MD5:	DADEE8B7DA0A684777AD66AC15296291
SHA1:	3C11531F13FE6DFDEF8F503AB86EA2C4D2222B59
SHA-256:	08CED326EC8BE2FF8F33FCE3A52D66A1BD1A69EB8E5BE8BF748CDA96F0E167D2
SHA-512:	24D60E9BB1A060B3349969B48BAF91B406C5A536CB4DC7225D2EEBE90A33BAB8166F4EAC552ED59204FE9EA1F0FDBAE3BA1ECE6A2A63E4BF7ECB482E4EF317B8
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........................................................0.......y....@..........................................................................................................................................................................rsrc...............................@..@....................................................8.......P.......h...........................................................e...........................0.......H.......`.......x...........................................................X.......*................... .......8...l...P.......................h.......................x...........................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieencode.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	86528
Entropy (8bit):	7.177805831914573
Encrypted:	false
SSDEEP:	1536:/8Y56K4fRNHayLlfzZStvl83tUiVnj939Owr3WOs+F:066K4ffHay1tcNotUMnR3AwaOl
MD5:	2D4047010AC4FC07A30017A40303C140
SHA1:	DC7AB714A2763E935645AB76A4B8DA9D479A7A50
SHA-256:	28094C547967164EE0824F6285C929A2A765686D46D5EB953A1A7B6E59D7A09A
SHA-512:	A3B6A7A7E1A35B735DE637110FC2474F1D496E0D5FABB641EB3F19E285A16FFEC1C0532078DBDBFE587AE025F6A4379564D6418C81DB2049764444242E4F13B4
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v9Y..jY..jY..j~DejX..j~DvjV..jY..j...j~Dcj\..j~Duj`..j~DbjX..j~DijU..j~DfjX..j~DdjX..j~D`jX..jRichY..j........PE..d......F.........." .....\...........]........@.....................................c.....@.........................................Pi..a....f..<....p.......`.......................................................................................................text....Z.......\.................. ..`.data........p.......`..............@....pdata.......`.......F..............@..@.rsrc........p.......J..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieeula.chm

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	12607
Entropy (8bit):	4.118716042414759
Encrypted:	false
SSDEEP:	96:7EbIsCPTHRiwo6pk878VCvBcA2626M+IMg453tBfVcenuC09byktK:7EEsCdo6q8ECvBcA2ypIZ4533vj01q
MD5:	B1E96DD034C69D03989FCA28FFAC7249
SHA1:	5B47B66ADE1FE3FA8C36498CE786CC44077D8A8A
SHA-256:	565AD74AE221CBE889B4FD4DF1D693129F7DEE6CE0FF49EA35ECC27E7D709083
SHA-512:	18FF66AEC64EE09A840EEA1175A9F3D8E35C63982064B5AA24465B4F94E2555312FD8C2A1D2739A973016307917852C581BF0B99434498FF87DE777C1454FD80
Malicious:	false
Reputation:	low
Preview:	ITSF....`........3.9.......\|.{.......".....\|.{......."..`...............x.......T.......................?1..............ITSP....T...........................................j..].!......."..T...............PMGLd................/..../#IDXHDR......./#ITBITS..../#STRINGS..."~./#SYSTEM....U./#TOPICS....0./#URLSTR...h:./#URLTBL...D$./#WINDOWS....L./$FIftiMain..D.P./$OBJINST....?./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree....L./$WWAssociativeLinks/Data..N../$WWAssociativeLinks/Map..[../$WWAssociativeLinks/Property..e ./$WWKeywordLinks/..../$WWKeywordLinks/BTree..X.L./$WWKeywordLinks/Data..$4./$WWKeywordLinks/Map..X../$WWKeywordLinks/Property..b ./ieeula.hhc..*.\|./ieeula.hhk..&.f./IEEULA.htm..b.H.::DataSpace/NameList..<(::DataSpace/Storage/MSCompressed/Content..[.h,::DataSpace/Storage/MSCompressed/ControlData.j.)::DataSpace/Storage/MSCompressed/SpanInfo.b./::DataSpace/Storage/MSCompressed/Transform/List.<&_::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C

C:\b99fd08a604e45b5fc9f\ieframe.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6933504
Entropy (8bit):	6.1626051480662944
Encrypted:	false
SSDEEP:	196608:xAk86gFxvH2qB2TEoXJ0dwp0JfUd9a8chAE5C:xAk86gFBH2qB2TEoXJ06p0BUba8cOE5C
MD5:	62D32ED4828CDFADB806A0A0DC045B8D
SHA1:	1586BE685DDE6DF916A10DAA5A1CFC0A88518710
SHA-256:	FEB3FD1F69B07B428E4473602E493B0DE78724036DE33E7E24A2833045F9EAD0
SHA-512:	9C59C5858CE72BB31F650C020DAFB44D2D63FD86671931B17CE09FDE35F4A4C80AA8899BAA1AE3B9102B1760375724DA3AE657B2796CEF9A8560E05D42D865B6
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............H..H..H...H..H...H..H..H..H...H..H...H..H...H..H...H..H...H..H...H..H...H..HRich..H................PE..d...&..F.........." ......1...8.....Pw........@..............................0j.......j...@.................................................D.0.......4..b4...2..............`i.@....\0.8...............................................0...p./. ....................text...$-1.......1................. ..`.data........@1..n...21.............@....pdata........2.......2.............@..@.rsrc....b4...4..d4...4.............@..@.reloc..@....`i.......i.............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieframe.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	980992
Entropy (8bit):	6.2401446107080805
Encrypted:	false
SSDEEP:	6144:cOYwFtGTgANuERWdVhJxG0h41eYl5wlLftr2g9cFEdO+HTQ88BIj8A1ftRRTae6W:Zz9aqHTZVeEr
MD5:	7BB33B891F95F3986A5046E86DD5A96A
SHA1:	9EF2C12B9580B03DB721B2BC0170EC025751B264
SHA-256:	C95F334CB48D688CFAAE46C2EB974BD46973734EEE694B0C91B71ED9BDFADE88
SHA-512:	FF7C2AA8B64CB2728B91338E587E631463AF7625B7F8C26FC57E6BFB06DD977DA2FCA272B5EBC3E72BA584F6B778A4E9D115E30D449B1127E6171ABB26830375
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d...'..F.........." .................................................................D....@.............................................................8............................................................................................................rsrc...8...........................@..@................................................4...P.......h...............................`.......x...>.............................................+.............................................(.......@.......X.......p...........................................................!...0...0...H...@...`...A...x...B.......I.......J.......K........................... .......8.......P...H...h...J................P.......P.......P.......P.......P......@`..(...A`..@...E`..X.......p.................................T..q......

C:\b99fd08a604e45b5fc9f\iepeers.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	249344
Entropy (8bit):	5.7751249657660875
Encrypted:	false
SSDEEP:	3072:ZQSqUuUyTDYl0uATIT3nCBqJAvxW61CadFVJJZwQRPLHIGSo7+6XXoJ6EimO5smg:nXVJJ61Ca5JJZwQnHoJ6EiJroo
MD5:	1B1360B1CFED04391B89B19398AAC985
SHA1:	3ECAAD711D8BDC951278243034622A888719BB3E
SHA-256:	EC4A916CB3584A773907BC4CD288F86632AFB1FD856AEFA889FE42761420CE96
SHA-512:	FAEBF92BF9AED2D526219945391AF41465B730DEBFC271C5CFFB4773E6F1E6BAC530E1F7C4A7C4D9A7626960B3C33DC1F2D28AE97909EF1B5779A836B0AE26D9
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..*o..yo..yo..yH4.ym..yH4.y{..yo..yY..yH4.yr..yH4.y=..yH4.yn..yH4.yy..yH4.yk..yH4.yn..yH4.yn..yRicho..y........................PE..d..."..F.........." .................\|........@......................................~....@....................................................,....0..H........#......................8............................................................................text............................... ..`.data...H%..........................@....pdata...#.......$..................@..@.rsrc...H....0......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iepeers.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.1468066169141893
Encrypted:	false
SSDEEP:	48:KS+t+yLIZWNcv1XmW8E/GvvIgwyHIyfvvhiDfvvNYXAXgNDvX6qiNYSlgWQ3uZvn:YLEW6v1/HmvOw73ve3v2AXgRv/WQ3uv
MD5:	E0E7CFBA5F17D376895312D4BB690664
SHA1:	036D59C742319A3A372569EA1F7614018F9E5282
SHA-256:	D6003B7836F4C319114C7FCF6F72807741AC24866D2815717615A93899F0E68E
SHA-512:	D353C50157BAC156183709F9F14FD6C5FA8CAF3C940C9F69A96CB3FEEAA6020DCE654541EE1415F08946EE52251F0A3B28599262EAA0D3EE26DDD327B5F85AEC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... ............@..........................................................................................................................................................................rsrc...............................@..@....................................................0.......H.......`...............................................................................................................................................0.......................@.......................P.......................`.......................p...........................8...............h...Z...............,...............>...........8.................................M.U.I...........4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.......

C:\b99fd08a604e45b5fc9f\ieproxy.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	795136
Entropy (8bit):	4.091342928643985
Encrypted:	false
SSDEEP:	6144:wrXrtc1TEkMBtjCnH03bOrfFOMKt0M/BAN4tq0Z6hGgAx9GCC8+iXfz:wrbdBbbL
MD5:	2EAFEF9C7BDECA7E4849A1835A7F9D54
SHA1:	27CA89ADD0955DA5052BE379D53910DD00162883
SHA-256:	5DD7F155F0177D506FBFA025B59A3EC4A76A1B1002785327C3A2A9364DEC1F13
SHA-512:	9F088601FC79177DAD61BFDDA44C44F0F274FE5E87C11C69EB97C2BFF096EB9CA6964A11D8CB5BEEE1C45B0ED7C8BBB55495C8BF86E8F5BE39FA1BD4C96F3825
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z[.S>:..>:..>:......?:......1:..>:...:......3:......?:.......:......?:......h:......?:......?:..Rich>:..........................PE..d......F.........." .........R...............@..............................p......R.....@..........................................................P..0....@...............`......p...................................................H............................text............................... ..`.orpc...u........................... ..`.data....C.......<..................@....pdata.......@......................@..@.rsrc...0....P......................@..@.reloc..X....`......................@..B................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iernonce.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	56832
Entropy (8bit):	5.05701447851933
Encrypted:	false
SSDEEP:	768:B3ygTUhjRalmEfSK0O0yTDFf5UvgKQXLz4s1NVy53/Nbs9F6WDowKI:pu1EcvUZsldOYiKI
MD5:	32A786B5942C0DE13B251EE5EB39087B
SHA1:	4C5AAF98FC2B13976DF82BDD234960A74D3780C9
SHA-256:	D12D562AD6B4D36DB16BD15D0130E3B050F3843BC40B786D11F108AAF9D9E3C9
SHA-512:	2833455CD9B53604E5F9BD54F324AD1A0984DC628FCFC2B7701D8BE150C40221973195CB9251260C51FA10AE7380A1EF422BB15EC7562FED51050C0B71DD793A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........N.._N.._N.._i;._O.._i;._A.._N.._..._i;._[.._i;._t.._i;._O.._i;._K.._i;._O.._i;._O.._i;._O.._RichN.._........................PE..d......F.........." .........$.................P..........................................@.............................................g.......................$....................................................................................................text...W........................... ..`.data...............................@....pdata..$...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iernonce.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	3.3074654102722776
Encrypted:	false
SSDEEP:	96:aaeEWOW9mvgqTVc8U47Z5q5kZzNGZQpt:aazWOW6LP
MD5:	E7DD058DA913AE63994B7454C902B904
SHA1:	9965D9FF41B33F614AD40CF49592E22C75E1BCD6
SHA-256:	E3FA0B576334C12196ABA9C5B1174F78C09874AAB1646B59E6124DCFC4260946
SHA-512:	31261779CCACCCBDFFBAF0D6A95D9AF54FC3A149916CA0ED529F2FE6B778C25EC8538627F878D547176D3D0DD36C18E4A283B050BAF8CD4F2006A6AA31D1A824
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... .......V....@..........................................................................................................................................................................rsrc...............................@..@................................................0...0.......H.......`.......x............................................................................................................................................................................................... ...X...................................f...........@.................M.U.I...........4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.

C:\b99fd08a604e45b5fc9f\iertutil.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	355328
Entropy (8bit):	5.594047402281189
Encrypted:	false
SSDEEP:	6144:wN8PxQYum42X1UJGv8wbskA1yejpxneiIZ:wmyGv8wb9A1yejpxn
MD5:	4555E36EC0C6BA1E862DB743942113D4
SHA1:	74987F3CE1046E5838D348AE834C69372FC7CA36
SHA-256:	F08D49040C4E61D4C1BE9A914D8008C24C8479BFA2264D97FDBC13363B4623C6
SHA-512:	D45B3E545E40E002E7A6025B456F734A2F6AF521260DB137BC14DDBE97D56BF679A4FC214C9ADBBAA2672794B9EA9F96D61B7AAA7C60BCF5308734ED45EC3E49
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........g..w4..w4..w4.\|.4..w4..v4..w4.\|.4..w4.\|.4..w4.\|.4..w4.\|.4..w4.\|.4_.w4.\|.4..w4.\|.4..w4.\|.4..w4Rich..w4................PE..d......F.........." ................LN.........]..................................../.....@..........................................................0..8.... ..d............@...[..........................................................8........................text............................... ..`.data...HE.......:..................@....pdata..d.... ......................@..@.rsrc...8....0......................@..@.reloc..B^...@...`..................@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iesetup.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68608
Entropy (8bit):	5.242058657436813
Encrypted:	false
SSDEEP:	1536:VVa35WWzCr97KqBk4a9fm5xB4m86U4FJ/y6:Hae97KqBk4axYxD/y6
MD5:	D9E0EE8329CC7DB88F1CF23CBF866F44
SHA1:	56C4869452324E53553F55DC294E2EF1AF17C75E
SHA-256:	3BE66D1F9A824B65E548D3BF5CD8B08395A7A31615BFBB8BC431CB1C738B3CC4
SHA-512:	99D9319D8752606C1297B8DF17F021044A78D92407A84BCB419A3A42277A3E4C2EE8EF37AC3E4E06DA429B41B0921E69225E26BDF4722EE55F796E85BF906D46
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[...5...5...5..>H...5..>[...5...4.U.5..>N...5..>X...5..>O...5..>G...5..>K...5..>I...5..>M...5.Rich..5.................PE..d......F.........." .........T.................e.............................P............@.................................................H...........@.......`............@......@................................................................................text............................... ..`.data...............................@....pdata..`...........................@..@.rsrc...@........0..................@..@.reloc..8....@......................@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iesetup.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	4.607305264888625
Encrypted:	false
SSDEEP:	192:mbW2BR+aKDHscGBmVdFuKDUeJsSEHOKDRKXCMPB/SHk3GUWRH5C:mbWQUaKDvPLFuKDbJqOKDYB42GUWRH5
MD5:	71F6B5B389FE0F85DA0E997CDDC06D66
SHA1:	7E3282AD3AD48E68FBC379C21EBD1001C47E1B1F
SHA-256:	C3F27505110A203F6C56879C4A24474E67FACC6456D25C635F74E5464F420988
SHA-512:	B64D6F759E331BCF36060D6E987624D8DAB7668CA24D9ED765B67AFE895FE900A6035779192C7AF53A6AFE8DBD3E1ED53310903E9D272F38AE38465F72254AF6
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........>...............................................P......V.....@..............................................................<...........................................................................................................rsrc....<.......>..................@..@....................................................@.......X............................................................................... .......8.......P.......h...................................................................................................f...........................(.......................@.......................P.......................`.......................p...................................................................................................................................

C:\b99fd08a604e45b5fc9f\iesupp.chm

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	30064
Entropy (8bit):	6.76959343828198
Encrypted:	false
SSDEEP:	384:FhOmriCRhV/oU89y9LjUWoPaaC4lhBBJONTWE2KZkl17we7NE5Ab3swMedylkuVs:FhO4hVCoBezXlmTZ3kl17Db8wMS4kuhI
MD5:	D8B7DFD9766DD86DB642655B96CADF05
SHA1:	ACF61792A542389A59B667E6D93062AE2E83E735
SHA-256:	3DD037288BE1A466A66C9EF465ECD7D111A3691A812F45685C021234E7061774
SHA-512:	825967C40C7CDBBECB522C26F255938A017268464DCEDA59E02BDA0601B147349FC538FE9FBE25BB8A2AAFE0C7284DD9E566417FBA2347A7636EC0DE29C5FE01
Malicious:	false
Reputation:	low
Preview:	ITSF....`.......ODS=.......\|.{.......".....\|.{......."..`...............x.......T.......................pu..............ITSP....T...........................................j..].!......."..T...............PMGL5................/..../#IDXHDR......./#ITBITS..../#STRINGS...J.<./#SYSTEM..F.B./#TOPICS....@./#URLSTR...rX./#URLTBL...B0./#WINDOWS...\|.L./$FIftiMain...M..5./$OBJINST.....?./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree...~.L./$WWAssociativeLinks/Data...J../$WWAssociativeLinks/Map...d../$WWAssociativeLinks/Property...n ./$WWKeywordLinks/..../$WWKeywordLinks/BTree...H.L./$WWKeywordLinks/Data.....8./$WWKeywordLinks/Map...L../$WWKeywordLinks/Property...^ ./iesupp.hhc.....c./iesupp.hhk...w.../mts_ie_overview.htm...8.\./mtsworld.htm..h..P.::DataSpace/NameList..<(::DataSpace/Storage/MSCompressed/Content......,::DataSpace/Storage/MSCompressed/ControlData.j.)::DataSpace/Storage/MSCompressed/SpanInfo.b./::DataSpace/Storage/MSCompressed/Transform/List.<&_::DataSpace/Storage/MSCompressed/

C:\b99fd08a604e45b5fc9f\ieudinit.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	13824
Entropy (8bit):	5.2130902202963885
Encrypted:	false
SSDEEP:	192:veKqH4u7cG7y6RwXlB9TT6XPQcFjR5ShM4wb6nkIb/+/Q33noWCry1:1u777u3TT6HbSi4wiqI3oWEy
MD5:	8E8B9DA2A5B648B1E2D6752159560C21
SHA1:	E7A4F56C6A98BBF2628CF73D157FDA71910E1685
SHA-256:	CC8387CFA037DE1995323B75D3F4806EC9BD15A6EF74F520D7A3F6C8C87AEF53
SHA-512:	BECB247EE3948705DA7598022AEAA14F371F7DA59FAC2EC3FCEF60082E0454D70D0C15AEF385A5FE03D1CC9AA21E610B05BCB4CE83598D81B316456E39E00E88
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.K...K...K.......K.......K.......K...K...K.......K.......K.......K.......K.......K..Rich.K..........PE..d......F.........."...... ..........`$.......................................p...........@.......... .........................................P....P.. ....@...............`.......................................................................................text............ .................. ..`.data........0.......$..............@....pdata.......@.......*..............@..@.rsrc... ....P.......,..............@..@.reloc..V....`.......4..............@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieui.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	228864
Entropy (8bit):	6.223379884692593
Encrypted:	false
SSDEEP:	3072:gOvXAEYR5nrCTnuhAGegtORFZ1n0d5H+mjpzTMbUSM0P:gOYEYR5msAGXtO7BAf0
MD5:	2C1CAF5F3C51BDED98E118E50BC78904
SHA1:	6BEC3813FFE8E5B256C67FDC3750C3A50FBB07E3
SHA-256:	4C40431996BC646086A89E2364BDD08590FE0EE818CE5D12A039B32860803BFA
SHA-512:	26FBC45FC69C94888658555407556D984383A1672007D0511851896B37EE53FD9E9038D9C65D18895A10EC82A0E69C3A0E2377FD26C8DEAEAC047C8165222665
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...........................+........................................Rich...........................PE..d......F.........." ..........................@......................................Z....@.........................................L...a............p...;...@... ..............p.......8.......................................................@....................text...,........................... ..`.data...xP.......J..................@....pdata... ...@..."..................@..@.rsrc....;...p...<...4..............@..@.reloc..p............p..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ieui.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3072
Entropy (8bit):	2.9463651665347865
Encrypted:	false
SSDEEP:	48:KWii1tXaQT1EDu+eIZWAcvjmKOv1Bs/GvvIg9fjE4eL7w:2q/EWZvYv1umvffjE4q
MD5:	D038E77A87593F14D8A0825C0DF28C7B
SHA1:	6331FF87430A6F6F936078617FE2A231DD7A0F1A
SHA-256:	BBAC8E4E8F825AE43404569D95F6BAF746ADC1CACCF4A806916A0881A2F8942C
SHA-512:	776FB093146FC673775F6F58018940CFF39E71948022CE71F8CDC7680B7DBD9BDEA743FE918566E34A924936B9E40EAC5D9B04C393CA529A51C01DEC75408C82
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... ......-0....@.............................................................H............................................................................................................rsrc...H...........................@..@................................................0...0.......H.......`.......x...........................................e.......................E........................................................................................................................... ...................@...............................0.................M.U.I..............................$.q.....A.s.s.e.r.t.........M.S. .S.h.e.l.l. .D.l.g..............PF.\.2...........&.A.b.o.r.t................P}.\.2...........&.D.e.b.u.g.........

C:\b99fd08a604e45b5fc9f\ieuinit.inf

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	56700
Entropy (8bit):	4.442658259889598
Encrypted:	false
SSDEEP:	768:zQDJcUPGNdTkLLoiGAztIKOL9A5CTnncwA5YMROtTTM1aR:zQDJcUiz
MD5:	8918D4B7949B4E2D8FCF9DF333972DE1
SHA1:	9141EC2DEC170161A67B332BBF99022012B3B63B
SHA-256:	90E80D02320195096F263AB45D30B8DC9DC7544AE7601A85CA322FBF40D30124
SHA-512:	847F7ACC4054879C35466252D52A701EA577DBE3EF010553C561B18673A7D0D2E798750ED451F7EB98CC85C1ECC2C110376C4BB8682E84D21EDC74DCC380F0CF
Malicious:	false
Reputation:	low
Preview:	....[version]..signature="$CHICAGO$"..AdvancedINF=2.0....[IEAccess.Install.WinXP]..AddReg=IEAccess.InstallXP.AddReg....[IEAccess.Uninstall.WinXP]..ProfileItems=BrowserDelXP,BrowserDelXP64..AddReg=IEAccess.UninstallXP.AddReg....[IEAccess.InstallXP.AddReg]..HKCU,"Software\Microsoft\Internet Explorer\Main","Check_Associations",,"yes"....[IEAccess.UninstallXP.AddReg]..HKCU,"Software\Microsoft\Internet Explorer\Main","Check_Associations",,"No"....[DefaultInstall.WinXP]..ComponentName="IE UserData NT"..ComponentVersion=6.0..ProfileItems=BrowserDelXP,BrowserDelXP64..RegisterOCXs=MSIE4RegisterOCX..AddReg=AddReg.IEMain, AddReg.IEOther, AddReg.InetSettings, AddReg.Misc, AddReg.International.XP, AddReg.XPandW2K3..DelReg=Remove.Reg,!MUICache.DelReg, DelReg.XPandW2K3..BackupReg=UserRegBackup..PreRollBack=UserDataUninstall.NT..RunPostSetupCommands=SetReg:1..NoBackupPlatform="NT5.1"....[DefaultInstall.Vista]..ComponentName="IE UserData NT"..ComponentVersion=6.0..ProfileItems=BrowserDelXP,BrowserDelXP

C:\b99fd08a604e45b5fc9f\ieunatt.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2048
Entropy (8bit):	3.1214003458942514
Encrypted:	false
SSDEEP:	24:e9GS7IQ5yuEICG+2+IZW0B/STYNn7LsHlV81l523FdGvEMIYPN/VQRvEM+:KK7TG+7IZWy/omvUU1LE/GvvIgmRvv+
MD5:	F1FEFCC59DE4229A9B5DF8AC0ADD374E
SHA1:	AE3B801B9C5EDAF10E9FDC99B89066CEA4D1C17A
SHA-256:	1746EBD3ECB14ADB6009FD98EF21259B751102896B93355C0853E173D7FD1603
SHA-512:	2C3BA33B0CB4E815EBD8E5AACD371395B7F8209CDAD9CFF1CC11317204C850C4D7A189B55A1B55DA4363D2EF26295CF42128D6E1E55E8F780C1F4F3017D308D5
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... ............@..........................................................................................................................................................................rsrc...............................@..@....................................................(.......@.......X.......................p...................?...........................................................................................................................`.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l."...F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\iexplore.chm

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	503758
Entropy (8bit):	7.964233510846455
Encrypted:	false
SSDEEP:	12288:L9mW1pkHrQ3twK5uYxa6ujo7lJpflXqb++Q5f9IkP204TbXE:kW1pkHkSKg96uc7Ppf+HQ5agny0
MD5:	652E46500C149D1DC948BF9CEA8C4933
SHA1:	D35DEE95F1A6CFAAFC64D5893C3BC3B110CD17CB
SHA-256:	F1A19551FAF789CCB0A87ED4B408258FAD566D66E15AA52EB913A6282308FA1D
SHA-512:	C6361B3E2D7C3A375BE098276BFDC2023D91C2AF84C4348F64BB71F38F625A9EC57A6DB29F74DF2895799151F853B063C53E008D596C13C3ABD1820D5FE50D4F
Malicious:	false
Reputation:	low
Preview:	ITSF....`..................\|.{.......".....\|.{......."..`...............x.......T0.......0.............................ITSP....T...........................................j..].!......."..T...............PMGL<................/..../#IDXHDR......../#ITBITS..../#STRINGS....+.Y./#SYSTEM..v.4./#TOPICS......`./#URLSTR....`.K./#URLTBL....x.h./#WINDOWS...n.L./$FIftiMain....r..&./$OBJINST....3.?./$WWAssociativeLinks/..../$WWAssociativeLinks/BTree....e.L./$WWAssociativeLinks/Data....1.8./$WWAssociativeLinks/Map....i./$WWAssociativeLinks/Property..... ./$WWKeywordLinks/..../$WWKeywordLinks/BTree...:..L./$WWKeywordLinks/Data......5./$WWKeywordLinks/Map....;.../$WWKeywordLinks/Property....E ./acce_ov.htm.....E./add2fav.htm...].!./add2lnx.htm...~.Q./add_off.htm...O.6./addsubscribe.jpg.....r./autocoff.htm...w.T./autocomp.htm...K.N./back.jpg......../backfwd.jpg.....5./browstip.htm..._.../caution.gif...tI./cert_def.htm...=.K./cert_ovr.htm......./change_proxy_settings_it.htm.....c./chg_font.htm...j.!.

C:\b99fd08a604e45b5fc9f\iexplore.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	674304
Entropy (8bit):	6.704127913537935
Encrypted:	false
SSDEEP:	12288:xrbaZQVX+pd167QhE0s7+jM+M6ugRfMMkIM7tX+pd167QhE0S7+:VHVE6Ehg7mM+M6RkMkIM7tE6Ehm7
MD5:	26A9F839BFE1F4A6ED8C80F93DF5B3CB
SHA1:	CAD5F4149241F5E99CAD3FDBA24F4A8BB02E4620
SHA-256:	3CD90AB939934FC125D504831FBF7963B85DC32EAC7A49AC88DC4477906F7DC0
SHA-512:	A3838EF8C1AFB8D3FF4130924D70B71449EFFD7AAD7AC51E3AA7F108AC90B8B9436A3B681CE775460761004C19A7BEF18731E44F91A12837B0CCE3B2DBBFF226
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0...0...0.......0.......0...0...1.......0.......0.......0.......0.......0.......0..Rich.0..........................PE..d......F.........."......b....................@...........................................@..................................................`.................l............p..............................................................P_..`....................text....a.......b.................. ..`.data....G.......B...f..............@....pdata..l...........................@..@.rsrc..............................@..@.reloc..*....p.......4..............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\iexplore.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	562176
Entropy (8bit):	6.852657656060301
Encrypted:	false
SSDEEP:	12288:iX+pd167QhE0s7+jM+M6ugRfMMkIM7tX+pd167QhE0S7+:iE6Ehg7mM+M6RkMkIM7tE6Ehm7
MD5:	ACD9B996CFD26D7E4FEE22AA8A598BEB
SHA1:	BEC6DE145939A8AC1333A334CB4DABAEEB032C79
SHA-256:	0311BAD1A1871DA8E3CF37005603A2626591E6768BEB1035878AB36E32FC8AA0
SHA-512:	22EB8F856E339F0D8055A4730B6EC91D85EB0FC8C61D902CFC6DC677198D32257715C7BCA40B8934D8017D5F142E02388D46CF519FC0A0C3558C880E8CB3F6F5
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................................@.............................................................8............................................................................................................rsrc...8...........................@..@................................................."..@.......X...............(.......X.......0.......................H.......................`.......x....................................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................0... ...H...!...`..."...x...#.......$.......%.......&.......'.......(.......)... ...*...8...+...P...,...h...-.............../.......0.......

C:\b99fd08a604e45b5fc9f\imgutil.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	5.838891787612984
Encrypted:	false
SSDEEP:	768:ddkrXUxtFzi4Y/aDyd8b/1A5s7jiLsQo1v3sk9+olrH:dd3r+CbdcsMLKsk9+olH
MD5:	533B1B554F7C167E73B491EEB0A391AC
SHA1:	71D579D6C9A4A05B0AC299709B65BF49B08F1993
SHA-256:	9AFBC5EF1FC99B31DA1B17E0336C255151371E8976481B175FDB3B559A6CEDD4
SHA-512:	E1876A9F733DE4949F72AFAA6EE9B335F7ABA0FD56EA11E739BDD302E859C4A2043703B3FAC4251318F6B6792A65A2B6419DB6BFD6085983F793E98B12B62E45
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................._...._........_...._...._...._...._...._...._....Rich............................PE..d......F.........." .........$.......1....................................................@..........................................>..4...H........... ...........................D...8............................................................................text...<........................... ..`.data...............................@....pdata..............................@..@.text...F...........................@....rsrc... ...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\inetcorp.iem

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (480), with CRLF line terminators
Category:	dropped
Size (bytes):	13696
Entropy (8bit):	3.6381778870191557
Encrypted:	false
SSDEEP:	96:ikkos36j2FjGIe5b2jGpjGTiloa3IZAvg5g2vuevkVbvabrfmSvxNKdZzGr8YCQA:Rv3IlgJTknh8FWQyaU5zExSQB
MD5:	287716C5D36159E45209DDC85B9FAE23
SHA1:	0197B076730723488D0ADEAC6770F2549EA102CF
SHA-256:	C0365146FE70445F9D35A94199779BF9A22C057AB030B129445563C070021814
SHA-512:	B93BCFF9421E1D4EC312CF8BBFB7B2239D99BDF00FD94320CEAD00DD5276A59AFA3C06F294C6B892723EC54A9539E75DE43D36F04DA03302F012D163292180E6
Malicious:	false
Reputation:	low
Preview:	..#.i.f. .v.e.r.s.i.o.n. .>.=. .3.........C.L.A.S.S. .U.S.E.R.........C.A.T.E.G.O.R.Y. . .!.!.I.E.A.K.O.n.l.y......... . . . .P.O.L.I.C.Y. .!.!.I.E.A.K.O.n.l.y.P.o.l.i.c.y..... . . . . . . . .K.E.Y.N.A.M.E. .".S.o.f.t.w.a.r.e.\.P.o.l.i.c.i.e.s."......... . . . . . . . .P.A.R.T. .!.!.I.E.A.K.O.n.l.y._.T.i.p.1. . .T.E.X.T..... . . . . . . . .E.N.D. .P.A.R.T......... . . . . . . . .P.A.R.T. .!.!.I.E.A.K.O.n.l.y._.T.i.p.2. . .T.E.X.T..... . . . . . . . .E.N.D. .P.A.R.T..... . . . .E.N.D. .P.O.L.I.C.Y.........E.N.D. .C.A.T.E.G.O.R.Y.........#.e.n.d.i.f.........#.i.f. .v.e.r.s.i.o.n. .<.=. .2.........;. .C.o.r.p.o.r.a.t.e. .S.e.t.t.i.n.g.s. .P.o.l.i.c.y. .T.e.m.p.l.a.t.e.....;.....;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.....C.L.A.S.S. .U.S.E.R. .;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.....;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;. . .........C.A.T.E.G.O.R.Y. .!.!.C.a.c.h.e.M.o.d.e.....K.E.Y.N.A.M.E. .".S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.

C:\b99fd08a604e45b5fc9f\inetcpl.cpl

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2020864
Entropy (8bit):	5.876328457399699
Encrypted:	false
SSDEEP:	24576:uv3TB7YhnKZ/j+h1qEfNhf8UDztKnQpR+h/iyE6Eh99:uv3TB7Yhnm/j+bdfNhf8YztP8h/iy0
MD5:	7CBCE6A53E6D9763425F12C314766B3D
SHA1:	463692EAC50A3C93F11BD8BEF5C3E76A8AF713E5
SHA-256:	82642239647ACA169E44DC608D0FFC1355C4885DFE9CB19F276639B611EFCE2A
SHA-512:	5F0464119605377873680D3C7317E14D5EAE331E4BA62D339A3A018DB9249C543B1888F204DB50DAA48F8D1B43614AC5A5FB3B1B40D8427D0CF93FC73BF35DED
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........o...o...o.......o...o.."m.......o.......o.......o.......o.......o.......o.......o.......o..Rich.o..........................PE..d......F.........." .........@.......2........PX.............................@......9U....@.........................................@...%...0........0.......................... k..p...................................................0...x...@....................text...e........................... ..`.data...............................@....pdata..............................@..@.rsrc........0......................@..@.reloc..J}.......~...X..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\inetcpl.cpl.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1265152
Entropy (8bit):	5.781473436870115
Encrypted:	false
SSDEEP:	12288:fTRBqEWSoN8I184Gg5gybK78UDDn9ltG3CmrUbd2I9+Qa4OmSTTiyX+pd167QhE4:vqEfNhf8UDztKnQpR+h/iyE6Eh99
MD5:	BC5AC523D345D6017B2C985116966C39
SHA1:	771CE3E741A87BD6E0FA0710D7CBFB6BE8C7F48D
SHA-256:	9C4F7EA9B2984E8ADB45AFC33B414F283449740770282B5E72B73DAC7AFBDF2F
SHA-512:	670E5BD943C1C629F6410186E4DEE8064BF0CE4196F57979B253D49F33D0AD302B6426E5F62AEF92DDBBA0B11A04FC1722A8EBE52C2290C35D93DC0FE51A06CC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........L...............................................`............@..............................................................J...........................................................................................................rsrc....J.......L..................@..@.................................................i..P.......h...............h...............................8.......................P...................z...h.................{.............................................................(.......@.......X.......p...............................................................0.......H.......`.......x....................................................... .......8.......P... ...h...!.......".......#.......$.......%.......&.......'.......(...(...)...@...*...X...+...p...

C:\b99fd08a604e45b5fc9f\inetres.adm

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	2402550
Entropy (8bit):	3.6476281556053136
Encrypted:	false
SSDEEP:	3072:cZEopaYyBkYsVlqtHy9GFVaSHhjFu2KsWEIoXHnOHi6KZEwWJJmppaYyBkYLVyqt:F6xmWY+
MD5:	0C308738379FFA5C150ADB8BE2ED088D
SHA1:	A728831D57986633214543FD34AFB47EF9AD5C14
SHA-256:	2306B6284797139AEE71D4BEA7B95D6912B5693AF87763D368067EFE16A28A51
SHA-512:	CADFA80BB04F72B52A21D7E830B479CB5763BCF72FE3948F318C21AC057D963C07C2F9E295C7508E224580508FF02288D3B1FC54FB53CEF946AFB782EF73EF09
Malicious:	false
Reputation:	low
Preview:	..#.i.f. .v.e.r.s.i.o.n. .<.=. .2.........C.L.A.S.S. .U.S.E.R.........C.A.T.E.G.O.R.Y. . .!.!.G.P.O.n.l.y.......P.O.L.I.C.Y. .!.!.G.P.O.n.l.y.P.o.l.i.c.y.........K.E.Y.N.A.M.E. .".S.o.f.t.w.a.r.e.\.P.o.l.i.c.i.e.s.".........P.A.R.T. .!.!.G.P.O.n.l.y._.T.i.p.1. . .T.E.X.T.........E.N.D. .P.A.R.T.........P.A.R.T. .!.!.G.P.O.n.l.y._.T.i.p.2. . .T.E.X.T.........E.N.D. .P.A.R.T.........P.A.R.T. .!.!.G.P.O.n.l.y._.T.i.p.3. . .T.E.X.T.........E.N.D. .P.A.R.T.........P.A.R.T. .!.!.G.P.O.n.l.y._.T.i.p.4. . .T.E.X.T.........E.N.D. .P.A.R.T.........P.A.R.T. .!.!.G.P.O.n.l.y._.T.i.p.5. . .T.E.X.T.........E.N.D. .P.A.R.T.......E.N.D. .P.O.L.I.C.Y.....E.N.D. .C.A.T.E.G.O.R.Y.........C.L.A.S.S. .M.A.C.H.I.N.E.........C.A.T.E.G.O.R.Y. . .!.!.G.P.O.n.l.y.......P.O.L.I.C.Y. .!.!.G.P.O.n.l.y.P.o.l.i.c.y.........K.E.Y.N.A.M.E. .".S.o.f.t.w.a.r.e.\.P.o.l.i.c.i.e.s.".........P.A.R.T. .!.!.G.P.O.n.l.y._.T.i.p.1. . .T.E.X.T.........E.N.D. .P.A.R.T.........P.A.R.T. .!.!.G.P.O.n.l.y._.T.i.p.2. . .T.E.X.T.......

C:\b99fd08a604e45b5fc9f\inetset.iem

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (404), with CRLF line terminators
Category:	dropped
Size (bytes):	37836
Entropy (8bit):	3.386526098331812
Encrypted:	false
SSDEEP:	384:C7BN04rlBAsM6nYH9e0WLtI14RvrmgyCI5:mN04rTZM6nYvWLtg4Rm5
MD5:	203D3B7CC9570A7CA1D0DDE756C71015
SHA1:	083701493945E8EC0A35E108BEACEA8F97617362
SHA-256:	9075E490125FFE7FD1A85DF04CA3D5E6E96BDDA650C98562FDCBDEAE4030448B
SHA-512:	8684AABFB81796AF4989E94F82A00CD83127B59B4884F34F520497737CFF93D188BC01DF8DEC0A84996C4624FF0D2D6484A71E6B9D4F0AE21DFF43C2FD562D78
Malicious:	false
Reputation:	low
Preview:	..;. .I.n.t.e.r.n.e.t. .S.e.t.t.i.n.g.s. .P.o.l.i.c.y. .T.e.m.p.l.a.t.e. .F.i.l.e.....;.....;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.....C.L.A.S.S. .U.S.E.R. .;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.....;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.;.....C.A.T.E.G.O.R.Y. .!.!.A.u.t.o.C.o.m.p.l.e.t.e.C.a.t.....K.E.Y.N.A.M.E. .".S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.\.M.a.i.n."..... . . . . . . . .P.O.L.I.C.Y. .!.!.A.u.t.o.C.o.m.p.l.e.t.e.P.o.l..... . . . . . . . . . . . . . . . .P.A.R.T. .!.!.A.u.t.o.C.o.m.p.l.e.t.e. .C.H.E.C.K.B.O.X..... . . . . . . . . . . . . . . . .K.E.Y.N.A.M.E. .".S.O.F.T.W.A.R.E.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.n.t.V.e.r.s.i.o.n.\.E.x.p.l.o.r.e.r.\.A.u.t.o.C.o.m.p.l.e.t.e."..... . . . . . . . . . . . . . . . .V.A.L.U.E.N.A.M.E. .".A.p.p.e.n.d. .C.o.m.p.l.e.t.i.o.n."..... . . . . . . . . . . . . . . . .V.A.L.U.E.O.N. .".y.e.s."..... . . . . . . . . . . . . . . . .V.A.L.U.E.O.F.F. .

C:\b99fd08a604e45b5fc9f\infobar.wav

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
Category:	dropped
Size (bytes):	20336
Entropy (8bit):	7.586952350152284
Encrypted:	false
SSDEEP:	384:EoO+RehCwPfnaodyQN0KqNc9JVydgX+VY66eE4se:EvaeTnnaodydKFVyKX93eD
MD5:	67E506DD93AF0324F458A53568E676E2
SHA1:	33AC7879A960300CC8D63ED42EDB77A12D3C8104
SHA-256:	B4DFBDFD8D6A102123A7966DA358781BD32BB6D78E833514705CB7DE76EFA410
SHA-512:	CE62E808F38845A2691746EA6D45585F17DD1758CE3CFCDA69F076E5F4BA2725ECC897C85903EB2E4E629DDDC4600AA2D6334A60494C062A9CBDA09C9D1C8E0F
Malicious:	false
Reputation:	low
Preview:	RIFFhO..WAVEbextZ...popup blocker 410i..............................................................................................................................................................................................................................................Pro Tools.......................kRY4eSa6iP9C....................2004-04-3014:27:12.,.2....................................................................................................................................................................................................................................................................fmt ........D...........minf....................elmoR...C.....&.&......... . .....................k.k...........2.3.....................F.F.o.o.........N.N.............%.%...............0.0.........i.h.........T.T.....}.\|.0./.............5.6.A.A.k.k...........5.5.w.w.........N.N.....*.+.D.D.....-.,.6.6.F.F............r.s........+.+.....N.N.V.V.a.b.....................

C:\b99fd08a604e45b5fc9f\inseng.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	122368
Entropy (8bit):	5.8821625235713055
Encrypted:	false
SSDEEP:	1536:vkSahBb4py+QJHzL29DUyQO6cqrR9ACc/tv/o378h6mYnc7vL:cXbH/t2GyQO6cqrRWP/o378kmuc7v
MD5:	8BE88189D7E0A924DFD4D5EEF337A29C
SHA1:	42CDEB24628DF8C5767EC2583CF2A55B17DE8965
SHA-256:	B3CCEB1573DC446797CE1A7A1CFE59528225D3D11BE9E762F9DD06181A037B7C
SHA-512:	0DB5206DBA9736FD3A44A9E573F0E77727280B823F541932102B939406FCC84B3DFBB9CFF1D79EFE5E42C5A425938C1FC76D293249B4ED34222871B6C063E77E
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C^K.-.K.-.K.-.l.P.J.-.l.C.D.-.K.,...-.l.V.^.-.l.@.v.-.l.W.J.-.l._.P.-.l.S.J.-.l.Q.J.-.l.U.J.-.RichK.-.........PE..d......F.........." .........N......t..........a.............................0............@.........................................@...-.................................... .......................................................................................text...m........................... ..`.data..../..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..N.... ......................@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\inseng.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3072
Entropy (8bit):	2.951173455317479
Encrypted:	false
SSDEEP:	48:KN5/C+rIZW9XmycGys/GvvIgwikEwWnyYhrztx3GcH:cbEWugmvOTEwShrztx
MD5:	A0F06C0E8A014949CE4F8E24ED24969F
SHA1:	EED7311087D160861F6DDDD772B8567D4A1C3187
SHA-256:	5D7E028CC5C3E803B20ACA82643A8CDE0CAA8FBB5D91829F0B6EFC116A0D61D3
SHA-512:	131BF5F2126DED959DB9A3A94B04973A809AB0F46CFAF65F31D52D2B295639BCF01D7AA9C0E932E63620F92E70CE5C22BFE41C5C3BEDB10D83307503E5A9DC1A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... ...........@.............................................................P............................................................................................................rsrc...P...........................@..@....................................................(.......@.......`.......................x...................?.......@...................................................................................................................................................j...........8...h........... .................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.

C:\b99fd08a604e45b5fc9f\install.ins

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	448
Entropy (8bit):	3.75620753408587
Encrypted:	false
SSDEEP:	12:Q+uMDqM0NXIuZSOZuDol0SKZHjYkZI4Y+TqYBb1v:Q+92IuYOsDoSSKJjY/d+tV
MD5:	41A95755196AD0127EB304B5985B271E
SHA1:	22C5AF8F63393DB349AE88A8C4DBA255C01B62D3
SHA-256:	663C7121D3B7D3E7C7CA946E157DD78105C8EDC280AC7FD518E9544E10418A9C
SHA-512:	FB99B89BBDCFC6A79F0863A7B6451396B8E663E87D8D3D15585E4659A38ACA13DF307D8CED7312B141FD7E88637203421332E89A94472068BBE0E29E039EEC09
Malicious:	false
Reputation:	low
Preview:	..[.B.r.a.n.d.i.n.g.].....C.o.m.p.a.n.y.N.a.m.e.=.M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n.....W.i.z.a.r.d._.V.e.r.s.i.o.n.=.7...0.0...5.7.3.0...1.3.....V.e.r.s.i.o.n.=.7.,.0.0.,.5.7.3.0.,.1.3.....C.u.s.t.o.m._.K.e.y.=.M.I.C.R.O.S.O.....G.l.o.b.a.l.=.1.....I.E.4. .W.e.l.c.o.m.e. .M.s.g.=.1.....P.l.a.t.f.o.r.m.=.2.....G.U.I.D.=.{.7.2.1.1.F.F.E.6.-.C.1.4.9.-.1.1.D.0.-.A.F.F.0.-.0.0.A.A.0.0.3.7.5.8.B.B.}.....T.y.p.e.=.0.....N.o.C.l.e.a.r.=.1.....

C:\b99fd08a604e45b5fc9f\jscript.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	626688
Entropy (8bit):	6.2223928930529935
Encrypted:	false
SSDEEP:	6144:PMDcV5GNLGuHalpJSc/FgOwQAt7WwpOuJqgoELwcz5tPKPRn5Vmz:PEceLGuHakcOOwztpygoczC6
MD5:	7E8D82228B73522B4B46C45D53AAEA86
SHA1:	1424A9CFE08AEAC5F59F01609F376FA3733846E4
SHA-256:	85D445560128295D59834A4DD677BAC06EDEC14ABCB4C1DFC1755CC914D748D0
SHA-512:	468AFFAE360DABD889E25156C9DD822B4650E2C0093679AB6B1E71F0AA1B3BD17A39031EF15FE8852FA93B45EE6E5BE45822F1431E750AA1006EF731992C9F58
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../'].NI..NI..NI..4..NI..'..NI..NH.4NI..2..NI..$..NI..3..NI..?..NI..7..NI..5..NI..1..NI.Rich.NI.................PE..d......F.........." .....,...f......P.........8c..........................................@.........................................x6..........x........\|......@n......................8............................................................................text....*.......,.................. ..`.data...8]...@...X...0..............@....pdata..@n.......p..................@..@.rsrc....\|.......~..................@..@.reloc...............v..............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\jsproxy.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.853827081527525
Encrypted:	false
SSDEEP:	768:fm7p2iRwGjObsERWrf4TkkOw/d+/SZ/49Hv:Gp26vObarf4T1Of8/S
MD5:	D0121A667F9C9E3F7B3B0EC0B3484422
SHA1:	B6A12BFC03A1E9B7C0D440AB344814160CB6251B
SHA-256:	5AEFAD9DEA2C3B136CB0F9E5750740B044B660335158909FD16E606F5D43E8C2
SHA-512:	50056E3D252039B3AAE81DB2B36962056BB335A6EEC444DE3AE2F1ED23B1CEA9FEEF1F23629F99D202621A3D4C8659AD2B649BC238D41AECA0423082E1435840
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^?l..^...^...^..=....^...^..m^..=.y..^..=.l..^..=.o.Z^..=.x..^..=.p..^..=.\|..^..=.~..^..=.z..^..Rich.^..................PE..d...L..F.........." .....j...........b..............................................T.....@.........................................`x......(r..................................l............................................................p..`....................text..._i.......j.................. ..`.data...`............n..............@....pdata...............t..............@..@.rsrc................x..............@..@.reloc...............\|..............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\licmgr10.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	5.100603782732547
Encrypted:	false
SSDEEP:	768:r1ryQ70+TU9fSK0O0yTDiaKP+cLVvTUDkbnQKLPvr1pLlBb4zDBY2xjM:Wg9VIDszTdp+DTY
MD5:	2B9CFAF31D720BE59702B6245B2878B1
SHA1:	CDD8E9F2305BD7E08743D3FDCDC56BD4A497D181
SHA-256:	C15A0BE1E8FA9BD16A95C0D7C4D020E043BC61B5CED2FB3D5D72BE69C51EE5F9
SHA-512:	2E02F877B831258EFAE429234FF8B79439C4D5024584F9767E92153DF004B29466A562886EB69AAF30465D4D8FF869CB8FDE40051325ACB176FA4146F8C0455B
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X...........;N.....;N...........;N.....;N..\..;N.....;N.....;N.....;N.....;N.....Rich...................PE..d......F.........." ..........................@...........................................@.............................................................@........................... ................................................................................text............................... ..`.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\licmgr10.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	3.0689817660830854
Encrypted:	false
SSDEEP:	48:K5szXq+2IZWNH/Onmg6s/GvvIgwtoka/vGoNMvQM4yoAE:SVEWt2F1mvOmkaX4vQMgA
MD5:	927D76F50D6C1401A0940DF880155450
SHA1:	0AA25577A3D801E56D4EFED7D2819573DF47BC44
SHA-256:	8AAC0405A23D484BDA9F93B785A0ED32CD62C2844D4E78D6DABDF23AC55151F5
SHA-512:	96D51A6BC5BB821E9DDC1CB4B0CAF5C315EC3FF6D1EBEBC621ED4E5AC78D6DD2BA0E6F0C2BB034E84A324204EC90F0C0A945742825DB4D0ECA2182E63F6ED101
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... .......'....@..........................................................................................................................................................................rsrc...............................@..@....................................................(.......@.......X.......................p...............................................................................................................................................&.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?...........................0.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\msfeeds.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	553472
Entropy (8bit):	6.1698345419021745
Encrypted:	false
SSDEEP:	6144:jcslZd4WxpqnE5keYA6bqs7iH0yBZzdqyBmdZJrXqm+7uF/cppeGGpe5Vyak6xBm:AhSTYnOs9yBZEyBmRXq8P
MD5:	D03E1EF4C6E1FC65CDDF25315ECC75D1
SHA1:	800EEDC7F2515FC513312B55C528CCF2465040D6
SHA-256:	CA5A9CEF1506A28B90A4F93BF9384D476F074DF561D44F60241413BCEDD22EF8
SHA-512:	56CE7B8C36D9C3AE3E1F38F6731CD58988102D24C8568EECFA8A8418E13B7EB5F3257F1FDCB126797EC69AAF79C3E95A89CEAE16C584755DFA7A75BEDB6B5FCB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8..Y..Y..Y....Y..Y..X....Y....Y.....Y....Y....Y....Y....Y....Y..Rich.Y..........PE..d...5..F.........." .........H................@.....................................@$....@.........................................@=..j...(-.................../...........p...............................................................%.......................text....-.......................... ..`.data...`f...@...`...2..............@....pdata.../.......0..................@..@.rsrc...............................@..@.reloc..T!...p..."...P..............@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\msfeeds.mof

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1876
Entropy (8bit):	4.641917839541284
Encrypted:	false
SSDEEP:	24:ttxbGTXLiJH23AIm1rWOJpOpOi2D7Pj1rWpuV59JXpGsv1EXpGsv1EeKHWz:NQ+JH23Aom623LopErXIsNWIsNl
MD5:	1EB11EA4CE1AC7E2AE3430D1C4C9E6E6
SHA1:	6AC0EF061FA82DC47A65EFB69302407A6D445C2E
SHA-256:	59DCF7E5AF5B4DEA6913E8CEE0824398AC9F99E64C41B977AB4FA2404ABB3E73
SHA-512:	184BA417FFA4479489A7F890F309CD6162C4057A6154827438807AF4ECA911E6EF4287D2DAA716BCBA3B471B557DED5FE5E0F1393E16D5C93F5535D131747B72
Malicious:	false
Reputation:	low
Preview:	#pragma classflags("forceupdate")..#pragma namespace("\\\\.\\root\\WMI")..//..// WPP Generated File..// PDB: s:\ntc.obj.x86fre\inetcore\rss\msfeeds\objfre\i386\msfeeds.pdb..// PDB: Last Updated :2006-6-8:7:26:37:125 (UTC) [binplace]..//....//ModuleName = ShellPerfTraceProvider. (Init called in Function DllMain)..[Dynamic,.. Description("RSS Platform Perf Trace"),.. guid("{2b240425-3141-43ee-931f-ec9f997c7d7e}"),.. locale("MS\\0x409")]..class RSSPlatformPerformanceTraceProvider : EventTrace..{.. [Description ("Enable Flags"),.. ValueDescriptions{.. "Perf Flag"},.. DefineValues{.. "Perf"},.. Values{.. "Perf"},.. ValueMap{.. "0x00000001"}.. ].. uint32 Flags;..};....//ModuleName = ShellTraceProvider. (Init called in Function DllMain)..[Dynamic,.. Description("RSS Platform Trace"),.. guid("{8c50fa6e-394e-4b47-b6d1-a880a5f225a2}"),.. locale("MS\\0x409")]..class RSSPlatformTraceProvider : EventTrace..{..

C:\b99fd08a604e45b5fc9f\msfeedsbs.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	74240
Entropy (8bit):	5.224934696306096
Encrypted:	false
SSDEEP:	1536:plPYEEPUn/MTQPsMTCIlSp8cuifqZ6K8:plPYEMTQPjTCIlSGzi06K8
MD5:	AD91C4F3A6085A47A8CD7F22AB02843C
SHA1:	7F9AA104F9EFFB6AB4A02BC17DCA7B9BEE0D6773
SHA-256:	E3E7B1744A985CC19433D5DE976E6997E1C666EBC0BAF8646674EF1B8C4FB7B8
SHA-512:	2282F8FAC70832FFF8D7943F7485E500F61ABAA5F22C0F0DF70839F76B8FF534923AA6E3C313D20B55DA6AFBB47D0D3F0DB8583EC7ED145425C48FA62D394B44
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................~..........~....~....~....~....~....~....~....~....Rich............................PE..d...*..F.........." .........(................@..............................`.......>....@.............................................l...X........@..8....0..\|............P..............................................................x........................text...,........................... ..`.data...............................@....pdata..\|....0......................@..@.rsrc...8....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\msfeedsbs.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2048
Entropy (8bit):	3.178951631916681
Encrypted:	false
SSDEEP:	48:KRwswet+yLIZWyXHHCZmt1E/GvvIgwcQOYI:FuLEWcHR6mvOc
MD5:	270A8B2EF6371E6F9A5080AA1260F70B
SHA1:	56FB0EC49930B55BDB56BD4EF16658E94E0DB584
SHA-256:	CF2A689FF1206E8BD91AF80ACB5784E1C0FADDAA771119629E68C12D91841714
SHA-512:	14ECAC6E1F56E1F0049D8EBEA073984D91811235C96E5400D3656E8291B3BED0F13266DB43DA4A3AFEE311B73AC4492A4E4A0DF8B44D7B5AAF2E70C57FA386BB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d...&..F.........." ......................................................... .......s....@..........................................................................................................................................................................rsrc...............................@..@....................................................(.......@.......X.......................p...................?....................................................................................................... ...................b.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?...........................(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...h. ...F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\msfeedsbs.mof

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1938
Entropy (8bit):	4.694784484557076
Encrypted:	false
SSDEEP:	24:ttxbaTX9JH2A8nuy1rWOJpOpOi2UkZ0y1rWpuV59JXpGsv1EXpGsv1EeKHWz:NENJH2Yyom62BnopErXIsNWIsNl
MD5:	54AD145933572206A50A33621F1CB890
SHA1:	E6E9AA7AFF58CFABFB854B9F77A80E31C834121F
SHA-256:	9182162A0E0D6950C5E4CA7CEE59F66D3F6630C3A20C9C5348DA6F953BA042B2
SHA-512:	DA66B39F38AD7D7FE346FC6E095B06CE603C0D7FA57F1AADB503AC4CD0CD43D707F08DE08B2A47FD09B1EB4D496924EC9B062DA8AD29BABAEC998F968DA82DDA
Malicious:	false
Reputation:	low
Preview:	#pragma classflags("forceupdate")..#pragma namespace("\\\\.\\root\\WMI")..//..// WPP Generated File..// PDB: s:\ntc.obj.x86fre\inetcore\rss\msfeedsbs\objfre\i386\msfeedsbs.pdb..// PDB: Last Updated :2006-6-8:7:26:34:110 (UTC) [binplace]..//....//ModuleName = ShellPerfTraceProvider. (Init called in Function DllMain)..[Dynamic,.. Description("RSS Platform Backgroundsync Perf Trace"),.. guid("{ca1cf55c-9e49-4ad3-8038-39cb6f66af11}"),.. locale("MS\\0x409")]..class RSSPlatformBackgroundsyncPerformanceTraceProvider : EventTrace..{.. [Description ("Enable Flags"),.. ValueDescriptions{.. "Perf Flag"},.. DefineValues{.. "Perf"},.. Values{.. "Perf"},.. ValueMap{.. "0x00000001"}.. ].. uint32 Flags;..};....//ModuleName = ShellTraceProvider. (Init called in Function DllMain)..[Dynamic,.. Description("RSS Platform Backgroundsync Trace"),.. guid("{f59d1d86-cc03-4736-bc9c-4c7936871b3d}"),.. locale("MS\\0x409")]..cla

C:\b99fd08a604e45b5fc9f\msfeedssync.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.09744795680404
Encrypted:	false
SSDEEP:	192:BH2VCSQGaF2YucNT8LPdIV2FN5E3bmnzIb/QWcsx:cYGfYucNTzSE3HsWcsx
MD5:	974C573DDFDB208E5A76B88B0093D11C
SHA1:	DD46D263B5F98414C3A7317724452CCB55781090
SHA-256:	90BF148FFFBBD7864AC46850807796E89ED3B56ACF9D27CD08A1722BCF4ABAD0
SHA-512:	69B807D7ACDF31843D119A3AADD50BA83E1773EBB2AFDDC0F84DB2212E9A28E9F8431531478982BD3DCDF12A433B305A8EE284F50E9E2ADCDCB51B6071C11EB5
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.@bo..1o..1o..1H6S1n..1H6@1`..1H6U1h..1o./1...1H6C1/..1H6\1l..1H6P1n..1H6R1n..1H6V1n..1Richo..1................PE..d......F..........".................P........................................p............@.......... ......................................0%..P....P.......@...............`......p...................................................@............................text...f........................... ..`.data........0......................@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..X....`.......*..............@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\mshta.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	41984
Entropy (8bit):	5.57260225555804
Encrypted:	false
SSDEEP:	768:0K6OjASkL1SRz52xLbwTcsbh3lnit3xnYu/SC/OdY0:VZAtkzAxM5tit3RYfrq0
MD5:	794DA0887F50D4858AEF494EDF7C6781
SHA1:	E23034AB3ACF651D56D84649D58CB650FEED1578
SHA-256:	392021B789482E205CB10E132D1F90880CE7C20BABA14AEC45FE9F90B8219C4F
SHA-512:	298625E4F33FD3B8AB956FDEF01B3A157FBAF8F1968A93AA9CE97F26C78060A534688FB21C22C6005B6129B3559CB9570297BBF3C0F852C116369433DED01D22
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+pt+o..xo..xo..xH.gxh..xH.txu..xH.axj..xo..x>..xH.wx-..xH.hxm..xH.fxn..xH.bxn..xRicho..x........................PE..d......F.........."......r...>......<*............................................... ....@..................................................z..<...................................`................................................................................text...:q.......r.................. ..`.data...."...........v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..F...........................@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\mshta.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2048
Entropy (8bit):	3.0983355697155517
Encrypted:	false
SSDEEP:	24:e9GS7IfFw+sECgb+KiIZW07H+BYNn7ecyq23FdGvEMIYPN/VLari:KEw+sX6+7IZWIH+BmwqE/GvvIgz
MD5:	73FC43B09C10608846EB4C3BE9FD5C0D
SHA1:	909D85F14C659CAE2E9ED47223F7C996DA60021F
SHA-256:	CBF2DCD9BF46A5885B30F3069FE1DA48AD58BFBE5B9D8DB44CD0DEA93CE727AC
SHA-512:	282B41C4EAC02DFEE04E981A0872F821882D88395238FF4EA477C9AD7940A4F94D04A60519E30A2D94236ED528AA76917C11B63B419FCD5E5EC7C1EAC65370DE
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... ...........@..........................................................................................................................................................................rsrc...............................@..@....................................................(.......@.......X.......................p...............................................................................................................................................@.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...p.$...F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\mshtml.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5533184
Entropy (8bit):	6.299670955446463
Encrypted:	false
SSDEEP:	49152:S6o3Tk4mDGjQvsKCn/gc2WxG4KkntBCNa888DsITdNCeqZ40Vggh/gGDxoeikcfL:SHjKwwkCGPC4OsIWDDh/EkOjC9T6i
MD5:	29BBD6C761DC79FB78B01F383E68FE9C
SHA1:	AE67A16851E701332EC37C7C1982F576D0128F09
SHA-256:	C03989368A865F6DF334BCB8ECE564927F4E467CABC434C9C39BE85931AC76FA
SHA-512:	FABBEBF0C096B10718794AFE8AFEA5363C762D578D13DEC920969240A6C3F04CC39D0A9D771D4DD68C5CF9217B9E5A6C0E05D8CBCB0562755E820DBE51762AE3
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.q....G...G...G)2bG...G...G+..G)2dG...G)2qG...G)2rGg..G)2eG...G)2aG...G)2mGC..G)2cG...G)2gG...GRich...G........................PE..d...a..F.........." ......I.........P.........Xc..............................T.......T...@..........................................I...... ^F.......O.`....0K...............S..c....F.8............................................... ....GF......................text.....I.......I................. ..`.data.........J.......I.............@....pdata.......0K.......J.............@..@.rsrc...`.....O......zO.............@..@.reloc...c....S..d....S.............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\mshtml.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	226816
Entropy (8bit):	7.1215371613309815
Encrypted:	false
SSDEEP:	3072:4x4PX3upd1qnAEzYds7E7/dThEgjJoviq+iLSknHhUcBZLY/9LUG8:MsX+pd1bEz2s7ETRhEgjJ17CB1U
MD5:	F90E7603045E2724AFE2F60A112794CF
SHA1:	BFD2A68F1866B45ACACD32949C911BB37EBE24D9
SHA-256:	9D0E7C6C5EE9B006B9B6967C1A8267059B82A7F117A281D4E639A53D36B3116F
SHA-512:	C1E9D8E31E92720C59B04D56C86AD434D301628E54E0DCBF2E164C77A266B7AA688FF6AE453D6807820A3D44FB264D5531596EC1C15893060113C5D06EB3EBF7
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........t............................................................@..............................................................s...........................................................................................................rsrc....s.......t..................@..@................................................^...H.......`...............................................................................................................(.......@.......X.......p.........................=.....................................................0.......H.......`.......x....................................................... .......8.......P.......h................................... .......!.......".......#...(...$...@...%...X...&...p...'.......(.......).......*.......+.......,.......

C:\b99fd08a604e45b5fc9f\mshtml.tlb

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1383424
Entropy (8bit):	4.325029241892858
Encrypted:	false
SSDEEP:	6144:3FwbyeCv5rzSbotcV/BVp7pgZHxfoyUQK0FX1dpgOx+geMfHen1:cotcZBVIXM
MD5:	C6AC3333A4896A7F631E7F9293F2BA26
SHA1:	21FAF64D47E8FEB7E9B2B31868571AD82B158B32
SHA-256:	D1607E423DE09DC35663E684D80D5C328F6E0EB4F73317548FD9E8DBA3B090A2
SHA-512:	B4B8BEF129B577F7F8725E0231FDFACF979446340715DE7F25109DA54232B5233C3CAA845B6EF2CC9E8DB6E2CB255EE96360544054BE4C32D0ECAADD02665477
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ..........................@..............................0......52....@..........................................................................................................................................................................rsrc...............................@..@.................................................... .......8.......................P.......................h...................................................@...d.............................T.Y.P.E.L.I.B...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...\.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....M.i.c.r.o.s.o.f.t... .M.S.H.T.M.L. .T.y.p.e.

C:\b99fd08a604e45b5fc9f\mshtmled.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	753152
Entropy (8bit):	5.9836199484296575
Encrypted:	false
SSDEEP:	12288:Kl4J1qeYbkUZC7+E9wKmw9tmWol+nAM11G4Z7SnlIRgYgYok+Zrjr:KO1HYbRZCiE2KvowAC1G4Z7ylISk2
MD5:	DA0143D71014376BE71948EB03700162
SHA1:	62ED7413F8133923E25FFCE2F2D04A709976CB73
SHA-256:	F206EB7CF7166D908FF1AD86777B7ACB49FB97CB3118C88E4C9F56AD65EEABA1
SHA-512:	2E709731271407A5C2320B4C197D35E4DB822859A0870983E6B39F1A1612A6780D8BC70EDEAE47F23C2928B73010026F5AD948A406EE6B6227E02554F6AC09EF
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c.......................~.....................................................................Rich............................PE..d......F.........." ..........................@......................................`....@.................................................t7...........!...........................M..8...................................................06..`....................text............................... ..`.data...4...........................@....pdata..............................@..@.rsrc....!......."...H..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\mshtmled.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3072
Entropy (8bit):	2.9199428225389137
Encrypted:	false
SSDEEP:	48:KzeB++98IZWyHrGBmnJs/GvvIgwb25mMB9:96EWaL2mvOb25mM
MD5:	48463DEF996EA4A94FE04A09863DB8E7
SHA1:	F9E1E9452476287D712388BFFDCF24715188D901
SHA-256:	BB8E7319EEC7B056ED761FC064D2D89241B4539E5B17737BA2617CE53B34BFB7
SHA-512:	93C9490C9C278F723F62BE3BE2E6D6FF449EB1B75FAC8E6688D79401E56F7E315089EA796E7065EA2821EEB1F34CEC5200843630710DAE2B2FAA834F6D2F394D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ......................................................... ...........@..........................................................................................................................................................................rsrc...............................@..@................................................H...(.......@.......h...........................................?.......@.......A...........................................................................................................................(.......................8...`...............(...................................n...........P.................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?...........................4.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...

C:\b99fd08a604e45b5fc9f\mshtmler.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	48128
Entropy (8bit):	3.642833731213571
Encrypted:	false
SSDEEP:	768:7AG06vICsIPaFr/tsbdaz1wguEwyTCAeY+VhLQpYJfvyYXQjTKMFDk:8G06vICsIPaFr/tsbdapwguEwyTCAeYc
MD5:	25D3C3750CCD742DBB92B26EF6156386
SHA1:	F24A3D977F9F8B7368CC01616CDFB2908F50BE89
SHA-256:	20951EB263460A6C08D42AB80B8D2FF771BD814468AB223E1740809C9B99D212
SHA-512:	9CDD5242379134ACAA22C411E0233B27E373C9976208BCEB3D23E044368591EA6DF853DA8A50C4DDC6E6CFF61B66E46993BB36D880EACC0E4E465592CCAEE2B7
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ..........................@......................................D....@.............................................................8............................................................................................................rsrc...8...........................@..@....................................................(.......@.......X...................................................................x...........................................................................(.......................8.......................H.......................X.......................h...h...............................................h...z%...........<...a.............t*............D.I.A.L.O.G.S._.E.R.R...J.S...E.D.L.I.N.K...J.S...F.O.R.C.H.A.R...J.S...I.N.S.I.M.A.G.E...J.S...M.U.I...4...V.

C:\b99fd08a604e45b5fc9f\mshtmler.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	47616
Entropy (8bit):	4.348460353294266
Encrypted:	false
SSDEEP:	768:SMMAOexswoU9gUQavrk1AeLi5uOq3UPtUxUTcZKoUFRRwdC6SksUvL+UBBZUFOUR:SMbOexeavQ1Aci5uO1tlgaRWg6/PYPR6
MD5:	533F994317A81F5B6658B6170CB49244
SHA1:	40B263D682C0DD824BDD35D41843976A7B9EB90A
SHA-256:	2D2F896A57CDD899F55455D89A8AC5B89E87527722E3F9833BD3C4A91238CF9F
SHA-512:	BA7F7ABCC6DB374F0E278D1EA604664CF41470208337007251AF21CC580A150339DEABE9A94746575DA0C20663D4D128EE23DF410E166849F11EB09740AB402D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ................................................................[N....@.............................................................P............................................................................................................rsrc...P...........................@..@................................................v...0.......H.......................................0.......................H...?...`...@...x...A.......~.......................................................`................... ...@...8.......P...P...h..."...............................8...........................(.......@...p...X.......................p...................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\msls31.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	217600
Entropy (8bit):	6.264516089864884
Encrypted:	false
SSDEEP:	3072:bf7Ml+3O9OX+tEL0w43CFfaWwKr4YKz0EZ+ZOKWf99Vjl+RasD3t88qn:El+3O9slBwK8wEZHjmas
MD5:	021CFC7EBC949233A1205D8DB4AE4645
SHA1:	4FE2F4C863DF8DDD4207E7B77BA94402D442DEFE
SHA-256:	F887093424C15206A4A1BA3B116BEAC0CC62AAC427AF86653554F9A754AD1112
SHA-512:	BF4EC057DE5534BF34E51EC4069E386B794891618D7F44855398E4EF37AA51B4E84B7E1D31EF4DAF990BD5D08B554430C24AC139F513F8B29BAECF7A203CFBD2
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>.._.._.._....._....._.._..._....._....._....._....._....._....._....._..Rich._..........................PE..d......F.........." .....&...........J........@......................................S....@.............................................Z.......<....p.......P..\|...............\...,...8............................................................................text...p$.......&.................. ..`.data........@.......*..............@....pdata..\|....P.......,..............@..@.rsrc........p.......J..............@..@.reloc..\............P..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\msrating.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	240128
Entropy (8bit):	5.9028529769235565
Encrypted:	false
SSDEEP:	3072:AQmbb851096GPt+y9/1ePA3g8MyrZ7hIn3SeYJdACEcSqUuUyTD9QTU9X0lf8d8t:0M5GIGPAy9w8Mfn3QAw0lXHv/
MD5:	933D29D6FF41B20DD1A7307D3EA562D3
SHA1:	CBB7893DB44C1AA30C7B82D2DE82053044E43B6D
SHA-256:	82CDC077859F886ED6A0435E244654A8E7D617F9D4587002A09E5AB6DE4D4155
SHA-512:	67B3ABE1DC54C99FAB0B715329CB81571179EB01E743F58C73B568DD6E1468A53EF267413B0DD999B347540FF7D2BACE41C6FC754FF7922C5575A488AC451B55
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sSD.72.72.72...W.52.72+..2...Q.&2...D.&2...G..2...P.62...X..2...T.62...V.62...R.62.Rich72.........................PE..d......F.........." .................&........@c..........................................@.........................................0)..f...(........0.............................,...8............................................................................text...x........................... ..`.data....'..........................@....pdata..............................@..@.rsrc.......0......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\msrating.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	4.212712544875244
Encrypted:	false
SSDEEP:	768:XVp4pZxONkpxgIqq1omNUkDUCSQq0A5nBkEitaq9O:Xz4dONk8Iqqq8U2bq55caq
MD5:	959AD321E9D01B6F9EB42837276FB978
SHA1:	D1BC4C9BEA2569B88290FFFAB541D932A118235F
SHA-256:	6F2BC0702F6FD3C4330A50CD72A116C73D6CB835079D22FF7613367FF1CF96E3
SHA-512:	D2C915379A15839066FE29150D2046E80C02A3FDD85FCCC29258C3C6EFEB3923E819D77FC3D2A9D26B0DCECEB77320FDC8F1C7D3883C3D408153F716EBE0B3A4
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........>...............................................P......V.....@..............................................................=...........................................................................................................rsrc....=.......>..................@..@................................................h...H.......`...............................x...................................................R.......S...0.......................H.......`.......x....................................................... .......8.......P.......h...............................................................(.......@.......X.......p...................................................................o.......q...0...v...H...\|...`.......x...........................................U.......

C:\b99fd08a604e45b5fc9f\mstime.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1129472
Entropy (8bit):	5.905555861435205
Encrypted:	false
SSDEEP:	12288:41GkXsH33ZwGMpPKpCR6JRlSLVoqFcrFILMp3FXOyERyyYCQN0+ijF:aG7Zwdpqc6JSLVpkCMp30yERyyYbm9
MD5:	43EA9C63DBED21B5E3A89C21C31870F5
SHA1:	CD01D34E002D042B25331F5100E393CCD5016C44
SHA-256:	556104289FF132DF5550106B1FC542D6B63087F7959442BEBDDE9A7AD9FBF5D4
SHA-512:	EBB10D63BD9E1AD7B3E905D75CCAAA036005E92B2FFA587611806B2A4296E98F54EB8638BA717941A188757D06687FA16381817EFF649A8C33BB5FA8B0CE9A3A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._..._..._...x]..]...x]..P..._......x]..F...x]......x]..^...x]..^...x]..&...x]..^...x]..^...Rich_...........PE..d......F.........." .........(................@......................................5....@.........................................`%......x...................0............0...?......................................................H............................text...!........................... ..`.orpc........0...................... ..`.data...hA...@...8..................@....pdata..0............V..............@..@.rsrc................V..............@..@.reloc...R...0...T..................@..B................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\navstart.wav

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz
Category:	dropped
Size (bytes):	2202
Entropy (8bit):	6.075191186958543
Encrypted:	false
SSDEEP:	48:ARpELWyEzKlWEIyhQaezdOHdi1Faifra+J8uzx6S06cqbRVcFY:ARqdEzKE2qMHd0frMtxxq9iFY
MD5:	C2E5A28D15ADA7BBFF5F039C4C55DEA3
SHA1:	FB33FD00711440B9D0F3B3D526A753ED75640797
SHA-256:	D5712A8963EB3E1E181B25649ECFF3080EDE89C96350EB07E7D7CAD429E959EA
SHA-512:	FC71704CE1693E368D14D2E26BC7DFD6A6D8A190F26B0D555F534379BD6C3AC8F61ECA3C5236ACBC348FA5BE249E7A9CA8C88270725BC17DF10F2C5D8AF6AB5F
Malicious:	false
Reputation:	low
Preview:	RIFF....WAVEfmt ........"V..D.......datan.........%.......S...p...i.^...q.a.f.9.....d.....l.........".l.C...<.........l.......H.b.......F.......!...:.....N.........G...)...}...........8.[.......L.3...y.5...F...t.............1.j.L.G.....v.....$...=.........p.-.@.....W.=...............w...............M.4.(.....$...).....S.............G...g...!.....S.!.>.(...%.....+.j.F...........9.Q...o.........H.B.....-.........E.............N.B...a...W.....c.....=.....@.W.........x...b.....q...m.......:.].....V...:.u.........u.)...B...)...l.....I.....@...:...H.......7............._...b.}...Z.........v.......(...:.~.z...........I.G.$.......Z.D.M.V.................J.d./.*.....................................6.C.T.......c.A.0.....................................P.].y.Y.B.P.R.W.Q.U.b.n.c.G...................................................................2."...............Z.....E...q.L. .....Q.............F.....q..... .........\|.......l...#.............E.........M.........:.G...i.....s.j.............?.....

C:\b99fd08a604e45b5fc9f\occache.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	147968
Entropy (8bit):	6.016663519487043
Encrypted:	false
SSDEEP:	3072:fXbXP8AU/30YENSxOKb1Qbu0NyvjnZrxQmEG6WqyOP:frXro3wNSxO2Q9Ny8mT6
MD5:	1D09C7F9D0AE2F9971BBF4EE965144AE
SHA1:	253701EDA17B71C29B7593B1709D1DC00091BBE7
SHA-256:	A7CC80790430B185286613DC5B88D3EFD5D2527A3BC89BBE5F1D3E444D0EA91E
SHA-512:	996E61FD5ABD981963C5CD54D6E4168A30BD5CA276BE72362824D3A109747C62B68FCCBE83BE7AB60B8B277A80C1C00EACB0A4897A3A75407349DCA2E9CB63D3
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\9.?.X.l.X.l.X.l?..l.X.l.X.l.Y.l?..l.X.l?..l=X.l?..l[X.l?..l.X.l?..l=X.l?..l.X.l?..l.X.l?..l.X.lRich.X.l........................PE..d......F.........." ................ .........xc.............................p......B.....@.............................................8................F...................`..............................................................`........................text............................... ..`.data...X...........................@....pdata..............................@..@.rsrc....F.......H..................@..@.reloc..H....`.......4..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\occache.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	24064
Entropy (8bit):	4.40409641885336
Encrypted:	false
SSDEEP:	384:9nPbKDDKD2K23ReEKDzHWqLSbWKILliabhn:99HWqeIR
MD5:	0E16D36D0B3F2F2AEB79E22396F0EB34
SHA1:	C5BC5CAC7FC29E5A6DC8F5CEF68E0315B6AA3C69
SHA-256:	A3F94BB11F11438A95792263E4C4D9D3F70566847D8DB8790087EE6A22071D16
SHA-512:	026C01E862130246BBA0D86BACF9A392A06DEE3E448100EC5AAB089A6713854C54F641901033448425C824DF06E34A58253B4682E294621FBB173B3E2648C80B
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........\...............................................p......W.....@.............................................................(Z...........................................................................................................rsrc...(Z.......\..................@..@....................................................H.......`.......................@.......................................................................................(.......@.......X.......p...........................................................g.......h.......i...0.......H.......`...................e...x...f.......j.......l........P.......................................... .......8...C...P...D...h...................d.......e.......n.......o...............................................................

C:\b99fd08a604e45b5fc9f\occache.ini

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Windows desktop.ini
Category:	dropped
Size (bytes):	65
Entropy (8bit):	4.78038233682537
Encrypted:	false
SSDEEP:	3:0NdQDjoqxOMb31RRLyovn:0NwoSvbF3Lyyn
MD5:	878B2E099C512B72A9FEA2257458C8B8
SHA1:	7966C3B4AE6C948FD2260763D13E121AF80C8E60
SHA-256:	BE41C136B2AC9E3AD69CDD80BBE54A960A436E41F612BBF184A265603B81B745
SHA-512:	4B016274F103E5EBF26EFE00BFA1BDA8CCE2F7E08EA22A8167C4E98C21B264EEEFE7E7A7C1B47460D6144FDF7EF344E686392D84B721F1FF58C700E8AADE53D5
Malicious:	false
Reputation:	low
Preview:	[.ShellClassInfo]..CLSID={88C6C381-2E85-11d0-94DE-444553540000}..

C:\b99fd08a604e45b5fc9f\pngfilt.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	62464
Entropy (8bit):	5.876237078940707
Encrypted:	false
SSDEEP:	768:wke+G0WW5IkgCWGqjUWCbMp5SxPE/w1W5C+6MKRV6GQNs8qHLbrnSblIXKqUYOF:wiC7dGqJlv/yfiKRtKgKqUYu
MD5:	2F7DC7C2EBCEAA69720BD1D2CDC0E7AE
SHA1:	9CB4996057C04473CCE603055749AC3287155CEC
SHA-256:	5E7A6AE0DE44E013B797C3EC338FAFCC9880BB4C2F674B75503FAE3C72D15C7A
SHA-512:	4295089AB934AF16063EF661D3987C5839F97EC00977669940FA3B1F3AB1D4A09CF9EBCFD5A23C0707A508A4D02EEC4D46E368DFEEE5978FBEAD086986E7DECE
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s................................................................Rich............PE..d......F.........." .........&.......T....................................... ............@..........................................W..l.......d...............`.......................8...............................................X............................text............................... ..`.data...............................@....pdata..`...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\popupblk.wav

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
Category:	dropped
Size (bytes):	29444
Entropy (8bit):	3.7030367479597786
Encrypted:	false
SSDEEP:	192:4uh8FCpmK4E44XA8Nq0PrFyogU+nchHmDY27BK3rOQSsn83j2RHGfvvLjfvqs4zS:4ekCEE5A8Y0TFLmcJKjQSs83jffqsUS
MD5:	12BE3833764F37D1BA31350935E3FA2A
SHA1:	B984B53AD3FCCF3748F8FF7D045F243CD509038B
SHA-256:	DF7CAD111688DADB00469203DD7228DF99E49E86AE7BA937E308D947CD9790F2
SHA-512:	C4E3C0C13A215BF78A1531352B624C2568C1D671F7975A889A1DDB352A0C6860C545314BAE3575A927024A608EFDE13962DBA1C05C4818675A9FF1A2BBA47410
Malicious:	false
Reputation:	low
Preview:	RIFF.r..WAVEfmt ........D...........data.r.....................././.C.C.X.X.l.l.................................\|.\|.....P.P.r.r.r.r._._.P.P.^.^.....'.'.....p.p.R.R.........................D.D.....L.L.O.O.~.~.....=.=.........,.,.2.2.........=.=.....\.\................................1.1.x.x.Z.Z.....................................................S.S.L.L.............g.g.M.M.h.h.............%.%.....................D.D.0.0.........b.b.K.K.v.v.........B.B.....U.U.....................................o.o.X.X.....q.q.....................\.\.X.X.....'.'...............h.h.X.X.........\|.\|.........w.w.....#.#.....T.T.........=.=.....V.V.J.J.........V.V.1.1.V.V....................A.A.....L.L.........5.5.i.i.~.~.L.L.............F.F.(.(.j.j.....V.V.0.0.....B.B.....Q.Q.&.&.Y.Y.....-.-.....................X.X.....[.[.....<.<.............4.4.............H.H.........E.E.s.s.............\.\.....&.&.....F.F.....................?.?.........(.(.o.o.............5.5.V.V.u.u.....................?.?.

C:\b99fd08a604e45b5fc9f\shdocvw.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2437120
Entropy (8bit):	6.311116636493199
Encrypted:	false
SSDEEP:	49152:YT1cywhtbSDYlcRXk5a2CiMIe3p6p3ZTQafiKCGFXOvgHn:YP0a1k5a2CiMIeqJTvmI
MD5:	8AC11C3CE62B35CF2E0C594DF8DA2723
SHA1:	12036F308015D15615EE4FCFABDC2227B7B6562F
SHA-256:	00C5F5AF33CD389E0B2055BBD32CB6A581E4EDA18BE92A75D7D1802172F7E1FC
SHA-512:	4C864AA858B612800884DFBF7A6C5B773AAE0F43DE94EF0582FCB7929615390734967330B62AA8D77DD9E0A8258B776785CF9C6A8F40F1B70FF52229E7264E4F
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>..K_.K_.K_.K_..\.=..X_..(..J_.=..f_.=..I_.=..t_.=..J_.=..+_..P..J_.=..J_.RichK_.........................PE..d...%..D.........." .........2......@(.........}.............................p%......[%.............................................8........................`..49...........0%.L7......8...................................................H........................text............................... ..`.data....3... ...(..................@....pdata..49...`...:...2..............@..@.rsrc................l..............@..@.reloc..L7...0%..8....$.............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\shlwapi.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	621568
Entropy (8bit):	6.501809582860273
Encrypted:	false
SSDEEP:	12288:GT+L7jj95QjBwOwTbrt0VtaUpwc4dxmhX:GTk7jj95QjKNHrUt9T4d
MD5:	7FA886854B51CDE35FE17FB6E83E6B8B
SHA1:	6B9029EA853E6AA223BF0300267533024B62A3D5
SHA-256:	EE92C5E5D1844F7D94689AF7C95A71114DB68AF0FBF49264F99386F19EC8317C
SHA-512:	1BBEC00D9EB77D3854192DC25B9151CF0C19C00E6605BA52D9B2092C0C8E6960C194E965B72DDB02554C77E627C5A39EAB42341D29E778518361BD462DB57F2B
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<z..<z..<z..J...1z..<z...{..J....z..J...=z..J....z..J...=z..J.../z...u..=z..J...=z..Rich<z..................PE..d...v..E.........." .....<...B.................~.........................................................................................7...~...............p..........................8....................................................q.. ....................text....:.......<.................. ..`.data........P.......@..............@....pdata.......p.......T..............@..@.rsrc................^..............@..@.reloc...............t..............@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\spmsg.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15072
Entropy (8bit):	5.538713384831959
Encrypted:	false
SSDEEP:	192:zW0soplWEQdvzOL/CldolMGo3OuqoMOdLCqRX4L:zW057WEQdvzOLCcMe/oTC1L
MD5:	73665064F6F6F2E1CFF85743A6A80561
SHA1:	6228643D72CA5E5F4661FD0D81A91F38B62B9E70
SHA-256:	09D09C6B028D2789E644ECCA597D31E5972969538A72DCD493338DE0DCB3454C
SHA-512:	AFB87B02245D70E5B8CE19B75A008138886020811C863F1BD733411B2FE56BEBC4E9060E13B7F61DB766CCDCB53B01C4CCA4D6E4EC9C404B96233525006A9D3D
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.............T..~.....~...T..~..Rich...................PE..d...t..B.........." .........................................................P......B................................................................0..h............ ............... ...............................................................................data...............................@....text...>.... ......................@..@.rsrc...h....0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\spuninst.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	293088
Entropy (8bit):	6.188857092622282
Encrypted:	false
SSDEEP:	6144:kFO7zFjhMcA1CTQolXYD+FFdfOHDtzgIe6uzMK74Ei:kYA1CTQolXF8HZgYIXRi
MD5:	EBFDC89C891B6A66BDF80C0155114BDD
SHA1:	D072BDD8351D919F696E3785ED54C9E361218EF6
SHA-256:	2BFAD4916642091D6D5DC86C6D6C3B1A06D83976E22A600C536706D1B80FE597
SHA-512:	F8200AD02672402A8A0F5D90C8C72AA925ABFAF76D1E5AED5686375F1E00AAAC868B861B4294C3A6E7E3C2BD4AC1CB32F80BD5CAEBB6176A8EB60D1717519904
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7...d...d...d.Y.d...d...d'..d.Y.d...d.Y.d...d.Y.d...d.Y.d...dD.d...d.Y.d...dRich...d........PE..d......B..........#..........B......@................................................................ ......................................8k..@....0..X............^.......................................................................`..@....................text...X~.......................... ..`.data....q..........................@....pdata........... ..................@..@.rsrc...X....0......................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\spupdsvc.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25824
Entropy (8bit):	6.229146930126375
Encrypted:	false
SSDEEP:	384:9UHXEjb2re77WiYHrEi16IXk2rPcR3eESajfsfUXn3AJuW1BWFLCcMe/oTC0dL:9UHXkb2r07uk2wd3tn3+FsL3d/o+WL
MD5:	397DD6719B703CA7DEE43C46F655CD71
SHA1:	9C9486227598C69AC43493B34ED194668BD83A73
SHA-256:	B5476B778FE285B8EC31266936333E12870A520EB13832DF36EC13B0F043129D
SHA-512:	DB5474CF671E3338C3D10B0D4F5449442C2AAE96CEB6592CE3817ED304750FA16638E30B9AEA8D3F0C94E4A63756A4FA08E7196BE464958E665A84707E3C5964
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0u..t...t...t...........t...;.......u.......x.......u......u.......u...Richt...........PE..d......B..........#......>...........@...............................................w............... ......................................hD..x....p.......`.......J...............................................................................................text....<.......>.................. ..`.data........P.......B..............@....pdata.......`.......D..............@..@.rsrc........p.......F..............@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\tdc.ocx

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	5.940646115099027
Encrypted:	false
SSDEEP:	1536:1s4KNyQ7kLTs2SuNfwF6bg3rGTZ/3iPJMQxHW2BcpfBB:1s4KNyQ7kLTs2SA4bE/yhJHW0cpB
MD5:	7BDF6E85A5104FE2134BF0C48C2A64A5
SHA1:	968C5D6119770010A7D21B5B98A7867590C810C7
SHA-256:	EB4E0EBAD4FA9D4E94DCC0990FBC290463E1D11AC349DCDB560D61D52DF6AFB5
SHA-512:	E04C3A6CCA5EE9684817E5CAFB492D5256BBEA778BB576496B6EC803E975DAC0DA617BCFBCF66088596827381A6503A00B53B8DE1CF08745B3DCA396182F78E3
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.4-..Z~..Z~..Z~X#'~}.Z~X#4~p.Z~..[~..Z~X#!~h.Z~X#7~;.Z~X# ~~.Z~X#(~w.Z~X#$~~.Z~X#&~~.Z~X#"~~.Z~Rich..Z~........................PE..d......F.........." .........F.................`.............................`............@.........................................p................ ..X#......8............P..<...p...................................................@............................text............................... ..`.data...p...........................@....pdata..8...........................@..@.rsrc...X#... ...$..................@..@.reloc..@....P.......*..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\ticrf.rat

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	1988
Entropy (8bit):	6.302133067608925
Encrypted:	false
SSDEEP:	48:zh/giAKkZ6D6wTNVdQNKl75dTV5hb5K9hoi38nCTIKE:d/gtKkA+UNw81dTTmholqIKE
MD5:	6D21D0A95286DCD09E354B612F592EB7
SHA1:	BFC2CE1D4671686B0F7BC3672913C7D4491F64BB
SHA-256:	B0BD0D9E24E1AD3B2256B21BEA4A129A750CA4F7A8A57B46E8C8CEF228B68C42
SHA-512:	9DAA2AE300240AE85F5ED11BA29781257312A46B4CAC9CF36CC5A9FC6CE90E001056A1A4EF0FAE725CAB192F3592FED9771A407B608604130366C6F4C0BE4245
Malicious:	false
Reputation:	low
Preview:	((PICS-version 1.1).. (rating-system "http://www.ticrf.org.tw/chinese/html/06-rating-1.htm").. (rating-service "http://www.ticrf.org.tw/chinese/html/06-rating-v11.htm").. (name ".x.W..........s....\|TICRF....A..").. (description ".x.W..........s....\|TICRF.O..F.\|.s.D...P.x.W.....~....U...D..Q....A......\|......\|.M.......F.\|.s.D...P.N.A......A.....c......A..A..v.B.............A.F....w.....W......C").... (category .. (transmit-as "l").. (name ".......e.y.......").. (label.. (name "18...H.U..i..W.\....a......\....e.\.y..").. (description ".@...y...A........g....L......r...C").. (value 0) ).. (label.. (name "18...H.U....i.\........U.y.....").. (description ".H.y...y.z.j...B........`.A..y........g....A..{.]..P..t..C").. (value 3) )).. (category .. (transmit-as "s").. (name "..P.r.S......h.C..").. (label.. (name ".....L.r.S..b.........U.i.[..").. (description ".r.S.....N.@.~........A...P..o...p.Q

C:\b99fd08a604e45b5fc9f\update\eula.rtf

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
Category:	dropped
Size (bytes):	74715
Entropy (8bit):	5.194943851434213
Encrypted:	false
SSDEEP:	768:usrxmUiMAXWDhiwLTggiCvG6Ybu8k+S4QpQIKzxJDeQME9z671+4AROWJaorRnsD:DTbt/35Zh
MD5:	1B26CF070C67085E0D529332C411DBC5
SHA1:	D4BDD9468E0EBCBAF26E85C602673CB41EE9BE6E
SHA-256:	4EE908C4BF5CBCE74A8638F1F37062E690DD8E37892CB9966AA0247DA1E8B5C8
SHA-512:	7FACE676656FA6275607CD374D88CB9651C61B7A72135BBEE9705E1A3D497687E4382ECB96C4B903A5FEDE4B4B5BB23509D3E9EE77AD73659675D8803E9F076E
Malicious:	false
Reputation:	low
Preview:	{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff36\deff36\stshfdbch11\stshfloch0\stshfhich0\stshfbi0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f2\fmodern\fcharset0\fprq1{\\panose 02070309020205020404}Courier New;}..{\f3\froman\fcharset2\fprq2{\\panose 05050102010706020507}Symbol;}{\f10\fnil\fcharset2\fprq2{\\panose 05000000000000000000}Wingdings;}{\f11\froman\fcharset128\fprq1{\\panose 02020609040205080304}MS Mincho{\\falt ?l?r ??\'81\'66c};}..{\f36\fswiss\fcharset0\fprq2{\\panose 020b0604030504040204}Tahoma;}{\f37\fswiss\fcharset0\fprq2{\\panose 00000000000000000000}Trebuchet MS;}{\f38\fmodern\fcharset128\fprq1{\*\panose 02020609040205080304}@MS Mincho;}..{\f52\froman\fcharset238\fprq2 Times New Roman CE;}{\f53\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f55\froman\fcharset161\fprq2 Times New Roman Greek;}{\f56\froman\fcharset162\fprq2 Times New Roman Tur;}..{\f57\fbidi \froman\fcharset177\fprq2 Times New R

C:\b99fd08a604e45b5fc9f\update\idndl.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	730472
Entropy (8bit):	7.9824184294147775
Encrypted:	false
SSDEEP:	12288:UTsfQxptC5V3tOcVqAq5ESyA5cRpOJi0VYrRbWMengrV+hONo0ha:UQf4C7vqt5RFAbIYNbWxWo0Y
MD5:	3AB3D1350565EC1E43F75AE1B6C7D76C
SHA1:	AABFD4B1661B039E860E51CFACE15A91946F2468
SHA-256:	ADD8770F3948009E1BEDEE8FC06CF2392F6F79E1FF26C432573B9C0984039BCD
SHA-512:	7B9A299DD9FCEC488A11DCECDFB1C48056F5E4A6D1ED2B75AD37692C500AE57804CE0121C895676C8A80726777F414B450EB3496707E4BEE9B895906B3F65BF4
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K...K...K......D...K.. ......_......J......J...RichK...........PE..L......B.................z..........rY... ........... ........................................... ..........................@...........................h............!............................................... ...............................text....x... ...z.................. ..`.data................~..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\ie7.cat

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	data
Category:	dropped
Size (bytes):	71205
Entropy (8bit):	5.5437124018868404
Encrypted:	false
SSDEEP:	384:lsN6QpTI3vvZV5cQlB4jYKZOEZxmrU3BImpAoKhLgFrH9thy/j/NJnrW7uT+quEO:l86Qk3pLLeFWJFNgJHdy/jlBrezM1w
MD5:	049EE3947A1CF052BA4C21F902DC22AB
SHA1:	76EF8A773326F0A10B93EC4EE82449C149B0E5AD
SHA-256:	927AE22554E7FD82D223DB85F94F1DCB01A8C145896B1389953876619B2E0BCF
SHA-512:	17A6B55CDB1477AD036AB7C9F93737A8BDCF0C28649AF772C05811C5BDEAB56A1477CE20321B3D0B56389D192BABD847C3DA32DCB54AB1925C6DCD718EB9827D
Malicious:	false
Reputation:	low
Preview:	0... ..*.H...........0.......1.0...+......0.....+.....7......0...0...+.....7.....<.Q..\|.D.....Z."..070814021659Z0...+.....7.....0...0....R0.1.9.7.B.0.7.6.7.3.0.7.2.3.4.8.8.D.0.A.D.E.A.C.6.7.7.0.F.2.5.4.9.E.A.1.0.2.C.F...1..0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........vs.#H...gp.T....0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..&.R0.4.5.0.5.7.E.D.0.3.4.7.1.D.1.F.1.7.C.1.C.2.9.F.1.0.C.1.1.1.1.8.9.D.8.0.5.0.E.D...1..0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........PW..G...........P.0..&.R0.5.D.C.9.F.0.6.0.7.D.C.4.F.C.A.0.C.2.6.4.5.3.3.6.E.8.C.5.A.A.4.4.2.1.7.D.4.0.E...1..0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........

C:\b99fd08a604e45b5fc9f\update\iecustom.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	34496
Entropy (8bit):	6.353657827965027
Encrypted:	false
SSDEEP:	768:XHXpFHXR9Kuzeb8WtkWuinee2ePrXAy/jlBrezMn:XHDfKz8WtkWDnh2srwy/nbn
MD5:	9562E941650C0EAD80A4BF1DDE6D2934
SHA1:	86072C0AE1101E2CB1EBCF1B45E0EC47FF1F6FE3
SHA-256:	FDFA3E7298204281B1DE0FEC4F812BD17AD94097D311416B12BC6E189363637D
SHA-512:	A4DF21DA77D683E74F8FAA03937B31012EF037E1A7130A54C0A1A302292EF5F69BBF995A6C41B8A5821AC36A4483314A6D7560D2A249858EF713362B8C407A34
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.@.F...F...F.......F.......F...F...F.......F.......F.......F.......F.......F.......F.......F..Rich.F..........................PE..d......F.........." .....F...........9........@.....................................h.....@.........................................`S...... L...............p.......^...(...........................................................................................text...WE.......F.................. ..`.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................R..............@..@.reloc..l............\..............@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\iereseticons.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	66048
Entropy (8bit):	5.254258927609049
Encrypted:	false
SSDEEP:	1536:62lDdOPLkRY4Ry08jkH2iYdRy08jkH2iYX:DlDd24SPZJmPZJ
MD5:	29798138249B5B08720556932400882F
SHA1:	BABE1F982E14C41F1B4D4D02A09F1271F2518105
SHA-256:	3A1B45980DBD6FA153BFD886EC13A278BBA20197A3F3713620BA91AF4FA7DF41
SHA-512:	6B285077D4C342A6916EDC99118EC21598A8D7C94017868A70C9744CF789251514F76A01B5B2CF131D32D9AF9520A49EE766C90BA6ED36330C0824328263CD2A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..?)..l)..l)..l.E.l+..l.E.l&..l.E.l$..l)..l[..l.E.lk..l.E.l+..l.E.l(..l.E.l(..l.E.l(..lRich)..l........PE..d......F.........."......"...........#.......................................P......b.....@.......... ...................................... *.......`..X....P...............@......0................................................................................text.... .......".................. ..`.data........@.......&..............@....pdata.......P.......,..............@..@.rsrc...X....`......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\iesetup.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1107136
Entropy (8bit):	7.173282227876676
Encrypted:	false
SSDEEP:	24576:uAUnzqR3uVVkbxKD8BZZwCpzfDubEteiZqWG:uAUnzqR3uVVkbxK4BZZwCZC2eiw
MD5:	DDAB11B09B0310328B06F089DF750207
SHA1:	2A0EE77602AC777DB6211EF1D6B9C9E5BBCA9698
SHA-256:	C574D0FC7F7725C5119FB37E958A41FF933A272D4EF0B9C9D6DD0E3B669CA2F3
SHA-512:	CB005CF06095E3D534393C99FFD554F5A2C16B81D058DD8F90CF8B3B1F8C467BC4024800DA55B6A5FC9DABD34541BFDFE142F62AB0C954BCFA848C38A72E618D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L8..-VH.-VH.-VH..+H.-VH..8H.-VH..-H.-VH.-WH.,VH..;H.-VH..$H.-VH..(H.-VH..*H.-VH...H.-VHRich.-VH........................PE..d......F.........."......x..........._.......................................`............@.......... .......................................o....... ...!...............(...P......@................................................................................text...6v.......x.................. ..`.data...(\|...........\|..............@....pdata..............................@..@.rsrc....!... ..."..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\legitlibm.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	635696
Entropy (8bit):	6.312587551102168
Encrypted:	false
SSDEEP:	12288:xd/mGu9A4zpWLbV3cZWnD4teqiL9BipXTFdK9Vd:xpbuG4zpC3cWD0eqipBS2zd
MD5:	2AE9A778BC11027805F5AE0AC7C1E387
SHA1:	570EE57195BFD68B217F3FFD63472C88A54B638C
SHA-256:	758C19EF12AC5BD420E03D3347FB2D4DDF00E15311E8CF55F9834D13EB3BBC35
SHA-512:	5CA4FA4650BD06123200A0612D6A44ADDE132EC81C92F3FBD2ED9BA2FDB381A929E3974E4C67A2A4F7533A7B81FFCCBBBB1FDB78A0D0C8EE6DADC557AF5B8C80
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ag..%...%...%.......!... ...'......'......'....%..'.......:..............0...%...........l.......$.......N...%..$.......$...Rich%...................PE..L...m.JE...........!................B........`....@.............CS P................_................................................`..................0....p..\R......8..............................@...............`............................text...^........................... ..`.data...yV.......X..................@....rsrc........`.......@..............@..@.reloc..\R...p...T...D..............@..H........................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\nlsdl.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	632672
Entropy (8bit):	7.978979010038338
Encrypted:	false
SSDEEP:	12288:fTs85BBQFa0XcQjnjy+YASrq8fZxM8uH903P62FF8KH/gsI2:fQ8PBua0XzjyZZxM8u0NFj/XI2
MD5:	C756D1FE4A123E7CC95F88DC2548D388
SHA1:	38225FFF9E79E1293EDA889893FECEFB6F6BC4C1
SHA-256:	B63B221BCC555071319231E9B260E5C7F13A4E9C9387BE40082505CBC254CDEC
SHA-512:	6699CAED3DC28278F5B6168B98DB95FD12338787900892495A780FAA604AA1D2F3C8611F75B847FB8B66439BE4F54D762F880D12C7950305F5F31D64142B9AAE
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K...K...K......D...K.. ......_......J......J...RichK...........PE..L......B.................z..........rY... ........... ........................................... ..........................@...........................`............!............................................... ...............................text....x... ...z.................. ..`.data................~..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\update.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	968928
Entropy (8bit):	6.38812968927502
Encrypted:	false
SSDEEP:	12288:9TmJ2htd1b7cQI/gM6yy9Q9XDIGZeIjdHWYr87fMHcGtag:tm2P77cQI76ygQ9XsGZ95HWYryf4hZ
MD5:	FDB5B6011F1B000B6D5F51B26B4F5D28
SHA1:	784AE6C59BB06F212B2DA8CF29B23CC06C62F925
SHA-256:	DD40DC1E85286F9FF0F7380EB4925CDB9A6406D7FB78890C81E52D6FC6D3B52E
SHA-512:	CBD1CF87419E84C2BDAB6DADB6EC2222799178F0FF0C48D1148B5836862BD88275161BB4D3B93D7FDD209A0F2C6BB7B774D19DDEA7935ADE93D1247A3DC77AEC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o...o...o......o...o...m......o.......o.....o.......o...`..o.......o..Rich.o..........................PE..d......B..........#......b...R.....................................................o................ .......................................;..........8........d................... ..................................................(..../..@....................text....a.......b.................. ..`.data................f..............@....pdata...d.......f...x..............@..@.rsrc...8...........................@..@................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\update.exe.manifest

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	785
Entropy (8bit):	4.546963751638046
Encrypted:	false
SSDEEP:	12:TMHdtYLW5nU3YgVQoF+vUSNMlXu3Q5naSNMoF+bJ+Q4gVQg6tE/K:2dtYiUIg5+DNMle3oZNM0+bo1gytE/K
MD5:	4CA11603F208E66DEEB14F556DD7860F
SHA1:	15D453E379D5A0AC86CED58A93E9482764C1469C
SHA-256:	4CE5F91C96A3E914E9E4720774181621EE2E5BE6B4F8E1B29E3C91949BD063FA
SHA-512:	C0E6BAA0C36C9161D0D3A68B768522109E350F2A291AD416C9D514DFD12CA6B27BE5E0362012B1897018B8B37349F04D44835CA6DEE47FD44EBF3F4573A70556
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?> ..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> .. <assemblyIdentity .. version="1.0.0.0" .. processorArchitecture="AMD64" .. name="Microsoft.InternetExplorer.Setup" .. type="win32" .. /> .. <description>Internet Explorer Setup</description> .. <dependency> .. <dependentAssembly> .. <assemblyIdentity .. type="win32" .. name="Microsoft.Windows.Common-Controls" .. version="6.0.0.0" .. processorArchitecture="AMD64" .. publicKeyToken="6595b64144ccf1df" .. language="*" .. /> .. </dependentAssembly> .. </dependency> ..</assembly> ..

C:\b99fd08a604e45b5fc9f\update\update.inf

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	3283003
Entropy (8bit):	5.537507229879816
Encrypted:	false
SSDEEP:	12288:E55iL4GVGrWjBr8WiKHybNKT0VlNQRRghouB3Ran6zAKa2723S+X8td1DKvw16LT:EqL4xWjcPNQAhouan9g1+
MD5:	3B000EE99A47964FA1046B33E330B888
SHA1:	2C01DAEE8437D85F8A3C81AF67396243008F2602
SHA-256:	43130D64466A2EF72448C7095ADB5C177FA67180070F9152EAE0C7DB01A97078
SHA-512:	E62C6025DF8A235ED5896E2429661F97BC1EAFBBE6FED750B581155EF2F53372551E49B78B04915242158DE5C10EF3D1A4C0FCEB5BFD33559ABBCFBE6DE27A0D
Malicious:	false
Reputation:	low
Preview:	[Version].. MachineType = 64.. CatalogFile = %SP_SHORT_TITLE%.cat.. LanguageType = %LangTypeValue%.. MaxNtBuildToUpdate = 9999.. MaxNtMajorVersionToUpdate = 5.. MaxNtMinorVersionToUpdate = 2.. MaxNtServicePackVersion = 5120.. MinNtServicePackVersion = 256.. NtBuildToUpdate = 3790.. NtMajorVersionToUpdate = 5.. NtMinorVersionToUpdate = 2.. RebootRequired = 1.. Signature = "$Windows NT$"....[Configuration].. UpdateRegKey = "SOFTWARE\Microsoft\Updates\Windows Server 2003".. AppFileInUseDetect = 7 .. CustomizationDLL = iecustom.dll.. EventLogDllName = spmsg.dll.. EventLogKeyName = %SourceDiskName%.. ForceServicesRestart = 0.. InstallationType = Hotfix.. InstallLogFileName = %SP_SHORT_TITLE%.log.. NoPNPFiles = 1.. RecordFileDetails = 0..

C:\b99fd08a604e45b5fc9f\update\update.ver

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	16196
Entropy (8bit):	4.7768235152216025
Encrypted:	false
SSDEEP:	384:QHbavCcuRUP2ggRghNdzpOgAgfNmIaCa9SWa:GavCjU5E4dYgM0x
MD5:	74F3FF5D414481CF36258289E9C19B31
SHA1:	AEAD186F2177029D1CC82910C6429D8635A5213B
SHA-256:	C5744519F508C8CCB448E882B4CE83F98734677413FBC480384423A66B409A6D
SHA-512:	FF25D325A12375018A0F271020FFF52B37C0FC8F154E0ED67915159BC1E5F3BE2C1BDE9756B082DBDE12FBB6AB499B2E11A187354E8F59AC32B98B0BEB634388
Malicious:	false
Reputation:	low
Preview:	[SourceFileInfo]..admparse.dll=496D4E7597E8E81AD51678A6D788E8D9,000700001662000D,88576,,508AF0A0..admparse.dll.mui=46C8BA60665D67C12F46A07787C0293A,000700001662000D,5120,,6015323D..advpack.dll=D582A89F6D632D0CF764A80F683B5F4B,000700001662000D,158720,,29E64029..advpack.dll.mui=437A84CAB4C4B9A5B8D464CE19568170,000700001662000D,9728,,5379F320..browseui.dll=E10CE65AB6C9744773F4B612C66AC3E3,000600000ECE0AEB,1604608,,8C5AB1E3..corpol.dll=62FE18948CF74D19C924D883146CBE67,000700001662000D,22016,,002F5ABC..custsat.dll=5485DCB421729E0453C54FD6D9198762,000900000ECE097C,53248,,41F231BC..dxtmsft.dll=5436E301B93E784537D57FC0A6DA1F0B,000700001662000D,505856,,F0DAFFE3..dxtrans.dll=551A281EEF1BEFF155D8D69AC744EAD1,000700001662000D,308736,,9659961D..extmgr.dll=A18E61E04DD007CC632A0F6D2E2556C2,000700001662000D,184832,,768F2837..extmgr.dll.mui=A86E28E5D9C277C035B1D0F37056CAC9,000700001662000D,33792,,F28AC0EE..feeddisc.wav=94F139C13358BC3E4DE27CFDA595905B,,8636,,5E13E2EA..hmmapi.dll=15F6698D989843645BB58A8

C:\b99fd08a604e45b5fc9f\update\updspapi.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	462048
Entropy (8bit):	5.768127415429431
Encrypted:	false
SSDEEP:	6144:jaQEG98Wn8VfPIq5gulHITlbXoEzAe2jit0dm5d1e0Pub8Z:jZEG98W8V316uJITlbXbk+cm5TPub8Z
MD5:	59B5BAE540E021DE17880E4BDE817554
SHA1:	AC321F865076D4F5F1074666B3A704B5003D246C
SHA-256:	4C90D40C3303BE5F7AB50FF68CE7EC14D37E7AFD8A30D6DB10B5D2FC3BB3DD17
SHA-512:	B722B1DFC39461451B5417C04515ABE1393F4548398B1DF08ECF43FFDB38B8A89E1FE12F7125C25E710B7E7B1F99293C477573189BE5F4E9A24042E563A5A4E4
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R....ceC.ceC.ceC.cdC.ceC`..C.ceC`..C.ceC`..C2ceC`..C.ceC`..C7ceC.l;C.ceC`..C.ceCRich.ceC........PE..d......B..........",.....N.......... k........@..............................P.......K..............................................`S.......>...........n....... ...........@..t...p...................................................H............................text...XL.......N.................. ..`.data....6...`.......R..............@....pdata... ......."...\..............@..@.rsrc....n.......p...~..............@..@.reloc..L....@......................@..B........................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\update\xmllitesetup.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	788280
Entropy (8bit):	7.984286611624905
Encrypted:	false
SSDEEP:	24576:7SKo465mMKFC6PfoleuqJozFt66MnWlV4JqgexKQ8J:7SKoJMM+COfCe1yFt66gWle/eMr
MD5:	1DEF53214DA207767F063384C32AF2A7
SHA1:	D55D701DF7F07EDAC1E5D6A30EBF888424E9DDE8
SHA-256:	0652E3472FF11C055DCE20BB907EC71CDA823443CA44432161435734D5ED23F3
SHA-512:	4EF67504C29B014806C953E24F941920779B3A65C2DE2C9A29E6A8182C541B014E287B194B1FE895D7540A546EC7ACCE5D7D38176E39AD1A6AEEF2E41F22721A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K.....D..K..'....._.....J.....J..RichK..................PE..L.....B.................z..........EZ... ........... ..............................WU........... ......................................p...............8............!............................................... ...............................text....y... ...z.................. ..`.data................~..............@....rsrc...p........l..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\url.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	108544
Entropy (8bit):	7.182620093790243
Encrypted:	false
SSDEEP:	1536:UL4fniqXmFiMNwPB8zrfEOnZG4e9em3RrIojfVPDXsgdxQfjwY/GiE1bdu:Usviq+iLSknHhUcBZLY/5
MD5:	962B7A5AFCE52536C9CE1474F4DAB878
SHA1:	0FFD657D857390140440CC9612FBAB8DD5D019E1
SHA-256:	DCA337200517FDE7ECB6D549CEA83A9D32ABCC7E4499AC9D6EB786C79EA21399
SHA-512:	8074DBC3D51C7D0088D06916198DAF9EB787B9F2BE373728C890AA6B0AAB16E6E5AA597568E819D3695119593AB27F31BB2AC62ED360852142EEE6EEC887597E
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&".hbC.;bC.;bC.;E..;cC.;bC.;.C.;E..;mC.;E..;sC.;E..;YC.;E..;cC.;E..;fC.;E..;cC.;E..;cC.;E..;cC.;RichbC.;........................PE..d......F.........." .....$..........@!........(c.....................................q....@..........................................0..[....+.......`..0t...P..h............... ............................................................+..@....................text...;#.......$.................. ..`.data........@.......(..............@....pdata..h....P......................@..@.rsrc...0t...`...v...0..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\urlmon.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1408000
Entropy (8bit):	6.386610600259544
Encrypted:	false
SSDEEP:	24576:I/lxt2Z2ecWLCEcwlG/AdV0VCNlzJ0opgrW+cto9SpHs5HX:I9z2Z2zWLCEcj/Ad4clzJ0oEW+qWsM53
MD5:	9E7DBA9925E7D7E11E968DA448CB66FF
SHA1:	1FBAD82B282EBAFFEF6E87FF4F7328C8F9AFCCBA
SHA-256:	538F613DFA21B5D0E0E8D709F6B1B2633A63BB79454B13D5FE59EF813F37C22E
SHA-512:	164649C9402E70CE49C3D6CBE286E873153A30518C0BC9C1D800E2C4F1E5929B99BD7B51ED01BC585386503B73C69A7666AA724E53B5D337C92909408AA65FAB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-...~...~...~...~...~...~Z..~...~...~...~...~...~...~...~...~...~...~...~...~...~...~...~...~Rich...~........................PE..d......F.........." .....\|...........!........@..............................0......'&....@..........................................................@..........@...............`...`...8............................................................................text...pe.......f.................. ..`.orpc................j.............. ..`.data............v..................@....pdata..@...........................@..@.rsrc........@......................@..@.reloc..`........ ...\..............@..B................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\urlmon.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	321536
Entropy (8bit):	5.834231470575532
Encrypted:	false
SSDEEP:	6144:J3zkCJghEX2DndlwIcuYYuJOWycpxJ0OmSbTV6Y:JomgRbd2IDsAOmSbTV6Y
MD5:	8E79AF2FF71C3C76651E3C67E8626965
SHA1:	E6E4CFBCEB20F4DAA7E0196246E320EB5FF81DDD
SHA-256:	9C56F76F3BD9DBFAFA2A4D297B3473C9525AADF43BF0B53CC0E75FC87F62D076
SHA-512:	86B8602F00D73CF9A008EE9A7AE59C1BB8F81368A054CC6700C2E8A5A1EA84059E55A9FC61C705F2F353998251EB91F04EAF5C04671DB61B53FE60B4DDBB43FC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." ................................................................m.....@..........................................................................................................................................................................rsrc...............................@..@................................................X...H.......`....... .......x.................................................................V..................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................0.......H.......`.......x........... .......!.......".......#.......$.......%... ...&...8...'...P...(...h...).......*.......+.......,.......-.............../.......

C:\b99fd08a604e45b5fc9f\vbscript.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	506368
Entropy (8bit):	6.190565615244036
Encrypted:	false
SSDEEP:	6144:BdGMJq0D54kCQMnDLt+WFcaFQxxlsjGiS3aSAbW43LDBPzDyr:XFq0DqkCQuDcWnFQxbaGT3epPg
MD5:	2D7291E2BD4336E93D7D6042D13C3A4F
SHA1:	A73C034F87C0E69DCF416F3B3FB2955D6934E88D
SHA-256:	2447741D5632CDD6ED2785010DBF359A69DAA8DE1F4D852DE15A3364AD3F8368
SHA-512:	BB9ACB9196F1C384C266D92F2E30C45D99FBBC36E54B74227FE7F5D751A8712BF62310372A153A35F5B1DDCD855CF301F2A4C8577A57C8C80067C52BCE4578AF
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.{.'...'...'....Kh.%....K{.(...'.......Kn.(....Kx.c....Ko.&....Kc.f....Kk.&....Ki.&....Km.&...Rich'...........PE..d......F.........." .....f...T.......G........@......................................V....@..................................................A.......@...........Z..............X....T..8...............................................(............................text....e.......f.................. ..`.data...._.......\...j..............@....pdata...Z.......\..................@..@.rsrc........@......."..............@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\vgx.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1104384
Entropy (8bit):	5.867647502586594
Encrypted:	false
SSDEEP:	12288:W4rWuJ8ozD4RGxY9Bz8WJw0GGb6Z2eSdzrJe1KZzF49BUJ:W4rnD4zbzw0GGbteSdnJe1K49iJ
MD5:	48EBE6DCB76A8CD7C74C37126EF143BC
SHA1:	D28A9800AF478FECD7ED0463741E1FF02F63694D
SHA-256:	771C001F42F953B888F632F8723630057D862A145D5987FBDD4026B493C3777D
SHA-512:	9419B6152E122D458AF0FA55D21095E8D952F90AD37089221242E501FAE36CAF210329FD8D5A11D57FAEB8CBF8054D382F69C1D7EB7662EB7E05A82FD5CE3485
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l...(.(.(..6.*..6..'.(....6.=..6..n..6.)..6...6.)..6.)..6.).Rich(.................PE..d...D..F.........." .........b.......T........@..............................p......a.....@.................................................P............$.......h...........0...'..@................................................................................text............................... ..`.data............D..................@....pdata...h.......j..................@..@.bootdat$............z..............@....rsrc....$.......&..................@..@.reloc...3...0...4..................@..B........................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\webcheck.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	292864
Entropy (8bit):	6.050871904912631
Encrypted:	false
SSDEEP:	3072:VlnyQHH5hGpxuLbFS/R0K8J/u8o9Sycy3O8ze/Te4HShyvfa+wZ6y3dbSqUuUyTm:2A2pxkZqSuzSyHOZ1HQYyj19vXdcJ
MD5:	D0C586974B88B5AA5BDDA07185257541
SHA1:	946C1EF74150D708AEC01C9DDD697EEEE21F2805
SHA-256:	6DF0DD2A60C30F1C3B64358AC4BDECF3132BC661D8B83B5732BF287B05660F8C
SHA-512:	82BA993B2FF01D60A6BBEAC705E220344CD620D512702AB6E4580234B1D0AFA2168CE2C77A68925887B90C641AD3FA4C4268EECD8AFB308AAFCC1CEC4BFEA4F2
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p.V...V...V...qwc.T...V...D...qwe.G...qwp.q...qws.....qwd.W...qwl.c...qw`.\...qwb.W...qwf.W...RichV...................PE..d......F.........." .....j...........!........@.....................................*.....@..........................................&..s...XF.......... .......................H....Z..8...................................................(>.......................text....i.......j.................. ..`.data................n..............@....pdata...............v..............@..@.rsrc... ...........................@..@.reloc..H............l..............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\webcheck.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	83968
Entropy (8bit):	4.730660086480341
Encrypted:	false
SSDEEP:	768:GCJ4ekBnEhmhyKlY6M+ldWmHzqe78tF78ecksCbi+sOZfLkO7xUR0IH:GREAymY0lRHuDdckc+s6H7xs
MD5:	DEB33B96F0EE40C33B549C1859304CA7
SHA1:	F5EC30F45CA00F6400361B101C7E52396FE979AA
SHA-256:	799E91FF92D7E5E34D9613368EF91D3D672C0749568E71B340B73396C89B4F1C
SHA-512:	5DAC24431A4EC2090CA0ADA8BE4A90604D63E2E25B1DBF61EA9CA2753214958A3C7D569301D3863F487471A70A7E73C0F554AF09B474BB288FBAE90DE86FEA07
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........F...............................................`............@..............................................................E...........................................................................................................rsrc....E.......F..................@..@....................................................P.......h...............................p...............h...............................................................................................................(.......@.......X.......p...............................................................0.......H.......`.......x....................................................... .......8.......P.......h...................................,.......-...................................(...................p...@...

C:\b99fd08a604e45b5fc9f\webcheck.ini

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	Windows desktop.ini
Category:	dropped
Size (bytes):	65
Entropy (8bit):	4.880231952143418
Encrypted:	false
SSDEEP:	3:0NdQDjoqxjQUHXTdQw1aVORQh8v:0NwoSsUHDdQw1ae
MD5:	5079E25C0E9F1B5640B856225F5F5560
SHA1:	1DB3FDFC0610ECCCD99EE00F65A9541061F1A357
SHA-256:	88AAC8A3C7A955E521151BA16B4DC81D9DE3E091A76ABD19BB4F0E01D572DD5E
SHA-512:	066F1FF22EDF4B8BA9921395210CF0FA50F10D8EE7C410D231A52A5A13454FF6BAFD31D79B3DB9CB5C0C5853CAE84DA7033CB767AA6B77F3CF70D28859DFA21F
Malicious:	false
Reputation:	low
Preview:	[.ShellClassInfo]..CLSID={F5175861-2688-11d0-9C5E-00AA00A45957}..

C:\b99fd08a604e45b5fc9f\winfxdocobj.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	276992
Entropy (8bit):	5.706700564790073
Encrypted:	false
SSDEEP:	3072:DK73lALpht0e1pkPza+j86lz38gtaR8MWWvn22LOfYKun7TT2ioMPU8MCc09PNaW:er3KK7a+j86DtsO2aFj0lMG
MD5:	E207D2B9BF6A931B37C3AA6173D92548
SHA1:	50B688D576942F575FF5C20256E13F42FBA6C8A9
SHA-256:	AB942381025086A462AC2292124A22BB0D7D0595149A4B27D09D93D56ACB0BFC
SHA-512:	13669EEBD8F39943720229FB4CAEB3667693840DC2E789202ACA2CCC112B3FD16469B8BF415B9CD1402C79A2F8DAD82DF29A325C4C54C460964B5E23C566D47A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.(...F...F...F...;.,.F...(...F...=.5.F...G.,.F...+.e.F...4.:.F...8./.F...:./.F...>./.F.Rich..F.........PE..d......F.........."..........d.......K.......................................`............@.......... ...............................................@...........+...........P..H...0...........................................................@....................text...6........................... ..`.data...............................@....pdata...+.......,..................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\winfxdocobj.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	3.3228797737511644
Encrypted:	false
SSDEEP:	96:7ugEW03mvjST7hybC8FEBhrSeShmhahr:0W0sHC4
MD5:	C2D9D3833921DA42AE3F7030620ECEF1
SHA1:	4D94ED7912F07B28DAA5310D60D7539C37C9AC7E
SHA-256:	6FED457FD01962FAEBA621EB881F0B038A1783C05E337B7C70B665DC0A99EF65
SHA-512:	8652D06BB3F6CD69C7B1CA553F074226D5DAD5F8788614D6897FD52CDA081CA0B4920334A330E1465E137DDE32BC034D53DFC899D2F2075477973CE5914DAAFC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d......F.........." .........................................................0......i.....@..........................................................................................................................................................................rsrc...............................@..@....................................................8.......P.......h...................................................................................x.......y.......................q...........................0.......................H.......................X.......................h.......................x...................................................("..............x...&...........................X...&.............................................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.

C:\b99fd08a604e45b5fc9f\wininet.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1014784
Entropy (8bit):	6.201735438778874
Encrypted:	false
SSDEEP:	24576:E9aWDOb77DNmD9WB/3sLY1eR4GsY9OBIKoxEikMMIMMu:E9aCO37DNmbY1eFJkMMIMMu
MD5:	9DDA2C7EC35573A40BE4EB39BFA53CCE
SHA1:	FDDA1AD0CEED8E526CE4839F5BCFF1F833157270
SHA-256:	C3903C20B28CDFB465FC414D0B4A3849B7581C995AB895A90F02FD1D2211EF3A
SHA-512:	B46A4A3848ADE9B0C92A1189F649F30891E4069235155EBBE573D0D75A1C949005E1ECEDD5DD64484640BD6AAAD9C54C1978B916FD3081ED4C42E588A49814FE
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sF..7'`.7'`.7'`.....5'`.7'a..&`.....&'`....."'`.....s'`.....6'`......'`.....6'`.....6'`.....6'`.Rich7'`.................PE..d......F.........." .....D...p.................c....................................f.....@.............................................J...\...........`M......................4.......8...............................................8.......@....................text...@C.......D.................. ..`.data.......`...T...H..............@....pdata..............................@..@.rsrc...`M.......N... ..............@..@.reloc..4............n..............@..B................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wininet.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	121344
Entropy (8bit):	4.784716217459744
Encrypted:	false
SSDEEP:	3072:a9pRLxwU3tkhSaiGMMtOMMpUcJe7y3n2:03UMMIMMutum
MD5:	A1489A800EA1EE510C1103EEEA7D0794
SHA1:	9168AE9CD67E0B3D7EE6ED76E785A1B5F2304813
SHA-256:	6B2402D53EBD965F9B7E98BD2793E719F41756B2E92319ECCFE6DEF025ACEB08
SHA-512:	E533329DEC6B907B15C5E9DA2C1FCD0C71D4389E0096AC0F78D498E1A31AB0D69F67113A9B9E0767B817E721331C097AEF3C2703B7040B1A88AE70C4B457B2C9
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..d...Q..F.........." ......................................................................@..........................................................................................................................................................................rsrc...............................@..@................................................8...H.......`...............P.......................`.......................x.................(..................................................... .......8.......P.......h...............................................................(.......@.......X.......p...............................................................0.......H.......`... ...x...!.......".......#.......$.......%.......&.......'... ...(...8...................e...P...f...h...h.......j.......k.......

C:\b99fd08a604e45b5fc9f\wow\wadmparse.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	71680
Entropy (8bit):	5.974333062690437
Encrypted:	false
SSDEEP:	1536:C0fD27uXHwZ77QsONLyUgp+Se/tfWczJKhn74iX7G:LiaXHwZ79y7gNczJU7h
MD5:	63EBA242A5E4DCEEC88CB727A117B7AD
SHA1:	18C11A6F5072159B99507016C4E5B9162E8EEB69
SHA-256:	652CCCD11608E08BBBECCF1500E9E5061C94D67A90298620BF792D7F8A1B0F5E
SHA-512:	F6938B09A4049B085D03C2EE722109CA41B71F8EEB066744B4F70DBADFCFCF717001F60A6001253550F717E41A378652F245A3E81606AB95600FCE8365F2DEEE
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].V.<...<...<.......<.......<...<...=.......<.......<.......<.......<.......<.......<..Rich.<..........................PE..L......F...........!...............................p......................................@.........................0...............................................................................PI..@...............x............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc..j...........................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wadmparse.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	3.4029359137719273
Encrypted:	false
SSDEEP:	48:KM6q+CIZWJdUf5mvss/GvvIgd3G6uqofbOYZE4zeD9RgDNkbFK0oZW:vEWof03mvf3G6FofbOYaGg9cmK0oZ
MD5:	5AFBF3186030327C2F8CCDDD39ED35F4
SHA1:	0CBF9B9CB24B0FEF2BDAB00539396312E99A575A
SHA-256:	57B2C9DE7306A23B3A76925DB06051FF576A1739AEC5D6A6BF742A68706852D2
SHA-512:	C28BE1FDDA49FA94C798733E5C9423699C945366CA7F0FFC87CD9F8AD8F9F5E1A0191B9D30DBCECCC8DE72F1FA6F2ACB684ECC2A7FE4BFD47AE011AD92DCC0B2
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................@......s.....@.............................................x....................0.......................................................................................rsrc...x...........................@..@.reloc.......0......................@..B........................j...@.......X...............................................................................................0...................e...H...................~...`...................Z...x...P................................................................................................................................................................................................... .......................0.......................@.... ..............(...................(...

C:\b99fd08a604e45b5fc9f\wow\wadvpack.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123904
Entropy (8bit):	6.227550963828019
Encrypted:	false
SSDEEP:	3072:UOgTUOUUqzZSJIRgknoAytTCRa9r8CBC+q2uyr6xQ0NFfOI8w5:UTqzXIuor8CBC+LexQ0NF
MD5:	F9D975BD4E56B05795A56ABB7829D3A3
SHA1:	7464DCF9FEEF295C3F0857A91302BB3B13E632C7
SHA-256:	F7BF3B7B77BA27A8D61A2F4C837DC7225AE5165F963C8DDF1FE462D12A0201E8
SHA-512:	3D5CAD6A6EEF19C476500713CF0DD1C2073651CBBD1E4073E9D4FD7AE7A465784667248B52E63A8920042CC3661A74E3F0E0B3E37EB2FDE6790B773BAAFA3BDC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................................u........................................Rich...........................PE..L......F...........!...............................e................................1.....@.........................D...'...l...................................D.......8............................Q..@...............D............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc..D...........................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wadvpack.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	3.2940023027941514
Encrypted:	false
SSDEEP:	96:VfQvbgwpqEW+0xyrmvbyWcG4+hfi/l7POOObLzfA1Tfzfz1zmjSnSFXUDaH0mjaN:VfaW+0xyirq/th3SFCa/jan
MD5:	BA0DF9DD588F65E98D9CFD529F1FB7B5
SHA1:	2F56B6D3436D60F7FCE48FF5FD55BEF7E5297EA3
SHA-256:	2943B1E2FAD2E4264A221BD36535B68B126AA17B88484E56EA225154925B6880
SHA-512:	71E63627EDAAD430E792C1D03B2280CA79CDBA43E25E7D0DC25D30F7CBFE98B183ACB6BD64054679FA1383317E699CECF9C7D13428BFAD26FBC9D11F66FE14BD
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........&...............................................P......X.....@.............................................`#...................@.......................................................................................rsrc...`#.......$..................@..@.reloc.......@.......&..............@..B............................0.......H.......h...................................................................................?.......E...(...F...@...G...X...H...p...I.......J........................................................................................................................................................................... .......................0.......................@.......................P.......................`.......................p....2......................

C:\b99fd08a604e45b5fc9f\wow\wbrowseui.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1036800
Entropy (8bit):	6.59403192234271
Encrypted:	false
SSDEEP:	12288:ZhecHvKoqfa+ih3ZwqrLIU9QEmcwZ+/clzbKyhicOwbWf6l1hct+81MCA3qhQ7sh:qcP9EVih3KG0Uucwg/clzzNWy7g+uh
MD5:	EA7F5A6921B160FA3888F7805B5DCDB3
SHA1:	5B7E9E3B2CC3E9A56ABB7447D25BA13AA65DE4F8
SHA-256:	064FF506E53BA5BB7E7E8AD24A5352A791EE9F936E09A7C358F8DFD7E09ACF33
SHA-512:	D44F04A4067D29E26BD7052A7DF10A31A979740CA4DC70AA4C27EA0EB5CFAA747D7CF51978E963A3FA989143ACC7F51F34805C6F59601ECC1402144601D08063
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...zx..zx..zx..ip.yx..zx..3{...w..ux...w..}x...w.{x...w..x...w..Qx...w..{x...w..{x...w..{x..Richzx..........PE..L.....E...........!.........L......}$.......P.....u.................................................................%..R....u..........8........................w..,...8...........................@S..@...................4m.. ....................text............................... ..`.data...h...........................@....rsrc...8...........................@..@.reloc...w.......x...Z..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wcorpol.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	5.89556030616651
Encrypted:	false
SSDEEP:	384:p2dvOE7KurJggogCt5akJWmd9VQCeNxA683RWFmNqe:p2hKurygCKw9wxgY
MD5:	9B741F096FA9A49651080498920604FD
SHA1:	A2D8FB7CFA6A852FCFBB10D83E67D3C2F5EBD2A8
SHA-256:	7EC1B93BC29923082E9F351EF26F85E7365DC3FE76384921488765F6210EDE15
SHA-512:	AEF8CE488B13A70820D360E380DF826A290BF83069E856C032E0B5591EE3D79D307B56F044E496AC7D2D85A1F7166C97D28537F46372460D2CFC52DD02C14F39
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C.............f.....f.........}....f.....f.......f.....f.......f.......f......Rich............PE..L......F...........!.....4...................P....@......................................@..........................<.......=.......`.......................p..\....C..8...........................X...@............................................text....3.......4.................. ..`.data...T....P.......8..............@....rsrc........`.......:..............@..@.reloc..\....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wcustsat.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	33792
Entropy (8bit):	6.088434823296078
Encrypted:	false
SSDEEP:	768:8UEt7dso9+bc7m+S45ii3iiHUM6cST2WENZ3gUpSS:LEZyoE/AtXUbcSSWENdgUV
MD5:	1FF80EBE5082A13D02253B415AA26F60
SHA1:	7DA7551EC7F3F1E606EDF9313595E4EBE45AC8D1
SHA-256:	E0088B6361C7EA8E611BA32542BEFF7AC12955991C82A5FE9EF5D9A97D6CA14F
SHA-512:	8C33E9427227835229D27F59206E55CD98C372E6A20981C6B0518A5F9B81C127B0F40276C21ADAC06A433C1947AB56F7F2166135D184DEC1162B5071E3037E90
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.y.'.y.'.y.4....y.'.x.C.y...$..y...v.".y...&.;.y...%.&.y...../.y...'.&.y...#.&.y.Rich'.y.........................PE..L....WiB...........!.....n...........S............@..................................q...............................z..x...Ps..x...............................4...`...................................@...............L............................text...(l.......n.................. ..`.data...\|............r..............@....rsrc................t..............@..@.reloc...............x..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wdxtmsft.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	346624
Entropy (8bit):	6.5781002254973115
Encrypted:	false
SSDEEP:	3072:NayD8FQQpQgjqTe68cIv4dLnEHEz6Mr3irPtcDkazTWmA83H7qazytRp5NkiEiCE:MFwTR8cdnzRiTc3XHo5YDXWtv
MD5:	795C2AB4269D1A8F76150AC5A639DA78
SHA1:	46B371D7D448F6F2F23B242CA8B86609716A9BA8
SHA-256:	7C898EE86D6D4BF205CFB86BCEEBEE3C163F32A3F78A46276E6C00152535EBFD
SHA-512:	AD1F6703D2D9B2305246BD06A1AC4FFEFA1CB51E230C31BF6259598C7C94F85DC8F23AA5B2481F4D4D945E79718B1DE8EF6A13DDF0C95284F4ABAA2CF3B9C618
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ..Ae..Ae..Ae..Ad.dAe......Ae......Ae......Ae......Ae......Ae......Ae......Ae......Ae.Rich.Ae.........PE..L......F...........!.................V.............5.........................p......`.....@.........................d...................@6...................0..x<......8...............................@............................................text............................... ..`.data...............................@....rsrc...@6.......8..................@..@.reloc..x<...0...>..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wdxtrans.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	214528
Entropy (8bit):	6.411333159773431
Encrypted:	false
SSDEEP:	3072:QUcqxjyEo8owZlIQpdrG0wvF9N2TDWQX9PBKdV/iGXPXXgFQclkuLrI3g6NdunTk:UqB99ajNAWQNpJG/XXwauL4Ndh
MD5:	EB9AE6FD83FF2510344B33900604A14C
SHA1:	2C4AB71AF037E1A1E138F168E11B4533F1C6102B
SHA-256:	A3514E77D3AABC764F4E4E27DB307188B71E4BA27DD66EFFBF60BB802CB3C41B
SHA-512:	2BA89C2E75E5C8E834ACB6EC4747AB33250BE409329E453B10A87C45FB316E176EE373C3BFC34F140CE973C6FB4E6B08A6AF6489A92A95CC74D5E8F302B9620D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.]."R]."R]."R].#RI."Rz2YRH."Rz2_RW."Rz2OR.."Rz2XR\."Rz2\R\."Rz2LRp."Rz2^R\."Rz2ZR\."RRich]."R........................PE..L......F...........!.................q.............5................................N.....@.........................H.......$...............................p..l.......8...............................@...............d............................text...\|........................... ..`.data....3..........................@....rsrc..............................@..@.reloc..l....p......................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wextmgr.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	131584
Entropy (8bit):	6.071116018903586
Encrypted:	false
SSDEEP:	1536:cpvf1pvD2znT3hkvXC2l8Cal6Cuzsz1AIRS/neqlSRHEyKD613yALSPZr0MdvKEA:qTsT3O/C2BszJFKD613yAmPZyR4hu
MD5:	929A69E3CC9912DD57771B5A227F50E4
SHA1:	D4FD1E07F7C69814B3D0E40FEC5364B1B8183901
SHA-256:	DB4A591AB8D533EC276D718860DE5935F738AE9895A0BE697417DF3F478609FD
SHA-512:	890CD3BBB60CF1669DE76495C86CF1CA2C0DD669800CEDAB9DE52893B950DBCB0B7BF6DB998DC65F330B388FEEE5D7BC7F04D6508F56718F1D178DE981A96361
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............\|...\|...\|.......\|......\|...\|..0}.......\|.......\|......\|.......\|.......\|.......\|..Rich.\|..........................PE..L......F...........!.....@........................@..........................0............@..........................;......(?.......`..`.......................H....M..8............................r..@...............8....<.......................text...K>.......@.................. ..`.data...<....P.......D..............@....rsrc...`....`.......L..............@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wextmgr.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	34304
Entropy (8bit):	5.104203256809443
Encrypted:	false
SSDEEP:	768:3K6+1GrrWr/hh4ixGcjvKtKyFz63DZEvC0H:3KT1Zr0MdvKEyFz63DZEvC0H
MD5:	1023A39DE701135CCCEB3827104598C9
SHA1:	22FA3D572769168432B53960DE5DB76093F03938
SHA-256:	5BC981EB6455AC306704AA3BA9EE57CBBFCB19B80F655E9C07D700DED1E2D130
SHA-512:	33F953AED1E9B632022ADB74A324E314A86B33C4C688FA89B192C995D79AF2C2883DD2AD4DED868516F472CA7B5B9FB84116FAC51853821B812BE71F4DE350CA
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.................................................................M....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B............................@.......X....................... .......8.......................P.......................h...............................................................(....................`..@....p..X.......................p...............................................................................0.......................H.......................`.......................p...........................................................................................................

C:\b99fd08a604e45b5fc9f\wow\whmmapi.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	60416
Entropy (8bit):	5.776478803025778
Encrypted:	false
SSDEEP:	1536:uXNfBaWhtrj/O2b6S0N/IcbjdpMW/Nx4C4TBUQFe47yU:4fBO95bjdpMW/NeXjegy
MD5:	B0037B909D8A315D092849E2869E632D
SHA1:	247303578879E408DD0CBA4F393218D8D10C43E3
SHA-256:	66AD7D256D1F627A8AD08DF23A51FAF4C540141D487C0CD361ABB93221D2651C
SHA-512:	1F196CFEE354727F9D4675F362BEA4C2C772AA9FCAF2CFF450CA221981CFFF51BD47A0DE5C17D86104B610EAE278AF42122EF2F348DFDBC830D94EE40F95FC73
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L=.."n.."n.."n.._n.."n..On.."n..#nc."n..Yn.."n..Xn.."n..Ln.."n..\n.."n..^n.."n..Zn.."nRich.."n................PE..L......F...........!.....x...t.......a............@.................................s.....@.........................P........x..........h^...........................................................@..@...............l............................text...0w.......x.................. ..`.data...\|............\|..............@....rsrc...h^.......`..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\whmmapi.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	4.622931604537916
Encrypted:	false
SSDEEP:	384:jWcSYrM4VtJNaqAT/+IC4QBVGBKFTFIxSji8ye3eh7y8JA0a:ICMW/NxK/VC4GwBUFLjiFe47y81
MD5:	608A78F4C660A621110167A102607B81
SHA1:	F5B9059B98472A0D3BE1114D4DE9D40FD32E3F48
SHA-256:	F6B3D943C642D2EF37E43DDEC2D1555C30284C189C340F5E2328BEE87B1CBD06
SHA-512:	3E7BC0A39F2FD2B007119D021DC4AF2827CF500A2630A038009D02B8D5A5FF069244C2A9BDECB8A814B89EA588FD62B1427E15C7D6AF505D95E6A40B09216D93
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........p............................................................@.............................................h_...................p.......................................................................................rsrc...h_.......`..................@..@.reloc.......p.......p..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\whtml.iec

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	443904
Entropy (8bit):	6.2290333357187695
Encrypted:	false
SSDEEP:	12288:xlbp0jLsqqrrrrH3+ByUHFl1kFzwGpGwqnoHo0X9r4UJZG2nXGtJbIw:xlbp0jMUll1kFzwGp5qn0JtNGrtJbV
MD5:	A573CC191CA787A510450D2C2A47C3BB
SHA1:	304611B2D08638D6334561357684A4E18A6D9E6C
SHA-256:	BE43DF304B37DADC3A110EBDCC1228C008F384E20AEFCE469C56228B1BDBA5ED
SHA-512:	D13FCCA7F59155D098190ED03F7BD75DBFCBCAAC147745B71BF7CF4D4FD3067D9AB1A295FDF0FDE95E399A38F73A9EE18C3FFEF0ED00124B10449CF9AE9B2CF7
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y........E..6....6....6....6....6....6....6....6...Rich..........................PE..L...=..F...........!..............................@.......................... ............@.............................I........................................V......................................@............................................text...)........................... ..`RTFOUT_Pg........................... ..`.data...T........l..................@....rsrc................`..............@..@.reloc...^.......`...f..............@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\whtml.iec.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	3.294567596164341
Encrypted:	false
SSDEEP:	96:3udLJEWnFwWwZhYviNlJ88vpdltdy60KyHK9XtFpjlnl13cZAAWdvjpaxCb934E6:S2WnFwWCfnN93J9rAU7iRl
MD5:	671400E1A05D2709D9178E786CD1446F
SHA1:	AF96DA8AB76865E21C1D39CD53BA4D267919947B
SHA-256:	9E64ADD90F8EB90A3844856AB5A13D3770A25A721988090D8EFC79749B1D65EB
SHA-512:	53B537B4A21E97EE5D46AFFB520A5BFBF805212FF156A106967FF7A9F9EF4397F442481BC36185EC9AD8F3C452BC78EFDC801718E5AA5C4DD87995D1A5AFF6FD
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...-..F...........!.........(...............................................P......*T....@..............................................%...................@.......................................................................................rsrc....%.......&..................@..@.reloc.......@.......(..............@..B............................0.......H.......`...................................................e.......................?.......@... ...B...8...E...P...L...h...~........................................................................................................... .......................0.......................@.......................P.......................`.......................p...........................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wicardie.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	61952
Entropy (8bit):	6.117872246020778
Encrypted:	false
SSDEEP:	1536:+oYMYW5XRpH9+3+SG+2TBFM7a2RKv+rC:FXTC1Gz12DRa4
MD5:	9588B2B68869F38F8A8A636C91F6D64A
SHA1:	86B2BB31D673B52301A95DE263EE9D2E86DC33BC
SHA-256:	EDDD346B7097699F03548877677A5E1B792D02EE0822D7D12AD100F7D2CD39F7
SHA-512:	5DDB92E49DAA1D903201EED6F1C4D59D6D6C5CA2D892F08217E9F85AE44D02FB66F8C44A8F03EDA7E3739BBF837C593D66337FD654767B97FA0095A30618EA6A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d...d...d..i....d...e...d..i....d..i....d..i....d..i....d..i....d..i....d..i....d.Rich..d.................PE..L......F...........!.........:....................@.................................8.....@.............................j......................................\|...................................H"..@............................................text.............................. ..`.data...............................@....rsrc............ ..................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wicardie.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8704
Entropy (8bit):	4.648232410973566
Encrypted:	false
SSDEEP:	192:KgWWDTlJDTZc7nKDrZewuifbxgDnSndqbf:AWDTl47nUsK9Bk
MD5:	B34A698D468388DFCC2D00546DE05740
SHA1:	09EC8E7F4941ED9AA3F93D11EB0A41837CB06CBA
SHA-256:	E0D626AD523B19AC1F3A875B51092E9F1C8638C7EE6A4F9D0B3463F6CB545492
SHA-512:	8BE79628DA9C9B119C6336650FBB2C34D7AA375D5B06C390EB4506DDA742B9365D5C4177BBE729AE9396CD71C459AE97C2175FD00DC64806EAC192143F0F2720
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!......... ...............................................@.......t....@.............................................@....................0.......................................................................................rsrc...@...........................@..@.reloc.......0....... ..............@..B............................0.......H.......`.......x.......................................................................................................................................0.......................@.......................P.......................`.......................p............................,..............8,..J...............................................4............$..V.............S.A.F.E._.P.A.G.E...H.T.M.L...N.O.T._.I.N.S.T.A.L.L.E.D...H.T.M.L...S.E.R.V.I.C.E._.F.

C:\b99fd08a604e45b5fc9f\wow\wie4uinit.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	54784
Entropy (8bit):	5.500891479596084
Encrypted:	false
SSDEEP:	1536:PpJFI5jKDdD4k3km0GXl6rKHIHWyK0EE:PkeDFkmJIHWyKd
MD5:	B540FC036262B4B4499E49F582E9E3C3
SHA1:	DEF9ADECD871CBCBD4450AD60F7949EE11D1FEA8
SHA-256:	15194A0CCF7B6CA529D630B13A133AF6F05FF743E96025E50F626F291BC385DF
SHA-512:	6FA1575B341C9352C4150ACFD512EFFE82B613FB70839E9B23A4CE0EFFEF36D387DDD58C2CC826FFE4E207D1C04A6FD5828DF82FC85216B15FF4332496E7C587
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3F..]...]...]..b ...]..b0...]..b&...]...\...]..b3...]..b#...]..b!...]..b%...].Rich..].........PE..L......F.....................(......................................................x.....@...... ..........................$........... ...........................P...............................hd..@...............0............................text............................... ..`.data...............................@....rsrc... ...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wie4uinit.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	2.696858923444229
Encrypted:	false
SSDEEP:	96:EEWz6qGZmvmviHYvkvfvAvZfvwvtv8Iv3fv3wASvUZj:VWmqG4HkSXD
MD5:	AAEFCFABFDBE5B6FE96A6958FE1B389E
SHA1:	FBCD431737DE587E289910D43F51F3AF825F5792
SHA-256:	661D7A589357F1760E71D9DA93074C9126F857A45079B473FE1DE3EF9CBEE00A
SHA-512:	066723D3B01C0D851227B9FE51D0013650CF3DECA6A3343EC1B92BA3102A5515F4205405E523D9A4D393E2428B2BD340EDF2F268CEF3A19AC86CB051A0DE35CB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0.......m....@.............................................@.................... .......................................................................................rsrc...@...........................@..@.reloc....... ......................@..B........................x...(.......@.......p.................................................................../...........................................................................(.......................8.......................H.......................X.......................h...................(...............................................8...X.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.

C:\b99fd08a604e45b5fc9f\wow\wieakeng.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	152064
Entropy (8bit):	6.241379452238897
Encrypted:	false
SSDEEP:	3072:gAvDbTCMUR0TUBj+xIyRrUcYtQaVZnSlP5q8WlTa13NKpOz6Rwbprkth+:giDbTCMUHyRrUcG3nkEM19aOz6KbFSh
MD5:	F270E171FBFD3F36CDE7621EC03A6B0D
SHA1:	412B1CF3746A71AC1AF27E30369EA9AB90A1E347
SHA-256:	C7E8CB48EFABFAF5E8EA0E824A190E36F49D868AB441FCC965DB193943DD6047
SHA-512:	3F52CEB8AC80E847FBDD4977B2801BF116FB220ABF1185EF0F1D9C46ABAD7BC2CBECC119544123FB1875FD46FC36A2B8A0C52A6A3C8EEB29F11C8B2BD0091995
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................a....a..........a....a....a....a....a....a....Rich............................PE..L......F...........!.....(..........m........@.....a......................................@.............................v...4...T....P..8....................`..d...D6..8............................h..@...............t............................text....&.......(.................. ..`.data........@.......,..............@....rsrc...8....P.......0..............@..@.reloc..d....`.......6..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieakeng.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7680
Entropy (8bit):	3.178032804703201
Encrypted:	false
SSDEEP:	96:QPOEWhvW0WumvYQnPInGem/y5uaFFWwYlZtmKqyWa07hzwhXEYjXftiadIb:gWmtASr0Fz00uGb
MD5:	0A672DB75E2C3E52DD0E5D360216B075
SHA1:	F5A8E1E1C6D1FD1155E3C43C2DA801E0603E9C5E
SHA-256:	A7C8FA7AA21E0D79DED459F2275E6167D2137B6CCC1CDE05315F288428398003
SHA-512:	FEAB19B709A98A07D6DEDF8E071F20F46E7D26574BAB0415626C75C94278DE90178BB77A501672C8802C119C781D904F21829D22ECA67ABE6E9DD8C2DFBAF61C
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................@............@.............................................h....................0.......................................................................................rsrc...h...........................@..@.reloc.......0......................@..B............................(.......@...........................................................?.......@.......~... .......8.......P.......h.......................................................................................................................................................(.......................8.......................H.......................X.......................h.......................x...................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieaksie.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	6.043032874000916
Encrypted:	false
SSDEEP:	6144:TX7qFKmUVIDMVLdYF2ZVKivNxS50Xwqx4ExgEg+79ZdNnBl4l1U/A8OnTcMe/xM9:Trq5+7ngEr8niF6sT
MD5:	10D7F6DC4A61F47CA5FF56CAE4A97DA4
SHA1:	635BE0E22D2E40096B6BF3052F2191848887160E
SHA-256:	D0E60574A7DA1FFF50D652F89A827CE3681DD71E6B73939034EFAE69D52B0141
SHA-512:	6A2221F4ACE179950FD8E8044AC708E39B11EA4E9438D31B3B5D911EE3329090C2AB4C33DE486A52F0D74C02AE673FA8C201DA20190F9F2B14203BC9D0FAF156
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]e.<...o...o...o>..o...o>..o[..o...ov..o>..o:..o>..o...o>..o-..o>..o...o>..o...o>..o...oRich...o........PE..L......F...........!.....Z...Z......;........p.....p.................................k....@..........................M......\|N..T.......H.......................p ...h..8...........................Hb..@............................................text...`X.......Z.................. ..`.data....F...p.......^..............@....rsrc...H............n..............@..@.reloc..p ......."...^..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieaksie.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	102400
Entropy (8bit):	4.178391796779189
Encrypted:	false
SSDEEP:	768:K19gd9R1J/G2qH0DU5WVcQ2i/g/sUgcRafG6WCUBo5Sag:K19wZJ/H20QJR//TRafDhI
MD5:	35AD8C8E21520424E15B0B81944C6B4E
SHA1:	AA6F8C152FF1C78D146403EEAE1AC3F8E48C5522
SHA-256:	F978CEAD9077444343B9E1E5E5BA7104778673CB832A44380743C23A8D088B0D
SHA-512:	C38344924D0C2066F5E3FE14EAB722656683ABC66C24A4E51395BF161EAD18FA55EB068B7C533C8E50986EE8614EE6CECEDE187B889E34D75C22053791101AFE
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!................................................................F6....@..............................................c...........................................................................................................rsrc....c.......p..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieakui.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	161792
Entropy (8bit):	5.521796892926147
Encrypted:	false
SSDEEP:	1536:9GCu3xHgR6ulyZVUySmieY1G2jaor7cpXZ8SxaSn/srx6SbzJKn4:9Gh3xAoulyZVUySntE4
MD5:	C41C2695A617A4D6759DA756DE2DA6AD
SHA1:	BF558A03B940E7E5F6C66DF2D9E768DAA0B0FAE9
SHA-256:	CD8076887501FD4D9BABBDA135D046BD0B4620A3D442DCF04F0DF48DB27DD9EA
SHA-512:	3275940492F34C8933C6E6387DB3F9179BB2A4518D49A40A676518FAC9F212399E2496D1293EC6C1E22DBE4AEDCB750C2409AA878029E6D6745C0B5DBF5826E7
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........v.....................p.................................o....@.............................................0t...........................................................................................................rsrc...0t.......v..................@..@....................................................................@.......`.......x...............0.......h...............................................................................................................(.......@.......X.......p...............................................................................0.......H.......`.......x...................#.......$.......%.......&.......'................................................... .......................0.......................@.......................P...........

C:\b99fd08a604e45b5fc9f\wow\wieakui.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	266240
Entropy (8bit):	4.883536667255616
Encrypted:	false
SSDEEP:	3072:m8mIrfEdxAoulyZVUySntGFUf8mcLlF7NGTuH:mrup5nlTSH
MD5:	A264013BED2E7DC26BF70E83A694F6DC
SHA1:	A7ED7377B568AE24383E6C95143501A9F2103C9D
SHA-256:	45100A694026F32AE22734E9772C8A81DA27BA635E5BDB5096A811BE5DD2A281
SHA-512:	80BC4BD17F577AC07EFDFF7FC11011A894F508E43187503F157492494F6E8EF243421C554009B5AE8BD89FFD553B96D07AEE3649F67151D0A3B4D3D77FA466DB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.................................................................X....@.............................................x............................................................................................................rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieapfltr.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	383488
Entropy (8bit):	6.768149321009819
Encrypted:	false
SSDEEP:	6144:gmYTccb7MQibGoewMV4InQwfkS8y/9MIxXpr8n4715HjLBL5OVX7UqOodqSAhunj:gMc8PbGoewMCRlIW0vnTP8tIdHyP
MD5:	F182D7D90DB21A314569E4091510A2F4
SHA1:	A87319052DB6CA89F8E69FC2717F96963385ABB0
SHA-256:	8037B2C49D9D19D9FB842B163129C86AEA5474F6EF55F886CC066B2CD2C147E9
SHA-512:	AB7644A0742095C4602C9E9F5B5240893534F0FD5B70D4D4E940F7ECAFA756D0F89D875B8AC7E78BE4556A5F4F1AD8ADB83C99F5B0F433E9A43235E6B8F561C6
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#?..g^..g^..g^..@...v^..g^..V_..@...\|^..@...r^..@...f^..@...+^..@...-^..@...f^..@...f^..@...f^..Richg^..................PE..L....FE...........!.....\|...Z.....................r................................&l....@.........................D6.......v...................................D..`...8...........................pl..@....................u..@....................text....z.......\|.................. ..`.data...............................@....rsrc...............................@..@.reloc...D.......F..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiedkcs32.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	382976
Entropy (8bit):	5.986966880732522
Encrypted:	false
SSDEEP:	6144:d9VFNSc65WTXlINQ9LsInsikzI1BegSTKG93QXKxV53cw8U:IrQYikk9GdQXKL5M
MD5:	A4F97FCA5D861C9224EE2B5761A44B80
SHA1:	569AE97921E7F90443B6E8136C45A5943DC87970
SHA-256:	937D6774B5C964F364AA7145D9A9C6BD47953E8DD080CB6C6B141735D45C1760
SHA-512:	7C6BA7436F6C8A740BA70AFF27D586CDBD1187792E29B577A11182CAD4BAC6EF9BCC435865D35E6F9A9FDA653F83709939B9D423CF2B956DFD6051F672B6620D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Qk.NQk.NQk.Nv..NXk.NQk.N.j.Nv..NLk.Nv..NPk.Nv..Nlk.Nv..N.k.Nv..NPk.Nv..NPk.Nv..NPk.NRichQk.N................PE..L......F...........!.....L...................p.....p......................... ............@.........................l:......8A..................................8A...Y..8..............................@....................<.......................text...MJ.......L.................. ..`.data....[...`...@...P..............@....rsrc...............................@..@.reloc..8A.......B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiedkcs32.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	5.075832524944859
Encrypted:	false
SSDEEP:	384:xsma+WgbeYom/h5Ov5jbPToDLQ3w+XxmN7fEQPzdMyRjtwLe10vt157Hj/7fDWRf:xsmaAbeUyeG2IlMuef8eGST/Vz
MD5:	D1DDC753449550255443C695B1961176
SHA1:	F3F32D30CCCEB5DDF905B0C3B980828CAD87D06E
SHA-256:	800E8D8070A1CF1B2519EF780DE24DCD523DC86BCC2C41F8F4DDD401C7EB40F9
SHA-512:	C3B94AB7003C1997CA51F960FD5E4DDF2F8EFAD83FE1B5473EBE6476C15A3787A5F00397BEA2E8BC65DFF81234E8E223DC2078D6A22D9645805A5391CD035BD9
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........0...............................................@...........@..................................................................0.......................................................................................rsrc............ ..................@..@.reloc.......0.......0..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiedw.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	69120
Entropy (8bit):	5.248623637280708
Encrypted:	false
SSDEEP:	1536:XNpbWTono2PF9yJH9KBjH7ZoSQoL+Qz6:GdKFOoL16
MD5:	97DEAFCDB4C4E0A97894C7A0F9778CF5
SHA1:	CBC7CA88ADBB1FFE870C094C1A680935803EEA22
SHA-256:	3982CB1F7B74FC4D7F4306A62676F47174207880CBBC03BB11D21BE160FFE2B7
SHA-512:	72D0A94720B2E0AB415416353559BD6C3E75C4E45E3AA00FA16351F8B68C5A38F0EDD9306714B7BD51D7DFEFB04F959227C5BE0959FD7A108586C70C7A0B913B
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z...4^..4^..4^.+I^..4^.+Y^..4^.+O^..4^..5^..4^.+Z^..4^.+J^..4^.+H^..4^.+L^..4^Rich..4^........PE..L......F.....................T......s........................................0......5.....@...... .............................,....................................................................w..@............................................text...T........................... ..`.data...,&....... ..................@....rsrc...............................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiedw.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5120
Entropy (8bit):	3.0500471072203226
Encrypted:	false
SSDEEP:	96:5M6KEWSUxmvOpztOqFSarvEviPWch82K6vd+QOor:VWSUDtRSark3o
MD5:	87935AEF32BB4DEDF53294A105CDFF9E
SHA1:	3D87AAF6F0FA6E35EEA42D7514871BB12A2FEEA3
SHA-256:	F60B83219B8AEB22EA1BB347A5811588278A5BDB19F21F0E58DB6DDF11F830B6
SHA-512:	80D98EE2DFC8D08C29F5F13F528863AB1B7C5F21012D5F7A3474375B67AAB35ED4A8A35B3EE40BD81390566834A1A8BBE4A2C8ADEE9430CBF6C789D1141039C1
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0......."....@.............................................@.................... .......................................................................................rsrc...@...........................@..@.reloc....... ......................@..B............................0.......H.......`...................................................A...........................................................................................0.......................@.......................P.......................`.......................p...........................................@...................2...........@...n.............................................M.U.I...........4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.......

C:\b99fd08a604e45b5fc9f\wow\wieencode.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	78336
Entropy (8bit):	7.335777111528264
Encrypted:	false
SSDEEP:	1536:pnkgeVqVk3ebDgzZStvl83tUiV4j939Owr3WOs+o:sqVgtcNotUM4R3AwaOI
MD5:	E5B2E51FBD0646E42DA1925F71CC562B
SHA1:	97E133A78FCB718BF96DCE2E480216B8E139AD38
SHA-256:	C81A1C1E038D7B9F2F50778D7A31DE98D4EEEFA3EEE16ABDD15EADC52E60DF41
SHA-512:	E043BEF9E6578E77B6625AFB02B002067F7F850E8D03DE23C9426D4101566D9B5BA41D79002DF52441543ABB7A34B1E8EE8D4336C72BD6B34E010C276F3FB6B1
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*GJ.K)..K)..K)..T..K)..K(..K)..R..K)..G..K)..S..K)..D..K)..W..K)..U..K)..Q..K).Rich.K).................PE..L...+..F...........!.....F..........2........`....@..........................p......].....@.............................a....Q..<....P.......................`..p...PT..8...........................@...@...............p............................text....D.......F.................. ..`.data...<....`.......J..............@....rsrc........P.......(..............@..@.reloc..p....`......................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieframe.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6049280
Entropy (8bit):	6.236268809747435
Encrypted:	false
SSDEEP:	98304:+56u9Ksri748RJMAyrtazl732H3R3Zy9a8cUo2L/E5YBLjU8/c:cxr7xrtolbb9a8chAE5C
MD5:	3C967B0F5F6349F3574849DD561446B9
SHA1:	A05911AF0169B218B4954D44FC26034F03EFAD0D
SHA-256:	FB312EB9C3625D9C491FB95FF44833D631D6C1C04D11143D4FE0AFE2E83F0447
SHA-512:	C2CE3BDEB56673C2C0A821F30309BE4BEB23F7C2FDF19C1F14F7C7FBDA75FB8B75005BACA74D48153131758ACA6D424A9D97ECBA878A32C30516AFE87E56E67D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........a...a...a.......a.......a...a...d......a.......a.....\|`.......a.......a.......a..Rich.a..................PE..L...H..F...........!......%..R7..............$...@...........................\.......\...@.........................`.........$......P&..b4...................Z.8...D.%.8...........................h...@....................$. ....................text.....%.......%................. ..`.data...` ... %.......%.............@....rsrc....b4..P&..d4...&.............@..@.reloc..8.....Z.......Z.............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieframe.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	991232
Entropy (8bit):	6.200780542022877
Encrypted:	false
SSDEEP:	6144:FOYJFtGTgANuERWdVhJxG0h41eYl5wlLftr2g9cFEdO+HTQ88BIj8A1ftRRTae6W:fz9aqHTZVeEr
MD5:	C00A1D48F16223F0B10ADFB03ED816C1
SHA1:	0FDFC3E45F8084A59561E93C9DC449488203B9A6
SHA-256:	9116E70B3056CB94A6CDD60C84E1F033E31E019A03B7B58F1EB1A6119F6FD80E
SHA-512:	EEEDF8060BAAAEC988A0CED9CA343BD837E5A29126FF61810740201218FE08A1E5CE37872F3313E645B1BA59C9D600BE6C2218FEF20DACD893C85AA8AD50EEB6
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...#..F...........!......................................................... ............@.............................................8............................................................................................................rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiepeers.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	191488
Entropy (8bit):	6.05332731236487
Encrypted:	false
SSDEEP:	3072:05QT1SM4pTT3OGYsMRvgrJVRp/wjKbghrbMsr24mbDkP5X3w:394/YsfrJVRpbbW98YZ
MD5:	65ED13B8D0A3528EC89C943DB2E93A9B
SHA1:	9527A01A625BE612F57BAAC0492795ECD2CEE5B3
SHA-256:	0B5E2683242798B29CEE56AD0F53C183F5CCAE001B3C949713909784FEBDB4FB
SHA-512:	8FAEFAEB4B336E784EEB0B75FF64EAF746DEB19BCE0EA7CB5EFFEEEB999F4982C5FDC89DAAFF4E3248AA66FB1BA21C566FE0C871C12F16B5DEFA553ED225CAF2
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N....................B......B.......B......B.......B......B.......B.......B......Rich............................PE..L......F...........!................%........ ....@.......................... ......K%....@.........................H%..........,....0..H.......................d.......8...........................8...@...............X............................text...@........................... ..`.data...d...........................@....rsrc...H....0......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiepeers.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	2.890082740694039
Encrypted:	false
SSDEEP:	48:KB+t+yLIZWNcv1Xmh8E/GvvIgwyHIyfvvhiDfvvNYXAXgNDvX6qiNYSlgWQ3uZvn:LLEW6v1UHmvOw73ve3v2AXgRv/WQ3uv
MD5:	03567B3EC3719404E0181249EF0A8395
SHA1:	3411D2B91CDFDE63553C9A92241FA0773AF85859
SHA-256:	FED9F4B4B8FBAD35C4F62E5CF8A4E387E4D64786FE739289F4DC74B9D13CCF8A
SHA-512:	A51800083576479A11F05870E13213403BDEDD1C06F46A9D84F30A5E291CBA03A8F76C55E6676C27E5F361D007D4B7A051DD023D148B3AF0B255FDEE2B52D714
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0............@.................................................................. .......................................................................................rsrc...............................@..@.reloc....... ......................@..B............................0.......H.......`...............................................................................................................................................0.......................@.......................P.......................`.......................p...........................8...............h...Z...............,...............>...........8.................................M.U.I...........4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.......

C:\b99fd08a604e45b5fc9f\wow\wieproxy.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	287744
Entropy (8bit):	5.4536367951850515
Encrypted:	false
SSDEEP:	3072:r3DtE8inMjp87s3XbXP8AUGn9RWZHheydfkoBTeySZTEeU:HLaMK7IrXrhn9RWZ1dhf
MD5:	F887308EB54D98A281DF9C1D8BE0CD64
SHA1:	3DB17413A2296D8E50987DFA94C78C79BA528F17
SHA-256:	8124CCC65C8BEC47435DFB6BFBE1E5FF98CB79B510FF92398EC1587E4B935B52
SHA-512:	EA55B92CA7B7B32DC81D2D4F2CA5E3743F3F0001047EFA0EABBDE9C1DDABD7E51C7E3F1BB8CDADDD46856905CEC704A85770032CA1F1E29A6DD47ECD8A07F0EC
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........g...g...g......g......g...g..~g......g......g......g.....g......g......g..Rich.g..........................PE..L......F...........!.....h..........U3............@..................................2....@..........................R.......I..........0.................... ...r...................................*..@............................................text....C.......D.................. ..`.orpc...."...`...$...H.............. ..`.data....{.......z...l..............@....rsrc...0...........................@..@.reloc..Hv... ...x..................@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiernonce.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	43008
Entropy (8bit):	5.807528131279066
Encrypted:	false
SSDEEP:	768:8WYTtuI/VTU4k/d5TROtlTSVaS1dFm60J7xJL/kIz2:8JtuI/VTU4kvTR2QVzAJ7fII
MD5:	ECD8379DFE8E9A41A600E8B374E04BBC
SHA1:	550312BE6163AEFF88356ADF6857D10995614FC7
SHA-256:	D5CD3FBD854684B20AC6FC8CD705C97D6E472F03D4682A15A095B3251F7FFAB7
SHA-512:	907960C0636F8AD2B64F6F71D08BA62A9CD2D7FEEDCCE32366FC6EC3DE51CB002083F958C05336867972C6E9D1F03C4DACF359F54BC34C9C524EAB26ACA2829C
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yy..=...=...=.......:...........=...........(.......<......./.......<.......<.......<...Rich=...........................PE..L......F...........!................&..............P................................iP....@.........................h...g......................................l.......8...........................8O..@...............h............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiernonce.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5120
Entropy (8bit):	3.0718702965951366
Encrypted:	false
SSDEEP:	48:Kfamt+3IZWI9LimTCs/GvvIgOlC3TVnc8U4MeZokliX5kZzNGIlksl3cchptW:ueEWOB9mvgqTVc8U47Z5q5kZzNGZQpt
MD5:	D6A49D5E22E7E195407C1CE69B25394D
SHA1:	22EAF0E0D8654050D9F46EE866A7E5220357CF59
SHA-256:	A673FAD449157F9C6FA595DE2CCD63DD01468B0AF8A59AC9C271FBCEC0C0B163
SHA-512:	11D45DE967D4C1988A3C23E375306282934AC85CC71B93023DB9077AA4D1200D4E2A5F3CF034EB72830B1F1282E4BBE8C97EDF90FD6F49F6FF592FA7C3D5468A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0............@.................................................................. .......................................................................................rsrc...............................@..@.reloc....... ......................@..B........................0...0.......H.......`.......x............................................................................................................................................................................................... ...X...................................f...........@.................M.U.I...........4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.

C:\b99fd08a604e45b5fc9f\wow\wiertutil.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	266752
Entropy (8bit):	6.475283157445905
Encrypted:	false
SSDEEP:	6144:O4uuB+nTQA2FIPlZznlUJZCKV+O2BiCdbpM7:TAnsAjPlZQBV+tHO
MD5:	37B82F050378ABA1FC6BF6664575F68B
SHA1:	7C8DCC76C00CA663D9648751B7AF0362086175FF
SHA-256:	B7A938E39C6F118C776E7EB46BDE7C61F7AAB6652AC086BB6C243276E70B15BC
SHA-512:	B1328183B157BB31AA9E7984D3C2EFFD63FEBEDAE7C46584936DE7637B5D067FFEA086A6D8B72BDAE2D5C5AD5A9F6DD449CF92D6F3B98814FA179756B5E764F7
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.q.g...g...g...@.b.`...g...p...@.d.v...@.r.....@.e.f...@.q.....@.a.v...@.c.f...@.g.f...Richg...................PE..L......F...........!.........\|......-..............].........................P............@.............................................8........................a......8...........................0...@...............h............................text.............................. ..`.data...............................@....rsrc...8...........................@..@.reloc...a.......b..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiesetup.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	55296
Entropy (8bit):	5.9120367232794075
Encrypted:	false
SSDEEP:	1536:ExTUhkfvyL/02Kd2+M8ozjSaY2VwcqH4m8enxrU4yJ/drM:ExTUOfvoJ+MRn8lnxy/d4
MD5:	2F5E8627C26AA41001C7A803CE4850CE
SHA1:	427750FF107E69E49CE58958EB263D5D9B89664A
SHA-256:	C08E75D164D73659C5DBA0E285A10A10BF00F9FD83FF68F8F82791E19A1FD125
SHA-512:	ECBB12861E1487662AF24428797549E3251A3F0EC112B876A7CEE9086531423E031BF5F55C42E6C03DD5E28C7E4FC1AE8F5F1DDA4499496C60B01BC0BA079405
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..q..m"..m"..m"=#."..m"=#."%.m"..l"..m"=#."..m"=#."..m"=#."..m"=#."..m"=#."..m"=#."..m"Rich..m"........PE..L......F...........!.........N.....................e......................................@.................................p...........@...............................8...........................xD..@............................................text...d........................... ..`.data...L...........................@....rsrc...@........0..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiesetup.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16896
Entropy (8bit):	4.513769027789448
Encrypted:	false
SSDEEP:	192:mbW2BR+aKDHscGBmVdFuKDUeJsSEHOKDRKXCMPB/SHk3GUW2H5C:mbWQUaKDvPLFuKDbJqOKDYB42GUW2H5
MD5:	7ED67031CFC2E9D6A7384DFF4B9274C0
SHA1:	D92D18FC3598391880A468B5234CA9206ECEE909
SHA-256:	BD3856788D67E9B636068C08C66404675EDB7C3C637581DB345738F5A8A8F536
SHA-512:	B6BFBCFE24EA122F6F453F194118782CE478A663A9CB422754A3E65E1B3E7571301CB2965995362875BE1D4863E93ACCEACD1F0F568D1256118B2C844092C87C
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........@...............................................`......F.....@..............................................<...................P.......................................................................................rsrc....<.......>..................@..@.reloc.......P.......@..............@..B............................@.......X............................................................................... .......8.......P.......h...................................................................................................f...........................(.......................@.......................P.......................`.......................p...................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieudinit.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13312
Entropy (8bit):	5.4547062769476335
Encrypted:	false
SSDEEP:	192:DoAu7W7P5B5Kexcx4H9caMZdPhAWzc3H1Ipf0FSrcBHWB00zAIb/DoWzry1:DHu7W7czx4dcRZd8V4xrcBHE0EoWHy
MD5:	D3D2009FD649AA5082DA2F8CBD7D9F3D
SHA1:	1816EB2567A048437C750F036C770D761B1812D2
SHA-256:	E7DD603AB82D1A8CFBF05F93C66717BE48A2898DDFE70ED1818458B184C0FA08
SHA-512:	5CA101D3F5B644EC7B9CC9260B64AF68C35A39728F737AFDA3D8288AF2922BDF8C296195B134ED41D122E5A1D42E5AD164C5ED5797C9A00BCD5652E20E9B9D27
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................A.......A.....A..............A.....A.......A.......A......Rich............PE..L......F.............................!.......0...............................`............@...... ...........................)..P....@.. ....................P..\|...................................x...@............................................text............................... ..`.data........0......."..............@....rsrc... ....@.......&..............@..@.reloc.. ....P......................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieui.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	180736
Entropy (8bit):	6.558062025449429
Encrypted:	false
SSDEEP:	1536:LIHfHXOydO2+75Erhf/eLekUa4R8Fl/yFpLQRnAPRresKnx/hgQK95NRl0IQWFcG:AHXOMOP5kf/ewaKu/IpJqnxlCNr+/e
MD5:	A19C74F1C9536DF00DCD1D598E0B74FD
SHA1:	752E2CB46E374749BC3FD0CBC7A795A23819697A
SHA-256:	78595091064EB84DAC36F174078C1B4F9F79E85353E1CFC6C701DC9C2107197A
SHA-512:	6F98952B863647F2EDD1590394382D2187C8617A95104F7EB4E54F984279E93D56EAEF915FE5C0A0759CFA7DC96AFDD3C0579F37965ABA56EE61A83C053D8F7E
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kG................y~.....yx.....y......yk......yh......y{.....yy.....y}....Rich...........PE..L...\..F...........!.....6...........$.......p....@.................................b^....@.............................a....3...........;....................... ...C..8...............................@...................X/..@....................text...54.......6.................. ..`.data....(...P...*...:..............@....rsrc....;.......<...d..............@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wieui.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	2.629892278378595
Encrypted:	false
SSDEEP:	48:KmtXaQT1EDu+eIZWAcvjmbOv1Bs/GvvIg9fjE4eL7w:v/EWZv5v1umvffjE4q
MD5:	92331B071405E6A8DC2AE3165F2B3B36
SHA1:	2AA695EDEB631306309F43A9FCAB0A119FE61D4C
SHA-256:	C1A76A1A9BCAFB3807DF93068C56FD630433B44ED0C323820566891EC092DC87
SHA-512:	BF3EB79A9097488293B1458A3833B72FB96D0C80C5EE421C5B9EBD8F8F986D274250F68A5BD291EB03EB042E4E2C1DBE61E09E71954DDA51D6FB8BFC3B511BBF
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...:..F...........!.........................................................0............@.............................................H.................... .......................................................................................rsrc...H...........................@..@.reloc....... ......................@..B........................0...0.......H.......`.......x...........................................e.......................E........................................................................................................................... ...................@...............................0.................M.U.I..............................$.q.....A.s.s.e.r.t.........M.S. .S.h.e.l.l. .D.l.g..............PF.\.2...........&.A.b.o.r.t................P}.\.2...........&.D.e.b.u.g.........

C:\b99fd08a604e45b5fc9f\wow\wieunatt.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.6449880297231405
Encrypted:	false
SSDEEP:	24:e9GS7IVEt+CG+2+IZW0B/STYNn7osHlV81l523FdGvEMIYPN/VQRvEM+:KJG+7IZWy/omMUU1LE/GvvIgmRvv+
MD5:	6B40B17E5E1A032C979339B466890C5B
SHA1:	7338B0A07AAC470731504C5106060796DE53F44C
SHA-256:	7351ECA501B0F9676811C0E34B1D9EFC51AB248E275E314FEFE3DCF2E00EB122
SHA-512:	C47C0C9855E095C275BCEF5847358021B15CD7AB215321F3DBD85D30A5190C20F0F6226695010814BA94C5849103A47DC5A5CD9D6139FD63D76F0707818726DB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0............@.................................................................. .......................................................................................rsrc...............................@..@.reloc....... ......................@..B............................(.......@.......X.......................p...................?...........................................................................................................................`.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l."...F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\wow\wiexplore.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	622080
Entropy (8bit):	6.815811651909572
Encrypted:	false
SSDEEP:	12288:cSX+pd167QhE0s7+jM+M6ugRfMMkIM7tX+pd167QhE0S7+S:rE6Ehg7mM+M6RkMkIM7tE6Ehm7
MD5:	DE49B348A18369B4626FBA1D49B07FB4
SHA1:	75B0DE6087E160D748848F1B14C11D8770196253
SHA-256:	511D4CA26A0EC437333EFD6781E5983818A0045E7C7F0BBC193778E9FDEA643D
SHA-512:	D84B493E636365E7A5697589938DDB5B0C01215B6F691BCB81B8D56EAA7343826DD3B01784A4D18B24D9632C2E575A878937604E1F48AC532B5DA8FE18465FA0
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.I.qc'.qc'.qc'.V.Z.yc'.V.J.>c'.V.\.hc'.qc&..b'.V.I.=c'.V.Y.ec'.V.[.pc'.V._.pc'.Richqc'.........................PE..L......F.............................+.......@....@.................................ne....@........................................................................H...8...............................@...................P...`....................text............................... ..`.data...............................@....rsrc..............................@..@.reloc...............p..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wiexplore.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	573440
Entropy (8bit):	6.761698430513224
Encrypted:	false
SSDEEP:	12288:9X+pd167QhE0s7+jM+M6ugRfMMkIM7tX+pd167QhE0S7+:9E6Ehg7mM+M6RkMkIM7tE6Ehm7
MD5:	B58D8A1C7EE0E922EC7D2616DA136FC3
SHA1:	E2EAE4CA8D422AABF64AD513C53C838FE1D3FB03
SHA-256:	7EE521B594963FB9F552B660BEC2BD1CCC2C561160ACA58830E72133A86D22F4
SHA-512:	D7335E56F9637CD9EBB3EE7EA88E9964429F060A6EF54721AA67613CDE82D53BF86525E708E28DDB6FEB7F712F4619FC706677576E9724D64C733318C3257F66
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!......................................................................@.............................................8............................................................................................................rsrc...8...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wimgutil.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36352
Entropy (8bit):	6.172056400683726
Encrypted:	false
SSDEEP:	768:Ie5NYgiT89Iq0nON+n+g35nav2ty816iBsULC5we:Ie5qg593Kn+g3lav2tyHiBsbR
MD5:	277A5F9EAF1C88F9AC760C46D259CD3F
SHA1:	F055983EDC700EC871098156392C53013C34EDB7
SHA-256:	92C7DC64B83B0E447A0DBCBDA793E3C912B6F5F77F409B218CF34C11D3445C13
SHA-512:	203DF14D91DBC56F8128A1D91180310AFFC178A2D7DA9196D0BED8ECD54326F00B10B5B00F5C2CCE48ED1BE74AA6AD3AB8B7CBC4CC52696A3DE0FB3751EFFD5B
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=PP.\>..\>..\>...C..\>..\?..\>...E..\>...D..\>...S..\>...P..\>...@..\>...B..\>...F..\>.Rich.\>.........PE..L......F...........!.....x..........................................................*"....@.............................4............... .......................x......8............................G..@............................................text...Dv.......x.................. ..`.data................\|..............@....rsrc... ...........................@..@.reloc..x...........................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\winetcpl.cpl

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1817088
Entropy (8bit):	6.120537468050177
Encrypted:	false
SSDEEP:	24576:nn55cHf/OqEfNhf8UDztKnQpR+h/iyE6Eh99:55UWdfNhf8YztP8h/iy0
MD5:	8DF54F96C75FC47C796388E456EBF729
SHA1:	F712E22B49A8C275FBBCF7E2874F1252F03449D5
SHA-256:	0B6C4F6021B17F9CEF33BC0816218890216AFCF07FDC6294A7F26F8E52EB61A5
SHA-512:	5EB665C517A56F616D67DF4AF21F648BB49CD366DC834BE11C1991E11A1D5CD40D0B5339A42B266428D21618B74E6907562289FDD1BF03B5F09D3576766D2E11
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..e7..e7..e7..d7..e7.K.7..e7.K.7.e7.K.7..e7.K.7..e7.K.7..e7.K.7..e7.K.7..e7.K.7..e7Rich..e7................PE..L... ..F...........!.....n...v....................PX................................n.....@..........................V..%...HZ...................................\|...\|..8...........................P...@....................Y..@....................text...Dm.......n.................. ..`.data....g.......:...r..............@....rsrc...............................@..@.reloc...\|.......~...<..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\winetcpl.cpl.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1273856
Entropy (8bit):	5.752566962990088
Encrypted:	false
SSDEEP:	12288:zT4BqEWSoN8I184Gg5gybK78UDDn9ltG3CmrUbd2I9+Qa4OmSTTiyX+pd167QhE4:IqEfNhf8UDztKnQpR+h/iyE6Eh99
MD5:	9FA7F78F9BE7802600683D60C31803F5
SHA1:	A9E4410A88AAC72888B078164D73CB88EAFDB619
SHA-256:	12C5194BC62F7CA43F53AE0133ADEA6BC098C4AB73FACC30A4E9832C9927087B
SHA-512:	7935D8FCF40835031D31404BCBC3BEB9F2279316F4DADC0B1CB1A24D828A7624C7E12C7E5E1FA7D0BEAE24E8C4FF68832252922D96DBE5F9CCE96B06A0D009D3
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........`...............................................p............@..............................................J...................`.......................................................................................rsrc....J.......P..................@..@.reloc.......`.......`..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\winseng.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	92672
Entropy (8bit):	6.2859211650126765
Encrypted:	false
SSDEEP:	1536:w1INtbTUhkn5SGzWTOSgByeAcfpKb0g5s9l6nV1PaUke/Mi6EeaMUcW+dP5c:wiHTUOw3gByeAcDgu9l6V1Mipv+dxc
MD5:	468FEA083F6D715461866BE77CF57A23
SHA1:	3CAD03FA9CC22CCB589C893D3B50B82D4D435193
SHA-256:	1061294C615EA56698E014D195A5FFA6B4F6EB25A233A963D6A5B99FC415AC6E
SHA-512:	0E922BA124DB365EB01DA3EC7122CFAFD10B3DA20759D7DA78AB7AB9AAB063390246D6FE72DA1925057A4DE9E1509FB0C84F40F14DE143999985F319E20930BB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b..]..]..]..z..Z..z.....].....z..H..z..\..z.....z..\..z..\..z..\..Rich]..................PE..L......F...........!.....J...4......:........`.....a................................s+....@......................... I..-...PJ..................................d...,X..8............................L..@...............t............................text....H.......J.................. ..`.data........`.......N..............@....rsrc................P..............@..@.reloc..d............V..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\winseng.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	2.637741815630074
Encrypted:	false
SSDEEP:	48:K1C+rIZW9Xm1cGys/GvvIgwikEwWnyYhrztx3GcH:6EWJgmvOTEwShrztx
MD5:	04805CB76A67B3DEA0D5FF2F03B29D14
SHA1:	DBA4A97054E2B90A4291C0C15EABA307E764FE11
SHA-256:	F33EEDF5A417B794D33DDA29A9224D1742A523E73F8A70BEBAF997BB76F1A670
SHA-512:	14409D4376ABAEAE6CD138441C9786369FC1C167609A8650D257DE96E87AA7921394AF99E1668A3ADB8967F972C5C55446517C3B85931B12AB7DC5C1182937B3
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0............@.............................................P.................... .......................................................................................rsrc...P...........................@..@.reloc....... ......................@..B............................(.......@.......`.......................x...................?.......@...................................................................................................................................................j...........8...h........... .................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.

C:\b99fd08a604e45b5fc9f\wow\wjscript.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	491520
Entropy (8bit):	6.530164253506151
Encrypted:	false
SSDEEP:	6144:/yTOUFN0CCAWZ+/LGNGIbczmDBqSOIPmm5h1N4mmDSxhBBegGgTmIQWFyX2bUxqh:RJFZ+6YI4yHh1N4rDShBEEdHo
MD5:	C564A59C29B2386465B681CDDB086DC1
SHA1:	E930F52E079AA69CF275F31B1A37650516C8B240
SHA-256:	FE98AF4B34D1304C46BA51898EDA86000752BE82572A0828C00E2AE57E566665
SHA-512:	FC5218500415A6FFED03A98D6BEF7A2602E190169D9EE5A298BD4073A093E23E126A325A8CA9F7798910D5B016CC1943BCEB2FD4C07920EACDDC66D5F3CA5644
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;...U...U...U...T...U..:....U..:8...U..:(...U..:/...U..:;...U..:+...U..:)...U..:-...U.Rich..U.........................PE..L...w..F...........!.....`..........Z........ ....8c......................................@..................................W..x........\|...................@...:..he..8...............................@............................................text....U.......`.................. ..`.data...`E...p...P...p..............@....rsrc....\|..........................@..@.reloc...:...@...@...@..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wjsproxy.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	27136
Entropy (8bit):	6.104860317614692
Encrypted:	false
SSDEEP:	384:kBpu3GyaiyDk+UA/0COmYpeAr7snTsmI32PxjG98Mk2920Ei8zCx9LNj6ljmxMUT:kB2z/nC16IjbMp9GtCTB6Qx9UQVL
MD5:	7915FDDA2A75F096681036CDE225114F
SHA1:	39A5CAA640CFA46AC1F4B12C1C538704EDA785CD
SHA-256:	54E6EB6CEF111C10B2A31119927022B4D1DE55280C7E1E891A483DDC47F3856B
SHA-512:	82FAFAAA9F588DB80575723DEF80BEC8FCE224903725652D99B50388CB81F6554818A3275AD47E60F5D8F6A03DEE1709173275954CC420D9FE3344DB3972D7B6
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.....r...r...r.......r...s..r.......r.....M.r.......r.......r.......r.......r.......r.Rich..r.........................PE..L......F...........!.....Z..........*4.......p.......................................U....@.........................T........c.......................................i..8........................... K..@...................db..`....................text...xY.......Z.................. ..`.data........p.......^..............@....rsrc................b..............@..@.reloc...............f..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wlicmgr10.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	5.839842783719662
Encrypted:	false
SSDEEP:	768:kEed0PTUhkswg7uRfVaF9y0ZpxizZraZ4w4+VmCdk3stqzzDWj27v:8kTUhkswVeD3viE3dVmCdkctsq6r
MD5:	2900A114D8DEBD79245DAD267496D09B
SHA1:	7357088B5CB4A1571C624B929AE90F29D4A02707
SHA-256:	0138EE8E41B0F163717206D354EF04A626C15AC48457CA7EA1990600A95CF4E6
SHA-512:	06CF722F348549AE2BF66A2E8EC91FAC131473806D2AB78A225DB2027453307B93E43F813ABE74941E09785FB30869B4F7DFE008F1FDAA22013B3B7811D517CF
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u&P..uP..uP..uw.fuV..uw.vu...uP..u...uw.`u]..uw.auQ..uw.uuI..uw.euQ..uw.guQ..uw.cuQ..uRichP..u........PE..L......F...........!................I.............@..................................!....@.............................................@..............................8............................H..@............................................text...)........................... ..`.data...............................@....rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wlicmgr10.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	2.791022300717515
Encrypted:	false
SSDEEP:	48:KFJXq+2IZWNH/Onmr6s/GvvIgwtoka/vGoNMvQM4yoAE:GuEWt2a1mvOmkaX4vQMgA
MD5:	FED8641F516F9914BD8EC0044E748303
SHA1:	B69C8E61BFAE6A726DB15EC6BDC9DCFD8FA051A8
SHA-256:	D39EFB21B45F95AD82318C4BA0223105B0B6F0449061F1B4F7318CBBDEAC6E99
SHA-512:	BA619C7B046CE2EE1967F93A0000AECBA7A2904A5003A1ABC495E9B90898858B15EB505269D6F3A60DAC84ED06F405A5FA24B1155FEB1415DB0EA53988081EEA
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0............@.................................................................. .......................................................................................rsrc...............................@..@.reloc....... ......................@..B............................(.......@.......X.......................p...............................................................................................................................................&.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?...........................0.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\wow\wmsfeeds.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	458752
Entropy (8bit):	6.371992170884369
Encrypted:	false
SSDEEP:	6144:CkBmTkxxCdjUwFAL8fdYkqaxbix9BQU7uF/cppeGGpe5Vyak6xBvqVj1YN5L8YK6:CkBmTk+CBLGVxbgTg0
MD5:	D1CE0973CD763DB98F9980CDFDC58443
SHA1:	0F4B6BFEA99B2CCBA87A20E4B3E65CC31B5E3614
SHA-256:	18BEC711FF82588658DA66C73F17BC76A12518A69606BB25C72B2636DB89E3CF
SHA-512:	457AF58FC4C46A87FF6B83D542145D4242BD9659A93D5F686242B0B9E02F136DE73E58929FD2751551D1E5CA97A8719C7A6B4A81637A82EF0BE8814602A01126
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._......................<0......<0..\...<0......<0......<0.. ...<0......<0......<0......Rich............PE..L...3..F...........!.....0...................P....@.................................B\....@.............................j....2.......P..........................<-...?..8...........................x...@....................,.......................text..../.......0.................. ..`.data........@.......4..............@....rsrc........P.......D..............@..@.reloc..<-..........................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmsfeedsbs.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	50688
Entropy (8bit):	5.995354680084556
Encrypted:	false
SSDEEP:	1536:AiTUhkhXRyqV9gK6s74y3/PUeq0trHnNuk:lTUOB9V9gO2CLND
MD5:	44FDA9BEFB795E5A2CD40BD3E0FA3493
SHA1:	E15775E4ACC59B88F16D59411552F06140A4F628
SHA-256:	D01F7DBE9571456E7712AB22F0332AF097635D586B50BAFF8264B8E996F60037
SHA-512:	D7AC2B9479382B8D8D910429F8C5BBE9A994BC3245BFF7FE84147DF6A777200CF8BE82F82588FA617C309E0047CE79D927FEB190F72550BD8F5950A857D0D9BA
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#;.vp;.vp;.vp...p<.vp...py.vp;.wp..vp...p4.vp...p:.vp...p%.vp...p:.vp...p:.vp...p:.vpRich;.vp........................PE..L......F...........!..............................@.................................L.....@.............................l..............8..............................8............................F..@...................,........................text...&........................... ..`.data...............................@....rsrc...8...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmsfeedsbs.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.6973890205639663
Encrypted:	false
SSDEEP:	48:Kxet+yLIZWyXHHCZmy1E/GvvIgwcQOYI:vLEWcHW6mvOc
MD5:	163A4A8D52B47A911FED54AB65E1E2A9
SHA1:	634F7D81535F979A812B7645E4BE604D818C539D
SHA-256:	4A70953341277A0D7E715F3FE962D650F77AE9E9A8379BB6ACE30F8244425A82
SHA-512:	6FAAE3FD1D2C04984CFF3975EF4E6EB9AC78B31A3F590FEAC4E5EF92CA7CFF4C2706740C797D2355C289C2C3A8419E92F211C7B0E9CABCE1F66444EED59475CB
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........................................................0............@.................................................................. .......................................................................................rsrc...............................@..@.reloc....... ......................@..B............................(.......@.......X.......................p...................?....................................................................................................... ...................b.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?...........................(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...h. ...F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\wow\wmsfeedssync.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	5.468713087581025
Encrypted:	false
SSDEEP:	192:bHUjMFXW3jtBKNld10gME0oz73/Wr+U3eOzlUNVAWz00zGIb/6WcsG2:b0jeLPrOr+ZOZwAG0a2WcsG2
MD5:	2152542C06731D48EF55E8697D3490C3
SHA1:	4A01815495EF99D1492119E2D79E5EF7C12BF4ED
SHA-256:	8FC9F8B22CF9011402D19A74512FD3764D71F4960B0C6365BE7A9633BE6A0537
SHA-512:	642CA54D8391F390E4FA60E4D1B1A01838A3C787E5064EE1C6A7B8F7C683EB5ECC0609CDE75FFE946A79CCC0C1B4C41E58757ECC8E75CB345C20BFF3F4CF263E
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................................Rich...................PE..L...&..F.....................................0...............................`......'.....@...... ...........................(..P....@.......................P..`...................................p...@............................................text...`........................... ..`.data........0......."..............@....rsrc........@.......&..............@..@.reloc.......P.......*..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmshta.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	45568
Entropy (8bit):	5.990116030625011
Encrypted:	false
SSDEEP:	768:0O8cIEfVDMpBKnQrEjxRS2btWnkIsEM5GE1OX:0O8rWqpBMQwjrwnkd5n1m
MD5:	2667B412F7453B8C39197D3C550536CD
SHA1:	D0B69CB68F058C046FC90F27C3A12D7EF86AF89F
SHA-256:	5FF343C411A44BB72A6A7003DF372403AFDB5D4F014CA5C06B05797061D319E3
SHA-512:	869B7D4B1111DABDDC871659931DD98AB8DBADA0BF905C666D11721DE180EC9683F39E0A880350C29095EDB505D130812DE8EC329299BDFF75B2BBA306B3E380
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........`...`...`......`.....`......`...`..`......`......`......`..Rich.`..........PE..L...*..F.....................:......S(...................................................@.....................................<...................................P...............................H#..@............................................text...Z........................... ..`.data...@...........................@....rsrc...............................@..@.reloc..F...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmshta.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.6221541839928375
Encrypted:	false
SSDEEP:	24:e9GS7IiJSmYtQECgb+KiIZW07H+BYNn73cyq23FdGvEMIYPN/VLari:KomLX6+7IZWIH+BmLqE/GvvIgz
MD5:	3ACE45895F943AD602B01CDA17C87E34
SHA1:	DCA415AD07193E3FFEE6A34256807E68F4DBBD23
SHA-256:	42D47EBD26EC8343F2BEC752BAD52F3C1FCF12A9D467E903B110DDD8A63E3B86
SHA-512:	81499950D115443982A526BAE66DB183FC70B6A730CDE63EBE6B1BB9B826EEBA2D7132C41B766CF2AB285434B4E6DCC884B3AC7EA34BCB395ACAA87F5F0F0FA0
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...&..F...........!.........................................................0......l.....@.................................................................. .......................................................................................rsrc...............................@..@.reloc....... ......................@..B............................(.......@.......X.......................p...............................................................................................................................................@.............................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...p.$...F.i.l.e.D.e.s.

C:\b99fd08a604e45b5fc9f\wow\wmshtml.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3578368
Entropy (8bit):	6.719562691168274
Encrypted:	false
SSDEEP:	49152:lB5YaWYEP3q4M1cbgN4ifRryE1obA9DYwOX/iuALFfqEMgeGXPJfQsPoain6Yk92:JYfa4MwifVyE5OKu/EMw/3oaVCat
MD5:	B55FE877C847730CE33A7F926C9EDA20
SHA1:	8962537D2AB42A5EA03A949E2F17071460FB09F3
SHA-256:	42F1BDB63797256476D2D3364FD471E0CD4E57E79B88416FD1B7C3C8151F7AE3
SHA-512:	EEE1209166F35388F5DF44686C351CA6D0EB6710924DD3F594C81122E0B636ECBD55F9F0684078292BAC8ADA51C853642C000054905A8A2F5017E176444063AE
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.x...+...+...+...+...+..+...+..+...+..+{..+..+...+..+...+..+...+..+...+..+...+Rich...+........PE..L......F...........!.....80.........b........ ....Xc..........................6.......6...@..........................6......T.0......01.`.....................4.8!..0F0.8...............................@...............p...../......................text....60......80................. ..`.data...4....P0......<0.............@....rsrc...`....01.......0.............@..@.reloc..8!....4.."...x4.............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmshtml.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	237568
Entropy (8bit):	6.90983663605847
Encrypted:	false
SSDEEP:	3072:Ex4PX3upd1qnAEzYds7E7/dThEgjJoviq+iLSknHhUcBZLY/9LUGn:YsX+pd1bEz2s7ETRhEgjJ17CB1U
MD5:	59C64944E7A77B73EDAF1A5DEC8806EC
SHA1:	62E25BA1184853066A4B17AD5E91981D404AFF1D
SHA-256:	2F9966DB7D5E9139F9AC17B505537CCBA3521E6D728F709E28DC3D8DA5963434
SHA-512:	8EF8C8A8082EC0F2646600BDEFA4099192BD09B8A73A53D417945B69D8E9EBA5D5B268BEE2582B466A2AE5716F5B108DE959161760B558D5D88B9E7F65C0BD1A
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L.../..F...........!................................................................VC....@..............................................s...........................................................................................................rsrc....s..........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmshtml.tlb

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1383424
Entropy (8bit):	4.300074861839616
Encrypted:	false
SSDEEP:	6144:qHVsatcV/BVp7pgZHxy7Pc9TK4drJYLnyHU6:natcZBVIXs
MD5:	2F70091217D18E7A52C6CD2B25F66195
SHA1:	C95B8653DCE0E0E20E7FFCA56A83A3A3992618CF
SHA-256:	6C8042A48C03E998EE5F4EC95C579433C3102C079DAF721A1F59E511EFE28489
SHA-512:	5F906E60A4731659E112874D49765E144EA998B5EFC46F51907CD21A954A5AF2C58F9A4DA7131ECDA262B5D68D6D27621FD22DAE059DF4BF317B1B39C6776D66
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...?..F...........!..............................@..........................0......Vu....@..........................................................................................................................................................rsrc...............................@..@.................................................................... .......8.......................P.......................h...................................................@...d.............................T.Y.P.E.L.I.B...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...\.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....M.i.c.r.o.s.o.f.t... .M.S.H.T.M.L. .T.y.p.e.

C:\b99fd08a604e45b5fc9f\wow\wmshtmled.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	475648
Entropy (8bit):	6.378008386033891
Encrypted:	false
SSDEEP:	12288:ZMaxSFpnO5DncLidCinZWcO+YhMGr6Gz1wG/sJOOGFV4n:OaopnO5DcECinZWcO+YeNGz1JkJOOGz
MD5:	5E91FFDC89D3B88BC0A9303E63EC45E4
SHA1:	12BDC346BCE367B7DE697148EA955A02E777AB51
SHA-256:	1EB7963A947955E8666767BA8A3D0AC2204420BC37B43E27FD0C811A7FC188CA
SHA-512:	3CBB08C3F0529C3C7F78981E4AB2DB4902E3DE049D65269780D8ABB36E887E83AD1155A41AA70355BEBCCBA75622A8705CD903FF3114C32B2CE25948028C8910
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........r.TS...S...S...S.......t...@...t...Y...t.......t...R...t...R...t.......t...R...t...R...RichS...........................PE..L......F...........!.........Z...................@..........................p......p.....@..............................................!...................@...(......8...........................@...@.......................`....................text...I........................... ..`.data...............................@....rsrc....!......."..................@..@.reloc...(...@.....................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmshtmled.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	2.6063247505203413
Encrypted:	false
SSDEEP:	48:KLB++98IZWyHrGBm8Js/GvvIgwb25mMB9:g6EWag2mvOb25mM
MD5:	6B6FB4E8268453156664C5C4CD032C6A
SHA1:	7BC8162D7440836B69EE6A62A0266D753647B69B
SHA-256:	407B86200C1FD0CDE71E07EAB39B68F6A6A622EFADA09A85390D105393455AAB
SHA-512:	8384E7638202CE5C1269F388DAFDC7014B88745FB034DB573CACF9D32AFA8ADDC9A449DF5878891F5234DFF9E2211DE7D689FCF8109492DAE1756D94727761E4
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...H..F...........!.........................................................0............@.................................................................. .......................................................................................rsrc...............................@..@.reloc....... ......................@..B........................H...(.......@.......h...........................................?.......@.......A...........................................................................................................................(.......................8...`...............(...................................n...........P.................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.......b.?...........................4.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.4.0.9.0.4.B.0...

C:\b99fd08a604e45b5fc9f\wow\wmshtmler.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	48128
Entropy (8bit):	3.643483667115268
Encrypted:	false
SSDEEP:	768:X7G06vICsIPaFr/tsbdaz1wguEwyTCAeY+VhLQpYJfvyYXQjTKMFDk:rG06vICsIPaFr/tsbdapwguEwyTCAeYc
MD5:	5457555EBF49255482350CDC98BE2757
SHA1:	757BB1A4D7E27C83910CA804F9ACED7B3DE4346F
SHA-256:	58B0B0FC823F2FB41242C420CD63A262CDEE61217740D7937507D606B2DB592A
SHA-512:	56AA9745035C9457902AD19C3233B17FC3411C8E32B559AA40A97FDF6DC5769ACAFD4C6C244ACA22F69641ABE1A11562B07068D6BF5F804F6B8C1AA9BA8C5DFF
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!..............................@.................................X.....@.............................................8............................................................................................................rsrc...8...........................@..@....................................................................(.......@.......X...................................................................x...........................................................................(.......................8.......................H.......................X.......................h...h...............................................h...z%...........<...a.............t*............D.I.A.L.O.G.S._.E.R.R...J.S...E.D.L.I.N.K...J.S...F.O.R.C.H.A.R...J.S...I.N.S.I.M.A.G.E...J.S...M.U.I...4...V.

C:\b99fd08a604e45b5fc9f\wow\wmshtmler.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.786033208958388
Encrypted:	false
SSDEEP:	1536:mMb5exeavQ1Aci5uO1tlgaRWg6/PYPRnwj4vVDcb+mDpQwO/RvLRmkoEksCDJUW:7dexeavQ1Aci5uO1tlgaRWg6/PYPRnw7
MD5:	74E75E23B716D358ACE375A498375E1E
SHA1:	B8D47A2757C87EC7DB3F3F5F32B29D36781C31FF
SHA-256:	C6C24920878E139E873BB28C652D17A9EA28E09683FCA5EBCF372C966963A288
SHA-512:	A172D9079D03BAFC880EE00D070F816404A64B1936FAC5FD97D89C3A8E6FB60E6A10524B32AE8B9D7E546A7CDE0496B24EE308666AFFEACD33B47504505A3103
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!................................................................,`....@.............................................P............................................................................................................rsrc...P...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmsls31.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	156160
Entropy (8bit):	6.430776877584586
Encrypted:	false
SSDEEP:	3072:GiJy1wfXf+Q9o8fvgzr4ZZA4h5KRolOsy5cRaDRCSaJ3Soi42uILSaoIDhR3LBpV:Giawf99o8fvgzYW4zmolOqeRAIBlLSaM
MD5:	080A4C17E51D859B0A3EF8777A757975
SHA1:	8B6E9DC1B88CF14CF6054D5879F4CD2D1539461F
SHA-256:	05CA46EAD685EC3610CAECED4F90389FCB3041DB071ADE19A8A0CA7B7E086E22
SHA-512:	01FC7FA9A9A326BBF757371C7B5B1ECDE4A934CA506A720AEEF611172D878201D6C0A6ED5084DD1496CC26C53BD39E88E58154181B5F9EA6E5F210BB5EC46DE6
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ..N..N..N..\3..N..\ ..N..O...N..\5..N..\4..N..\#...N..\0..N..\2..N..\6..N.Rich.N.........PE..L...R..F...........!.....P...................P....@..................................S....@.............................Z...X\..<....p..........................(....^..8...........................p7..@...............\............................text....N.......P.................. ..`.data........`.......T..............@....rsrc........p.......X..............@..@.reloc..(............^..............@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmsrating.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	192000
Entropy (8bit):	6.159118374533619
Encrypted:	false
SSDEEP:	3072:7ja0YWR/TUOMecBs+RN5XDtynVSxHA/laby6bFe2cdkA5WL538I9FU2biTF:na0YcyeX+VsnVSdWoNxe2cdhWLVHv8
MD5:	D7999A962D7733E803DE12C38C67ECA6
SHA1:	9BDA45B0F953FE68F4BD6917D70F6F46B108E284
SHA-256:	0F4EC3D7C6EEB64BA73EA1DBE8B408D28B1526527E969252F9C8119D0EA3C14B
SHA-512:	AF95E608804690F8B63D02327CE45DCBFD972E4FFE343786EA0C0C18206A648BA2D8B79C89BF50A954AA53C748C18DA379B94D08CDED0C38D3EF2D652EB49D1C
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......96z.}W.X}W.X}W.XZ.iXuW.XZ.yX?W.X}W.X.W.XZ.oXlW.XZ.nX\|W.XZ.zXCW.XZ.jX\|W.XZ.hX\|W.XZ.lX\|W.XRich}W.X........PE..L......F...........!................f&.......p....@c.........................0............@.............................f...0........`.............................( ..8............................y..@............................................text............................... ..`.data.... ...0......................@....rsrc.......`.......$..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmsrating.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	90112
Entropy (8bit):	3.9160871371698986
Encrypted:	false
SSDEEP:	768:eVe4pZxONkpxgIqq1omNUkDUCSQq0A5nBkEitaq9O:eI4dONk8Iqqq8U2bq55caq
MD5:	4B995DBBEF35A777224B8BE54237C147
SHA1:	BE4C8F2B33139B8A9397256FDBFB075F070E38D6
SHA-256:	CEFD89B09B1AE1FC1BF390E90F34D648A3ED51343B1101EC2928845C855A1C89
SHA-512:	D664481DBE51F50BDD1898A3FC2454C2327580664A8D712E670EFC0961D7E8C399E270D86D965CA6979BECE1CDC430FB5BF4BF93D9DA70107E69F94FD5D02762
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........P...............................................`......mc....@..............................................=...................P.......................................................................................rsrc....=.......@..................@..@.reloc.......P.......P..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wmstime.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	670720
Entropy (8bit):	6.354832552586283
Encrypted:	false
SSDEEP:	12288:zFtu+nXaww5HmpEJygULL/UBEsAFFVKTAgl10uKL:zu+XawaGaJyxLFKTX7U
MD5:	7C1F845049DE64CC0301FBBDAC1DF09C
SHA1:	096AB2F5C7F17A4019E2062FBABE200A572645E9
SHA-256:	CC6B1EB3B4A103DECD1D3FE0E3AC83F4E1573AF0792A64A1F957FD6CC4B1F362
SHA-512:	E73377B2FFDE2E21D2553051BE169046C30D8062A6CFF994AD398752B4D4A936C14203FBE01A94395E92C088444AFFD3EA85C194C3DF0CE61473590C56A0F280
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@.R.@.R.@.R.@.R.A.R...R.@.R...R.@.R...R.@.R...R.@.R...R&@.R...R.@.R...R.@.R...R.@.RRich.@.R........................PE..L......F...........!.........F.......*............@..................................=....@.................................\|........@..........................@.......8...............................@............................................text...+........................... ..`.orpc............................... ..`.data........ ......................@....rsrc........@......................@..@.reloc..@...........................@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\woccache.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	101376
Entropy (8bit):	6.248643455992552
Encrypted:	false
SSDEEP:	3072:toytTUO7HtfjgycF9XNZL5LgXD4f5L1XkBkbPWqdU:RHhTcFLgXDe5SkD2
MD5:	439533E95E5C55C5643DA820826C4E5C
SHA1:	35401A8B6AB7D5F9EBAE9BE4A7CD8E02AD8A5CD7
SHA-256:	95C35ACABDB942C40C78098B487B8E5BF5D062C72988C4F5F1EAA22C048A7F6B
SHA-512:	D3F337CCC54A39F8EF3B5B056F8F2FB08EB81A89F09533AE305B70B97A9F65B7467C9D4EA7DD4F4BB3EBDF823DFDFB428523BF2670928ED2DEC76627B36FD517
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@..=.f.n.f.n.f.n#..n.f.n.f.n.g.n#..n.f.n#..n.f.n#..nCf.n#..nLf.n#..n.f.n#..n.f.n#..n.f.nRich.f.n........................PE..L......F...........!.....(...`......N.............xc................................c#....@.............................8...H'.......P...F...........................6..8........................... [..@...................($.......................text....'.......(.................. ..`.data...H....@.......,..............@....rsrc....F...P...H...2..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\woccache.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	3.4983672778280357
Encrypted:	false
SSDEEP:	384:+nPbKDDKD2K23ReEKDzHWqLSbWlILliabhn:+9HWq5IR
MD5:	149970B76EEA08EF49347B7BF1375622
SHA1:	2A4AE1A9F657953A8CC448E8B939C1768FBC6929
SHA-256:	673F0FB4C6D14E20D0D7555668D5E0EECB9191638581147106AEE085E91F37F9
SHA-512:	971D7698E20BF78E2EA2EC3578BB7652D4D2B658DF6F9B9AE9545D25EBA52C8578FC03CF90D4C803799CB24E145AC4AC68344D98AC622CDEFCA7CD7C9F4396E4
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........p......................................................[.....@.............................................(Z...................p.......................................................................................rsrc...(Z.......`..................@..@.reloc.......p.......p..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wpngfilt.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	44544
Entropy (8bit):	6.1306853733072
Encrypted:	false
SSDEEP:	768:LY2/d4Zh1XRGbWuPAKxPlLKwrQeJTJW1fuxGs:L4xRUAiHQyTJWC
MD5:	3B4CC750191421FFCA6308604EFB450E
SHA1:	0820FF03904044A800C6911C1667B342BC6CCE0D
SHA-256:	CE2B68E9C744D7742914E21067790F338264F0D2BEE47B5AEAA247C557585CCD
SHA-512:	6F8E73B10E53065E069D065135D7AA20C67C7F92E55522EBEDC513BB6A271EEA39AB2014CE1914D915207B7867E9F92D74D564663B0429DAA725E1F8D03145EE
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;...U...U...U...T...U.......U...8...U...(...U.../...U...;...U...+...U...)...U...-...U.Rich..U.........................PE..L......F...........!................Ud...............................................`....@.............................l......d...............................t.......8...........................(...@............................................text...T........................... ..`.data...\...........................@....rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wshdocvw.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1515008
Entropy (8bit):	6.446287440740698
Encrypted:	false
SSDEEP:	24576:oBOQcKb7sb15v5aV7lpy2+aVVjikMQ+5IloWT/Ha:eKu7sbnGlE2XXjRMXYoSHa
MD5:	E40BD4C7426AA5DE9DA1C6A459263366
SHA1:	4C7208333AB90A2089EE750E6040ECA11F8F03D8
SHA-256:	8D3348DFF43E5787D00CCE59931551E613351F46997D84BDBA763493E116787B
SHA-512:	FE40FBF08BA9A5AB7180FCCE12FC2ADF7BFFC099F538674D30B3072EEF206B7EC9CA1189E376DF94397EC8B37161E41D8FFD3DB70D368FF4E926BED522412594
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'v..c.c.c.c.c.c.p...f.c.c.b..c..>.r.c..l.k.c.....b.c..<.!.c..?.b.c......c..=.b.c..9.b.c.Richc.c.........................PE..L...@..D...........!.........^....................w.........................P......r...............................4.......\...........................................8............................z..@...................$........................text...0........................... ..`.data...............................@....rsrc...............................@..@.reloc...............l..............@..B................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wshlwapi.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	321536
Entropy (8bit):	6.8326072802731925
Encrypted:	false
SSDEEP:	6144:r5ndbEHDkyWBqF4fkw3vrM5Ii3ljE2eXfU/T6tiiYiAhCGU0Ky:rFFEHDyqF4fN3vA5KhXfU/T6KiAK
MD5:	31F9F1DA786F3CCAF79E629793B3DE02
SHA1:	36FDB60D3B2759412EC0F1927A6AFC4926B9A76B
SHA-256:	B65AA1BBAF57D7D49DB8E381C9B96DACAC955E3CFBF0C36A57570891499B861D
SHA-512:	B34E8AED3CAFCEB336423E4ED5E093AE0CC24F1AA34AAAA79E0814649B1265A87EC368B579B397AFE053C8181952576E781DDC1924A2928556A3BB1FCE98C5BF
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...6...9...6...9...9...8...6..9...6..9...6...9...6...9...6..9..Rich.9..........................PE..L.....E...........!.........P.....................w......................... .......................................N...7..D....................................&......8...............................@...............8....... ....................text............................... ..`.data...T...........................@....rsrc...............................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wtdc.ocx

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	66560
Entropy (8bit):	6.19264998056509
Encrypted:	false
SSDEEP:	768:WPWhOMkgO3kmv1q6UILQ63qdluK5juLa/8W1acXKqwdU132TsfFYDIQ:cWAMkE86dp8e/8k0G+Z
MD5:	E20A466F9DA304F2388F20875B00B4BE
SHA1:	035CC787E34669CC11C353146117738913EC5F2F
SHA-256:	8D6DBE97236F6C94FF020A1D886BFB5966E2A3D2C590F0B6B0BDEDAC4287E998
SHA-512:	3AE0A9B946C47626473486652539A9CB7E77C88D42D8B0BE0702040C28B623DFF9F44C9AE47D28F55C5811B060215D00EBE855F955EE2E47618CCEF57619D446
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m...m...m...m...m...m...m...m...m...m...m...m...m...m...m...m...m...m...mRich...m........PE..L......F...........!.........@......z..............`.........................@......T.....@.........................P...................X#................... ......@...............................X!..@...............$............................text............................... ..`.data...............................@....rsrc...X#.......$..................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wurl.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	105984
Entropy (8bit):	7.238079244059103
Encrypted:	false
SSDEEP:	1536:FD6yfniqXmFiMNwPB8zrfEOnZG4e9em3RrIojfVPDXsgdxQfjwY/GiE1bdZ:FDXviq+iLSknHhUcBZLY/u
MD5:	245BC72B30F68BCF296B39C8BA1FD114
SHA1:	DFD6946362D5ACB735BA13572C7F519A32A07CEA
SHA-256:	2F43671FF9A08131EA0E947CF34AA242D230293AC6CFA62CCB830A984BDC30DE
SHA-512:	639C91C2631875E7CECEFA429F702E909C08F12147B8759FD280C86812A94A6702959550B8D6C95ECFC4ADC103F19B7AC9FFF5E3C0BB9B37380E29991B3BAC26
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L..-...-...-.....-.....-...-...-.....-.....-.....-.....-.....-.....-..Rich.-..........................PE..L......F...........!.........\|......l........0....(c......................................@..........................&..[...().......@..0t..........................X-..8...............................@...................x(..@....................text............................... ..`.data........0......."..............@....rsrc...0t...@...v...&..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wurlmon.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1162240
Entropy (8bit):	6.543460605009694
Encrypted:	false
SSDEEP:	24576:bM4tTpwMF85sC4gnhAFY1K/lkSpHs5HX3Z:bVtTpwM25x+oK/isM5HX3Z
MD5:	D6605A3F9A871482238ED3E41E3AB52B
SHA1:	DD1B45D30BB8D4F9A7DE480A6E4FD77A18124ECC
SHA-256:	88A6A8FED54558DA5BCD7786C575D0304A67492C0B55DF3A5AFE07A5D7A19E69
SHA-512:	42EE2658C6B18997CCBEE52035F374F443F84F5F3EEEDAC17DCD00CB691A2456E0BA3AD466B0CA9B3B1679F1B4884034E1F04C8E9D35A88B8AE8E0B1FE44A841
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q6...W...W...W...W...U..2....W..2....W..2..gW..2...W..2....W..2...=W..2....W..2....W..Rich.W..........................PE..L......F...........!................W.............@..........................@......',....@.....................................................................Hg..l...8...........................P...@...............T...\........................text............................... ..`.orpc............................... ..`.data........ ......................@....rsrc...............................@..@.reloc..Hg.......h...T..............@..B................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wurlmon.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	331776
Entropy (8bit):	5.699666686387109
Encrypted:	false
SSDEEP:	6144:B3zkCJghEX2DndlwIcuYYuJOWycpxJ0OmSbTV6Y:BomgRbd2IDsAOmSbTV6Y
MD5:	1D9FF0C77C36AF6F1116E0B096CB05D1
SHA1:	F61DBE07BF31D0369524F9438FB86ADC0A63B3D3
SHA-256:	ADF10D2A4CA2F41FAE95DF4B7E4996E766FF7A37BFBD96D74FE8AC71D26F8B81
SHA-512:	531C01723EA4A9D892744E8549874092691B4BF1AB886B245EEC57ADFB2C5D5BB097280E0E85A826EE387D9F2CBE66F9A79EEF958B5629D31C93BA747148783C
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.................................................................>....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wvbscript.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	413696
Entropy (8bit):	6.3593201676485975
Encrypted:	false
SSDEEP:	6144:BeVdkWXnbMg81wK02dAqPBJnS2p5oqVwuEN+bSLspxTpwzMgg5D5hj:BsyO/XKfAOroqV1EsMsrpw1sDr
MD5:	25EC19B9EB1E32795156BABEEE99E7F4
SHA1:	50AA3ABAA2867F856C046818D57AEEFA4D027F39
SHA-256:	43F242320F15CBFB62B0066D2444B3DD8773C35CEFFB82A641C92375B6D4BDDB
SHA-512:	FB839392C90EC99BB9AF0ECB493EEFF01A95C75CD0157F464ECBF2E222D7D80F4E67CEE939D29D6EF5E2CAF9549A430C18492232C3F794348C35308967B0C079
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.1..._..._..._...^..._. C$..._. C2.O._. C"..._. C%..._. C1.W._. C!..._. C#..._. C'..._.Rich.._.........................PE..L......F...........!.....0..........I........0....@..........................P............@..........................R......\+............................... ..h-...:..8...........................(...@............................................text...Y+.......0.................. ..`.data....C...@...P...@..............@....rsrc...............................@..@.reloc..h-... ...0... ..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wvgx.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	765952
Entropy (8bit):	6.401672441673817
Encrypted:	false
SSDEEP:	12288:BRe19bilYT3jlBGsyKhmhbdnaHrutMoDs2CG/i2voLjUa3j:WilYT5BGWabMueoDdCGa2ALXT
MD5:	D76D362820F7BE740BAC6B13DD12AF02
SHA1:	465D5201CD0B20A4D2182A2B54C77A3C73669BF2
SHA-256:	0C15034AD3988A59304CEEF489F9DF5613C4544FAF6849AD75D9369790E0369E
SHA-512:	6A104360143A7E83663E0C99D44A48C40319804556B6F5A1B429E6A29591D9E69873EFC1F01C997A9D6B5D19392AB647B6BD822008893D0CF3BCB562EE204C50
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..Sfe\|.fe\|.fe\|.fe}..d\|.A...se\|.A...5e\|.A...ne\|.A...ge\|.A....e\|.A...ge\|.A...ge\|.A...ge\|.Richfe\|.........PE..L...?..F...........!..............................@..........................0.......l....@..............................................$.......................J......8...............................@............................................text............................... ..`.data....t... ...2..................@....bootdat.............8..............@....rsrc....$.......&...>..............@..@.reloc...J.......L...d..............@..B................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wwebcheck.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	231424
Entropy (8bit):	6.311043531389272
Encrypted:	false
SSDEEP:	3072:mBHT3O0pcqxn6Sp9DmJSUy9xhlnZtmTwmEZRCyeYg0m/rmYGKdcEr:ONxJmHy9JZtwwmcIZ10KXdcE
MD5:	8DAA46357981AD74554B6198D3F78F81
SHA1:	2E807592C1C80146C81EF141DCCB34D429911A4B
SHA-256:	5874662131F44E915E37A1118821AAB663C2754550C030C37AA8E245B77D531B
SHA-512:	44749E117D5EA338F9ACED8DBE24B4AF1EBA6776B9082AE881BE0B30CB5ECD4AFCD552E9DA58CFB5FC9C8F0E0D6CF8B484E8E561F9E3BF9AB20B4C947A1649A2
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........FGJ.(.J.(.J.(.m_U.A.(.m_E...(.J.).M.(.m_S.[.(.m_R.K.(.m_F...(.m_V.@.(.m_T.K.(.m_P.K.(.RichJ.(.........................PE..L......F...........!................-.............@.......................................@.............................s...H.......................................\...8............................l..@...............d....z.......................text............................... ..`.data...............................@....rsrc...............................@..@.reloc........... ...h..............@..B........................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wwebcheck.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	4.348283940743452
Encrypted:	false
SSDEEP:	768:jCJ4ekBnEhmGyKlY6M+ldWmHzqe78tF78ecksCbi+sOZfLkO7xUR0IH:vREbymY0lRHuDdckc+s6H7xs
MD5:	5D1C683A3B43453B2AB6811322ACD977
SHA1:	89D6A1F0F06E580AC59CA4CD895F96D7C63A22A3
SHA-256:	FA4C6666147DD46B06C0F7738C42926EF64464812F119301283E88E32C74C483
SHA-512:	3665D5B5AD610F8385C6C27AC828C12E3C9BCC34ECD0EE628BB026527035C9E3CB1EED7D48386AC4238F8D0AE2A10C53A50A3C9F26C161975DF7ABF544254CA8
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!.........`...............................................p...........@..............................................E...................`.......................................................................................rsrc....E.......P..................@..@.reloc.......`.......`..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wwinfxdocobj.exe

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	206336
Entropy (8bit):	5.949028002256025
Encrypted:	false
SSDEEP:	6144:o2JZ+SxHcJgodcE82Q6YmHVKZFNw0Jj0lMGiG:ok+/nYmHVeF5j0lMZ
MD5:	A251B726EED494F2FD9E5C6B1205BDB0
SHA1:	E54906BCCFE96884C0BDB0C83734C813545B81FD
SHA-256:	615039D871BBA5212EAA853744000A45BBD99ADD1552D147368FFD0D3071954C
SHA-512:	84EA973279375406B5631A4941A98AACF876BAE282C66BE867DD1C612181EEA2419023FFFC98386E1B6AEE456C4B6D97A0EEFA92D947FF261364C0F439CADC1E
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V......H...H...H5..H...H5..H...H...H...H5..H ..H5..H\..H5..H...H5..H...H5..H...HRich...H................PE..L...*..F.....................H......$d.......................................`............@...... ................................... .......................0......................................@n..@...................l...@....................text...$........................... ..`.data...x...........................@....rsrc........ ......................@..@.reloc..r#...0...$..................@..B........................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wwinfxdocobj.exe.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	3.124450362002762
Encrypted:	false
SSDEEP:	96:/ugEW/3mvjST7hybC8FEBhrSeShmhahr:gW/sHC4
MD5:	9868CF6C9FC783DB6BE66414BBE98AE2
SHA1:	09B5395F15286148EF7FEACEB60817BF665FA92F
SHA-256:	CCF5E4FB694C2619AB22A9D59D8EC36974E6EA56C66D737FF91E487B15AA404E
SHA-512:	6727CC6F09A8E747A1871036B6F18F28B826449767ECA766A7BD838135EA26EAF8ABFFD85705782736F4683A0AC1574DFF1B4A28E9CBA314B9FAAED8849D694D
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L...&..F...........!.........................................................@.......+....@..................................................................0.......................................................................................rsrc...............................@..@.reloc.......0......................@..B............................8.......P.......h...................................................................................x.......y.......................q...........................0.......................H.......................X.......................h.......................x...................................................("..............x...&...........................X...&.............................................M.U.I...4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................b.

C:\b99fd08a604e45b5fc9f\wow\wwininet.dll

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	818688
Entropy (8bit):	6.348584492920392
Encrypted:	false
SSDEEP:	12288:BbVu8uQNyzaUgEKKM04JEY1Z4Sg83wm4v3cjDmdkMMIMMutuEQ:NymUCVV4Fv3oidkMMIMMu
MD5:	9B9B86E984A6E7CA5A92F91A6D0DD4C3
SHA1:	8C8565C4DE8C8816B46446D6FCEBE5AA47F9C73A
SHA-256:	0AE8771DDFD99BABBBC2F365106DDF26FDEB7FFB006F421F30839C9A50F1B391
SHA-512:	4C699FBD90185197517259CC20BB51016554DADC51D38E666353FF3FB634572E18DE77755F11E21EA3FE6C4A506D57CE07E358B9CC34DC618099D9B72DA57144
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........../..\|..\|..\|.]l\|..\|..\|...\|.]j\|..\|.]k\|..\|.]\|\|...\|.].\|E..\|.]o\|..\|.]m\|..\|.]i\|..\|Rich..\|................PE..L......F...........!................x........p.....c................................w0....@.........................."..J............0..XM.......................U.....8...........................p...@...................`...@....................text...,........................... ..`.data....w.......B..................@....rsrc...XM...0...N..................@..@.reloc...U.......V...(..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\b99fd08a604e45b5fc9f\wow\wwininet.dll.mui

Download File

Process:	C:\Users\user\Downloads\internet-explorer-7.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	4.510997784949129
Encrypted:	false
SSDEEP:	3072:L9pRLxwU3tkhSaiGMMtOMMpUcJe7y3n2:H3UMMIMMutum
MD5:	EC0D79CB8F1002EA6877A3E35662DAE6
SHA1:	D8FA3FD02B7E7365E982FA88F11A639A68496F43
SHA-256:	0B6EAB6035660E4DF872056CABB6EF261CE5D7CD1EBC66D46A0BFC282C425F19
SHA-512:	7CE3E44B6F945F1E974357A66FCAB1B629C031352CFF9E833162BAEA289CE689DE109F8DB30ECE554F16ADF91FB5CDA0115E7EF6CFEB297A4795430AB69BF329
Malicious:	true
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-T.L:..L:..L:...F..L:...B..L:.Rich.L:.........PE..L......F...........!................................................................f;....@..........................................................................................................................................................rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-11T00:54:02.762011+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49731	65.9.108.35	443	TCP
2024-12-11T00:54:05.908074+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49732	65.9.108.35	443	TCP
2024-12-11T00:54:08.331494+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49735	172.67.26.92	443	TCP
2024-12-11T00:54:10.738505+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49738	65.9.108.35	443	TCP
2024-12-11T00:54:13.306771+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49740	65.9.108.35	443	TCP
2024-12-11T00:55:11.280179+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49790	18.161.108.175	443	TCP
2024-12-11T00:55:14.600892+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49801	18.161.108.175	443	TCP
2024-12-11T00:55:27.514835+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49830	18.161.108.175	443	TCP
2024-12-11T00:55:28.173254+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49833	54.200.239.173	443	TCP
2024-12-11T00:55:30.499365+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49840	18.161.108.175	443	TCP
2024-12-11T00:55:30.657772+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49839	54.200.239.173	443	TCP
2024-12-11T00:55:34.369271+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49852	18.161.108.175	443	TCP
2024-12-11T00:55:37.712612+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49860	54.200.239.173	443	TCP
2024-12-11T00:55:53.642502+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49915	54.200.239.173	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 11, 2024 00:53:47.900613070 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:48.021430016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:48.021531105 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:48.022377968 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:48.143117905 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845242977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845285892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845300913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845382929 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:49.845453024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845463991 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845475912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845488071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845490932 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:49.845499039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845520973 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:49.845557928 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:49.845904112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845916033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.845962048 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:49.966141939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.966273069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:49.966324091 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.037235975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.037334919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.037379026 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.086724997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.086735964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.086795092 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.156512976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.156531096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.156589985 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.205992937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206003904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206013918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206024885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206036091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206046104 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206054926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206064939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206074953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.206075907 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206087112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206096888 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.206119061 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.206140041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.206370115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206381083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206391096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206423044 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.206429005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206440926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206450939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206464052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206465006 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.206475973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.206485987 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.206512928 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.229196072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.229262114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.229307890 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.233465910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.233546019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.233582020 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.241993904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.275901079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.275960922 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.275984049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.280246973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.280319929 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.280348063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.321660995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.325475931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.325550079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.325607061 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.329638958 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.329754114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.329824924 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.338205099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.338249922 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.338299990 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.346645117 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.346760988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.346816063 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.352034092 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.352106094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.352170944 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.357426882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.357532978 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.357582092 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.362792015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.362905979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.362958908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.368169069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.368267059 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.368316889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.373528004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.373637915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.373718023 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.378923893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.379115105 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.379163027 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.384304047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.384412050 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.384455919 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.389705896 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.389818907 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.389870882 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.395056009 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.395116091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.395328999 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.400444031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.400564909 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.400616884 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.405829906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.405946016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.405992031 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.411211967 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.411375046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.411420107 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.416663885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.416743994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.416800976 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.422030926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.422075033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.422121048 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.427460909 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.427520990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.427575111 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.432827950 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.433011055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.433058023 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.438160896 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.438251972 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.438299894 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.443522930 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.443619967 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.443667889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.448930979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.448971987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.449021101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.454294920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.454406977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.454688072 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.459692955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.459786892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.459839106 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.465059996 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.465156078 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.465209007 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.470438004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.470552921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.470601082 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.475852966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.475959063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.476006031 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.481205940 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.481312037 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.481362104 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.486597061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.486718893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.486777067 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.492024899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.492074013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.492126942 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.497376919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.497489929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.497529984 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.501825094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.501943111 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.501985073 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.506277084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.506380081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.506561041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.510554075 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.510653019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.510699034 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.514612913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.514709949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.514755011 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.518522024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.518630028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.518670082 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.522288084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.522384882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.522432089 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.525944948 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.526038885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.526077986 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.529592991 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.529706955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.529758930 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.533154964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.533268929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.533304930 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.536604881 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.536694050 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.536768913 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.540040016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.540158987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.540199041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.542789936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.542922020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.542967081 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.545536041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.545639038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.545685053 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.548305988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.548402071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.548448086 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.550968885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.551096916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.551141024 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.553631067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.553741932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.553793907 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.556257963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.556365013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.556406975 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.558917046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.559040070 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.559087038 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.561537981 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.561618090 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.561657906 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.564119101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.564212084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.564253092 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.613306046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.613509893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.613554001 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.614186049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.614586115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.614633083 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.614645958 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.616514921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.616571903 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.616578102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.618314028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.618364096 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.618412971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.620203018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.620253086 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.620256901 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.622109890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.622231960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.623946905 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.624030113 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.624083042 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.624110937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.625864029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.625917912 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.625967979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.627758026 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.627803087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.627856970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.629632950 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.629679918 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.629723072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.631484985 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.631536961 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.631570101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.633332014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.633383989 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.633450031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.635212898 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.635258913 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.635293007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.637036085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.637089968 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.637141943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.638884068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.638926983 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.638988018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.640716076 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.640765905 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.640827894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.642529964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.642576933 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.642632008 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.644382000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.644431114 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.644443035 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.646122932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.646176100 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.646275043 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.648001909 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.648055077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.648092031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.649698973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.649750948 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.649761915 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.651460886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.651510954 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.651581049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.653222084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.653271914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.653295994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.654978037 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.655024052 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.655045033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.656681061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.656743050 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.656763077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.658421993 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.658476114 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.658529997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.660150051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.660200119 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.660239935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.661833048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.661884069 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.661919117 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.663527012 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.663579941 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.663661003 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.665196896 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.665247917 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.665297031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.666886091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.666944027 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.666946888 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.668507099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.668562889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.668656111 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.670099020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.670142889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.670226097 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.671755075 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.671804905 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.671837091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.673297882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.673342943 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.673378944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.674885988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.674926043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.674979925 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.676465034 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.676510096 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.676542044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.677958012 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.678002119 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.678070068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.679478884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.679527998 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.679599047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.681015015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.681061029 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.681077957 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.682497978 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.682554007 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.682588100 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.683971882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.684022903 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.684078932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.685439110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.685491085 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.685538054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.686883926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.686932087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.686976910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.688313961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.688359022 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.688502073 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.689723969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.689766884 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.689860106 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.691159964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.691211939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.691221952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.692574024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.692621946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.692667007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.693969011 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.694016933 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.694092035 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.695478916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.695535898 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.695544004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.696820021 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.696868896 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.696934938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.743633986 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.805517912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.805629969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.805763960 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.806045055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.806261063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.806307077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.806981087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.807132959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.807178974 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.807984114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.808060884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.808099985 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.808950901 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.809052944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.809083939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.809926033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.810009956 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.810050011 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.810869932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.811069965 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.811115980 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.811831951 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.811887026 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.811928034 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.812819004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.813024998 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.813067913 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.813774109 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.813893080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.813932896 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.814682961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.814814091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.814856052 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.815618038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.815732002 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.815779924 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.816541910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.816631079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.816673040 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.817475080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.817557096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.817595959 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.818402052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.818511963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.818561077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.819293022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.819422960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.819483995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.820218086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.820308924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.820344925 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.821124077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.821252108 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.821295977 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.822047949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.822196007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.822228909 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.822947979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.823087931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.823134899 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.823863983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.823971987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.824012041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.824754953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.824872971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.824915886 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.825695992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.825777054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.825817108 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.826596975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.826725006 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.826767921 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.827502966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.827563047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.827601910 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.828413010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.828516960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.828556061 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.829324961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.829433918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.829474926 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.830252886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.830332994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.830374002 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.831132889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.831301928 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.831338882 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.832051992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.832174063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.832217932 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.832957983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.833077908 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.833122015 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.833879948 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.834041119 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.834080935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.834775925 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.834907055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.834950924 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.835701942 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.835865021 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.835905075 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.836605072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.836700916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.836750031 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.837526083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.837620974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.837657928 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.838443041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.838624001 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.838676929 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.839338064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.839483023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.839540958 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.840257883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.840435028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.840481043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.841151953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.841249943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.841288090 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.842070103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.842268944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.842313051 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.842967033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.843084097 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.843125105 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.843920946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.843986988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.844031096 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.844805002 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.844969034 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.845011950 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.845721960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.845776081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.845809937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.846611977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.846767902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.846808910 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.847526073 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.847651005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.847702980 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.848448038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.848562956 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.848611116 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.849347115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.849452019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.849494934 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.850291014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.850379944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.850423098 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.851178885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.851233959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.851275921 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.852093935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.852222919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.852271080 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.852993011 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.853096962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.853133917 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.853849888 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.899851084 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.997669935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.997793913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.997924089 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.998066902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.998394012 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.998442888 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.998984098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.999128103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:50.999175072 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:50.999875069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.000113964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.000160933 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.000792980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.000926018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.000973940 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.001748085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.001868963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.001923084 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.002703905 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.002836943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.002878904 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.003515959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.003618002 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.003665924 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.004411936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.004467010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.004509926 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.005321980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.005438089 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.005490065 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.006215096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.006443024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.006490946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.007177114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.007297039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.007347107 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.008124113 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.008223057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.008265972 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.008997917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.009073973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.009139061 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.009934902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.010051966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.010099888 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.010818005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.010927916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.010981083 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.011720896 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.011850119 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.011899948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.012597084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.012739897 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.012787104 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.013525963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.013636112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.013680935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.014436007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.014511108 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.014574051 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.015364885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.015477896 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.015535116 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.016280890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.016475916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.016526937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.017188072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.017303944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.017366886 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.018152952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.018337965 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.018387079 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.019007921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.019114017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.019159079 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.019910097 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.020001888 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.020045996 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.020845890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.020961046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.020994902 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.021754980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.021873951 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.021925926 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.022682905 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.022780895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.022819996 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.023552895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.023771048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.023816109 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.024487972 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.024545908 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.024591923 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.025369883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.025454998 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.025507927 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.026264906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.026410103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.026469946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.027201891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.027282000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.027328014 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.028088093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.028214931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.028265953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.029016972 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.029114962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.029156923 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.029903889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.029979944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.030025959 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.030798912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.030916929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.030965090 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.031743050 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.031812906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.031852961 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.032625914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.032685041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.032732010 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.033565998 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.033678055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.033724070 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.034446001 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.034565926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.034616947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.035383940 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.035597086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.035646915 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.036258936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.036375999 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.036427021 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.037189007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.037259102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.037302971 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.038104057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.038224936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.038273096 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.039002895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.039104939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.039141893 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.039926052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.040044069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.040107965 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.040826082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.040929079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.040973902 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.041728020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.041910887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.041963100 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.042640924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.042748928 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.042798996 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.043557882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.043683052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.043730021 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.044478893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.044581890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.044620037 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.045327902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.087486029 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.191740036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.191859961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.191912889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.192125082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.192342997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.192418098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.192481041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.193209887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.193269014 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.193341017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.194118977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.194181919 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.194236040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.195041895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.195102930 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.195132971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.195926905 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.195983887 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.196044922 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.196924925 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.196975946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.196996927 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.197803974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.197855949 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.197931051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.198704004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.198755980 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.198776960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.199600935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.199654102 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.199738979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.200496912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.200551987 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.200582027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.201395988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.201450109 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.201487064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.202332020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.202383995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.202404022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.203214884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.203265905 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.203327894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.204134941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.204185963 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.204217911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.205064058 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.205117941 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.205178022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.205970049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.206028938 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.206100941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.206886053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.206940889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.206996918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.207792044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.207844973 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.207865953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.208668947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.208719015 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.208787918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.209583044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.209635973 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.209638119 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.210513115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.210568905 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.210593939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.211453915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.211508036 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.211539984 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.212327003 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.212384939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.212404966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.213207960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.213262081 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.213336945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.214143038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.214184999 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.214199066 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.215054989 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.215110064 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.215136051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.215991020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.216048002 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.216130018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.216881037 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.216927052 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.216979980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.217801094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.217855930 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.217962027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.218698978 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.218745947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.218754053 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.219628096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.219680071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.219691992 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.220550060 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.220598936 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.220663071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.221436977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.221488953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.221568108 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.222347021 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.222398996 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.222446918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.223264933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.223324060 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.223433018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.224174023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.224229097 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.224281073 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.225090027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.225141048 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.225171089 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.226007938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.226058960 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.226124048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.226911068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.226955891 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.227016926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.227813005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.227875948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.227929115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.228729010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.228781939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.228835106 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.229643106 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.229693890 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.229720116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.230541945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.230587959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.230588913 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.231437922 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.231503010 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.231560946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.232372999 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.232424974 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.232475042 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.233272076 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.233318090 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.233517885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.234247923 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.234257936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.234302998 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.235102892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.235152006 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.235229969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.236025095 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.236076117 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.236143112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.236924887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.236975908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.237010002 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.237828016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.237876892 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.237907887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.238739014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.238790989 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.238841057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.290584087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.401947021 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.402101040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.402251005 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.402357101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.402441025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.402487040 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.403256893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.403445005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.403489113 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.404175043 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.404258013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.404300928 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.405073881 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.405215979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.405263901 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.405953884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.406215906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.406259060 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.406882048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.407044888 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.407094955 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.407773018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.407916069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.407963991 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.408719063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.408802986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.408844948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.409609079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.409703970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.409746885 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.410523891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.410665035 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.410710096 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.411437988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.411547899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.411588907 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.412354946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.412424088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.412460089 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.413264036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.413369894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.413407087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.414148092 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.414258957 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.414303064 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.415052891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.415169001 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.415208101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.416014910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.416129112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.416171074 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.416881084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.416955948 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.417005062 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.417834044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.417939901 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.417985916 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.418720961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.418831110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.418880939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.419632912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.419744015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.419802904 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.420537949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.420664072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.420712948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.421448946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.421597004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.421648026 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.422350883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.422432899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.422472000 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.423264980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.423399925 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.423445940 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.424179077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.424261093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.424302101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.425081015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.425201893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.425235987 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.425988913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.426105976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.426147938 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.426889896 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.427012920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.427056074 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.427814960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.427930117 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.427973032 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.428742886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.428838968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.428881884 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.429635048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.429754019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.429802895 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.430598974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.430701971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.430742979 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.431447983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.431581020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.431622982 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.432394981 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.432578087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.432621956 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.433271885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.433396101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.433439970 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.434175014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.434290886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.434329033 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.435089111 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.435203075 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.435239077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.436012983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.436152935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.436192989 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.436940908 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.437028885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.437072992 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.437849045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.437928915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.437962055 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.438734055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.438860893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.438900948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.439654112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.439795971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.439836979 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.440566063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.440660000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.440697908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.441467047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.441520929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.441560030 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.442378998 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.442501068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.442545891 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.443298101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.443430901 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.443473101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.444215059 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.444317102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.444354057 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.445091963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.445260048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.445307970 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.446037054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.446257114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.446300983 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.446938992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.447067022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.447108030 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.447840929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.447948933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.447990894 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.448755980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.448863029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.448898077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.449619055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.493530035 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.593770027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.593883991 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.593921900 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.594006062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.594229937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.594274998 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.594918966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.595015049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.595048904 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.595834017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.595978022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.596023083 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.596740007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.596862078 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.596904993 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.597654104 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.597776890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.597820997 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.598589897 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.598757982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.598800898 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.599490881 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.599601030 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.599642992 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.600389957 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.600469112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.600507021 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.601306915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.601479053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.601522923 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.602217913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.602328062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.602371931 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.603112936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.603254080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.603295088 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.604039907 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.604163885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.604204893 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.604948044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.605056047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.605098963 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.605843067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.606003046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.606045008 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.606786013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.606911898 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.606950998 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.607666016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.607758999 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.607789040 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.608577013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.608722925 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.608766079 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.609500885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.609575033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.609611034 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.610472918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.610483885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.610528946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.611360073 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.611506939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.611548901 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.612251997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.612394094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.612440109 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.613168001 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.613481045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.613524914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.614063978 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.614128113 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.614166975 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.614986897 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.615086079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.615118980 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.615864992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.615993023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.616044044 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.616775036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.616904974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.616951942 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.617700100 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.617791891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.617829084 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.618577003 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.618702888 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.618736029 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.619518995 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.619596004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.619631052 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.620410919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.620544910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.620831966 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.621330023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.621442080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.622284889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.622355938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.623167038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.623249054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.624059916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.624133110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.624958038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.625077009 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.625618935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.625884056 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.626012087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.626060963 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.626811028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.626918077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.626966953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.627691031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.627832890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.627882004 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.628604889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.628741026 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.628789902 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.629540920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.629640102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.629679918 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.630434036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.630564928 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.630610943 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.631395102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.631494045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.631536007 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.632352114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.632425070 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.632467031 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.633169889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.633313894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.633359909 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.634074926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.634185076 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.634227037 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.635001898 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.635101080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.635140896 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.635921955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.636043072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.636091948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.636806011 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.636905909 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.636945963 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.637716055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.637839079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.637887955 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.638612986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.638735056 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.638778925 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.639550924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.639648914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.639693022 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.640429974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.640542984 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.640589952 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.641324997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.681056023 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.786149025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.786246061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.786392927 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.786531925 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.786628008 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.786669016 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.787504911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.787575006 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.787619114 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.788331032 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.788438082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.788475037 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.789236069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.789376974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.789427042 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.790163994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.790263891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.790312052 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.791084051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.791177988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.791215897 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.791966915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.792140007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.792180061 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.792881966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.792996883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.793034077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.793797016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.793931007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.793982029 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.794691086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.794814110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.794859886 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.795629025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.795737982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.795778990 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.796536922 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.796655893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.796701908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.797517061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.797607899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.797656059 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.798331022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.798459053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.798504114 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.799238920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.799348116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.799396992 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.800157070 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.800292015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.800335884 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.801069975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.801178932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.801218033 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.802042007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.802120924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.802161932 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.802889109 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.802970886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.803010941 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.803787947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.803898096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.803941965 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.804713011 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.804828882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.804871082 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.805625916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.805716991 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.805758953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.806524038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.806543112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.806582928 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.807439089 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.807574034 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.807621002 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.808351040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.808492899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.808538914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.809259892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.809381962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.809428930 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.810182095 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.810278893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.810319901 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.811079025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.811182976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.811223984 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.811995983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.812114000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.812166929 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.812891960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.813028097 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.813076019 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.813812971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.813929081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.813977003 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.814718008 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.814826965 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.814866066 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.815651894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.815798044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.815844059 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.816554070 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.816715956 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.816762924 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.817454100 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.817593098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.817641020 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.818377018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.818480968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.818525076 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.819292068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.819396019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.819453001 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.820182085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.820647955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.820693016 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.821104050 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.821209908 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.821258068 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.822048903 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.822168112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.822208881 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.822926998 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.823045969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.823081970 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.823849916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.823947906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.823982000 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.824743032 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.824871063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.824918032 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.825655937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.825787067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.825829029 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.826564074 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.826670885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.826715946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.827481031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.827589989 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.827630997 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.828380108 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.828505993 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.828572989 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.829358101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.829495907 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.829545021 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.830239058 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.830338001 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.830378056 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.831115007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.831228018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.831274986 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.832017899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.832159996 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.832207918 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.832962990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.833070993 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.833117962 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.833807945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.884195089 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.978409052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.978557110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.978715897 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.978795052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.978957891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.979008913 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.979705095 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.979805946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.979847908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.980612040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.980734110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.980786085 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.981538057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.981650114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.981700897 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.982465982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.982587099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.982635021 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.983345032 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.983490944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.983541965 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.984258890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.984399080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.984447002 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.985191107 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.985277891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.985327005 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.986073017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.986143112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.986186981 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.986982107 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.987103939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.987150908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.987896919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.988027096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.988076925 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.988807917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.988924980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.988979101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.989747047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.989775896 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.989813089 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.990643024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.990750074 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.990799904 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.991528034 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.991647959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.991691113 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.992429018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.992572069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.992614985 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.993367910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.993484974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.993526936 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.994252920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.994388103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.994429111 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.995182037 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.995321989 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.995373011 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.996098042 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.996260881 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.996303082 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.997018099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.997096062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.997140884 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.997929096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.998030901 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.998076916 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.998847961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.998944998 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.998991013 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:51.999722004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.999855995 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:51.999906063 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.000813007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.000904083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.000945091 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.001550913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.001672029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.001722097 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.002460957 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.002856016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.002907991 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.003370047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.003518105 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.003568888 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.004280090 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.004431009 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.004482985 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.005182028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.005306005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.005348921 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.006086111 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.006223917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.006274939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.007025957 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.007214069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.007265091 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.007927895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.008057117 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.008110046 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.008860111 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.008996010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.009043932 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.009759903 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.009845018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.009885073 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.010639906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.010752916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.010799885 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.011631012 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.011662006 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.011714935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.012476921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.012594938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.012650967 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.013381004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.013504982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.013556004 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.014309883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.014386892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.014431000 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.015202045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.015324116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.015377045 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.016119957 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.016222000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.016266108 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.017046928 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.017113924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.017167091 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.017946005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.018023968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.018068075 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.018825054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.018944979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.018996954 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.019728899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.019835949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.019881964 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.020632029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.020766020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.020809889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.021585941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.021677971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.021718979 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.022484064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.022592068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.022634983 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.023365021 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.023485899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.023541927 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.024277925 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.024411917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.024466038 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.025202036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.025299072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.025346041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.026072025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.071770906 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.149936914 CET	49675	443	192.168.2.4	173.222.162.32
Dec 11, 2024 00:53:52.170535088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.170672894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.170815945 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.170908928 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.170948982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.171009064 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.172025919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.172081947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.172127962 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.172641993 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.172774076 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.172816038 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.173547983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.173729897 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.173784018 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.174463987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.174586058 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.174637079 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.175400972 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.175499916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.175545931 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.176315069 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.176393986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.176441908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.177225113 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.177328110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.177372932 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.178117990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.178256035 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.178302050 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.179044962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.179126978 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.179167032 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.179941893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.180011034 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.180056095 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.180870056 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.180964947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.181029081 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.181771994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.181886911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.181927919 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.182672977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.182781935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.182821989 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.183609962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.183779955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.183830976 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.184488058 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.184736013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.184787035 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.185400009 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.185575008 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.185626984 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.186309099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.186412096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.186455965 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.187216043 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.187355995 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.187407970 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.188164949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.188302994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.188353062 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.189048052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.189162016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.189205885 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.189956903 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.190063953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.190109968 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.190876007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.190964937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.191003084 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.191781998 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.191903114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.191957951 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.192686081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.192806005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.192852974 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.193615913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.193708897 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.193753958 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.194530010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.194605112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.194648027 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.195434093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.195625067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.195673943 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.196325064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.196407080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.196445942 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.197261095 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.197349072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.197385073 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.198169947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.198287010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.198333025 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.199075937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.199119091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.199157000 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.199969053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.200104952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.200154066 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.200905085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.200988054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.201025009 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.201800108 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.201891899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.201932907 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.202732086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.202817917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.202860117 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.203615904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.203742027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.203783989 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.204509974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.204607964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.204642057 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.205432892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.205502987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.205538988 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.206347942 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.206490040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.206532001 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.207242966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.207357883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.207402945 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.208194971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.208347082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.208385944 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.209096909 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.209235907 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.209276915 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.210016966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.210131884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.210174084 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.210912943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.211020947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.211066961 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.211822987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.211929083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.211972952 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.212737083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.212852001 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.212892056 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.213656902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.213747025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.213792086 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.214571953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.214673996 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.214709044 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.215466022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.215579033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.215620041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.216376066 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.216459990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.216502905 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.217278004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.217345953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.217394114 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.218152046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.259335995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.362539053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.362680912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.362756014 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.362907887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.363042116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.363286972 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.363854885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.363931894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.363972902 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.364741087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.364770889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.364814997 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.365648031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.365770102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.365817070 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.366584063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.366677999 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.366724014 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.367460966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.367589951 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.367647886 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.368380070 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.368494987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.368529081 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.369309902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.369437933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.369484901 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.370207071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.370312929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.370362043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.371215105 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.371272087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.371320009 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.372014046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.372148991 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.372199059 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.372908115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.373034954 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.373085022 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.373842955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.373950005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.373991013 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.374764919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.374872923 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.374916077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.375672102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.375791073 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.375848055 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.376626968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.376691103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.376739979 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.377489090 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.377603054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.377648115 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.378395081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.378506899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.378552914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.379338980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.379429102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.379475117 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.380307913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.380403042 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.380448103 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.381129026 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.381239891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.381289959 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.382035971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.382129908 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.382173061 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.386020899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386728048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386745930 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386755943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386768103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386780024 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.386799097 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386804104 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.386821032 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386837959 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.386840105 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386867046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386888981 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.386914015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.386955023 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.387798071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.387809992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.387857914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.388487101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.388500929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.388541937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.389653921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.389663935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.389708042 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.391207933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.391352892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.391392946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.391904116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.391916037 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.391966105 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.392062902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.392169952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.392218113 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.392992020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.393517971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.393565893 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.394109011 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.394221067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.394270897 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.395175934 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.395380020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.395426035 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.395915031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.396090031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.396132946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.397002935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.397012949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.397059917 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.397782087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.397844076 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.397887945 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.398552895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.398564100 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.398600101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.399710894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.399727106 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.399791956 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.400239944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.400801897 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.400856972 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.401344061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.401354074 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.401388884 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.402170897 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.402183056 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.402239084 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.403024912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.403378010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.403419018 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.404181004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.404191971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.404230118 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.405256987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.405272961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.405312061 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.405838966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.405848980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.405889988 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.406981945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.406991959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.407030106 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.407525063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.407917023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.407958984 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.408616066 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.408626080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.408668995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.409759045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.409770012 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.409810066 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.410268068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.462275982 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.554711103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.554831028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.554888964 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.555115938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.555279970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.555320024 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.556081057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.556147099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.556189060 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.556936026 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.557049036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.557095051 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.557832003 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.558001041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.558043003 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.558748960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.558893919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.558934927 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.559696913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.559782028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.559824944 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.560534000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.560662985 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.560708046 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.561490059 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.561609030 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.561651945 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.562376976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.562575102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.562616110 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.563311100 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.563476086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.563524008 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.564246893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.564392090 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.564440012 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.565148115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.565222025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.565269947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.566035986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.566148996 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.566194057 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.566930056 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.567089081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.567133904 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.567862988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.567939997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.568001032 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.568734884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.568881035 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.568926096 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.573304892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573317051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573331118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573345900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573370934 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.573390007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573400974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573415995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.573426962 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.573430061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573441029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573493004 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.573499918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573518991 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.573574066 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.574409962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.574419975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.574470043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.575074911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.575675964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.575746059 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.576497078 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.576507092 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.576553106 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.577934980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.578005075 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.578047037 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.578505039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.578521013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.578561068 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.578747034 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.578835964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.578881979 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.580089092 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.580099106 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.580144882 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.580806017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.580816031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.580859900 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.581969023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.581979036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.582027912 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.582627058 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.583115101 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.583168983 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.583573103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.583633900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.583678961 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.584419012 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.584429979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.584475040 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.585115910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.585643053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.585694075 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.586231947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.586242914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.586289883 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.587276936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.587322950 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.587368965 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.588049889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.588061094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.588114023 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.588737965 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.588875055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.588932037 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.590143919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.590153933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.590200901 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.590754986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.590853930 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.590899944 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.591866970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.591876984 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.591922045 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.592408895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.593065023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.593117952 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.593485117 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.593494892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.593549967 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.594505072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.594516039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.594563961 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.595181942 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.595531940 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.595597982 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.596267939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.596278906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.596327066 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.596952915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.597434044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.597489119 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.597995996 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.598006010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.598052979 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.598854065 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.598870039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.598926067 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.599679947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.600183964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.600229979 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.600806952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.600914955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.600965977 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.601943970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.601955891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.602003098 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.602406025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.649925947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.747006893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.747049093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.747061014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.747073889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.747126102 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.748050928 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.748122931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.748187065 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.748727083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.748915911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.748960972 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.749685049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.749695063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.749736071 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.750893116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.750902891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.750938892 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.751338005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.751765013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.751812935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.752237082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.752326965 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.752388954 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.753580093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.754714012 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.754771948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.755048990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.755565882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.755620003 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.756102085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.756177902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.756242990 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.756876945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.757137060 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.757189035 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.757504940 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.757515907 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.757560015 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.757689953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.757817030 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.757863045 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.758591890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.759207010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.759258032 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.759848118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.759857893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.759902000 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.760863066 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.760874033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.760925055 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.761533022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.761544943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.761609077 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.762604952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.762615919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.762664080 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.763268948 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.763647079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.763700962 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.764231920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.764344931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.764389992 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.765360117 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.765508890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.765558004 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.765903950 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.766541958 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.766592026 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.767029047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.767115116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.767157078 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.767719984 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.767843962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.767893076 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.768656015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.768706083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.768752098 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.769954920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.769965887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.770004988 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.770694971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.770929098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.770982981 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.771471024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.771492958 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.771541119 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.772672892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.772682905 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.772727013 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.773181915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.773688078 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.773737907 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.774298906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.774339914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.774388075 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.775430918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.775440931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.775491953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.775995016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.776508093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.776561022 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.777101994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.777112961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.777158022 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.777770042 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.777865887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.777910948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.778728962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.778772116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.778817892 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.779860973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.779875994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.779922009 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.780579090 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.781006098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.781054974 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.781527996 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.781538963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.781579018 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.782655954 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.782665968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.782704115 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.783199072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.783756018 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.783804893 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.784380913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.784492970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.784535885 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.785517931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.785528898 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.785576105 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.786125898 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.786137104 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.786184072 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.787163973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.787174940 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.787213087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.787898064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.787980080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.788028002 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.788784027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.788815022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.788855076 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.789952040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.789963007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.790008068 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.790600061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.790733099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.790790081 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.791644096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.791695118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.791738033 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.792490959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.792866945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.792913914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.793236017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.793350935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.793402910 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.794605970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.837330103 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.939008951 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.939184904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.939244986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.939245939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.939404964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.939452887 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.940567017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.940578938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.940622091 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.941215992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.941591978 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.941641092 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.942207098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.942219973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.942260981 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.943490982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.943504095 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.943552971 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.944190025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.944200993 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.944252014 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.944987059 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.944998980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.945055962 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.945904016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.946062088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.946105003 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.946528912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.946713924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.946769953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.947446108 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.947581053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.947635889 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.948343039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.948463917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.948520899 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.949289083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.949333906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.949374914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.950182915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.950330019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.950382948 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.951078892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.951139927 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.951179981 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.952008009 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.952102900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.952151060 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.952910900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.953047991 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.953097105 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.953829050 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.953955889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.954005957 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.954732895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.954808950 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.954850912 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.955636024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.955810070 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.955863953 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.956603050 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.956691980 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.956737995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.957448006 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.957576036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.957627058 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.958359003 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.958489895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.958535910 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.959273100 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.959367990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.959412098 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.960258007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.960375071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.960426092 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.961101055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.961477041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.961527109 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.962019920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.962364912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.962409973 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.962920904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.963041067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.963087082 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.963833094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.963926077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.963969946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.964714050 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.964843988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.964893103 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.965665102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.965734959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.965780973 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.966542959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.966715097 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.966759920 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.967468023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.967593908 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.967644930 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.968385935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.968506098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.968553066 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.969327927 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.969506025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.969556093 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.970210075 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.970289946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.970335007 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.971096039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.971209049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.971255064 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.972035885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.972127914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.972170115 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.972976923 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.973053932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.973099947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.973844051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.973949909 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.974004030 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.974752903 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.974881887 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.974929094 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.975660086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.975783110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.975832939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.976612091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.976705074 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.976748943 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.977508068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.977698088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.977751017 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.978400946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.978545904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.978595972 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.979330063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.979495049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.979547024 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.980243921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.980345964 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.980392933 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.981162071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.981264114 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.981308937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.982042074 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.982160091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.982211113 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.982964039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.983114004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.983165026 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.983860970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.983999968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.984045982 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.984771013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.984827995 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.984867096 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.985687971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.985794067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:52.985845089 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:52.986547947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.040528059 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.130995989 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.131094933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.131150007 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.131412983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.131609917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.131654978 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.132333040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.132407904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.132453918 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.133236885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.133356094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.133400917 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.134149075 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.134202957 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.134244919 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.135057926 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.135195971 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.135242939 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.135968924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.136086941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.136130095 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.136873960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.137000084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.137052059 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.137775898 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.137903929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.137943983 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.138672113 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.138787031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.138839960 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.139581919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.139694929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.139741898 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.140486002 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.140600920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.140645027 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.141403913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.141527891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.141573906 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.142344952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.142451048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.142513037 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.143238068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.143337965 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.143392086 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.144159079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.144311905 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.144365072 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.145066977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.145178080 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.145226955 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.145998955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.146065950 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.146111012 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.146903038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.147022009 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.147074938 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.147835970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.147910118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.147953987 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.148699045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.148793936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.148838997 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.149610043 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.149729967 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.149791956 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.150520086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.150621891 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.150687933 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.151444912 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.151566029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.151618004 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.152343988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.152436972 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.152478933 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.153281927 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.153361082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.153409004 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.154187918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.154279947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.154323101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.155056000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.155173063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.155224085 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.155987024 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.156183004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.156236887 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.156872988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.157004118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.157053947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.157819986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.157959938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.158009052 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.158740997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.158878088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.158931971 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.159622908 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.159831047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.159883976 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.160546064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.160657883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.160706043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.161456108 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.161581993 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.161628962 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.162359953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.162472963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.162523031 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.163269043 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.163384914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.163429976 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.164196014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.164308071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.164350033 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.165124893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.165225983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.165275097 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.166008949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.166102886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.166147947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.166915894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.167009115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.167054892 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.167823076 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.167936087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.167979002 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.168725967 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.168886900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.168941021 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.169631958 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.169730902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.169770002 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.170540094 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.170716047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.170766115 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.171452045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.171545982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.171591043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.172380924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.172497988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.172550917 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.173341990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.173485041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.173533916 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.174211979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.174314976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.174361944 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.175122976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.175225019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.175275087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.176074982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.176218033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.176263094 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.176948071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.177021027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.177062035 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.177869081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.177989006 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.178039074 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.178710938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.228037119 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.323201895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.323350906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.323494911 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.323626041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.323812962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.323863983 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.324527979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.324637890 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.324680090 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.325479984 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.325843096 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.325892925 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.326364040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.326493979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.326545954 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.327284098 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.327385902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.327433109 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.328197956 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.328329086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.328380108 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.329108000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.329204082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.329243898 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.330024004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.330117941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.330162048 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.330914974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.331016064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.331062078 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.331846952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.331954956 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.331998110 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.332743883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.332875013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.332921982 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.333645105 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.333781004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.333827019 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.334554911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.334669113 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.334718943 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.335479975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.335613966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.335658073 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.336375952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.336509943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.336560965 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.337280989 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.337388992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.337431908 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.338207960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.338345051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.338392973 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.339127064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.339267969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.339328051 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.340022087 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.340086937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.340132952 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.340936899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.341065884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.341113091 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.341835022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.341955900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.342005014 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.342737913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.342849016 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.342900991 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.343656063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.343775988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.343825102 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.344635010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.344674110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.344724894 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.345467091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.345590115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.345640898 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.346378088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.346502066 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.346554041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.347322941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.347423077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.347470045 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.348206997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.348309994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.348354101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.349139929 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.349245071 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.349283934 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.350038052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.350163937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.350208044 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.350953102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.351062059 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.351110935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.351872921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.352018118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.352065086 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.352809906 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.352942944 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.353003025 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.353692055 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.353822947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.353877068 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.354597092 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.354685068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.354728937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.355587006 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.355603933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.355653048 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.356421947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.356511116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.356550932 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.357312918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.357415915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.357458115 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.358251095 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.358366966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.358417034 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.359122038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.359230042 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.359281063 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.360047102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.360172987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.360224962 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.360975981 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.361068010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.361109972 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.361880064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.361968040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.362014055 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.362793922 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.362903118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.362950087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.363686085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.363786936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.363826036 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.364579916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.364718914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.364769936 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.365529060 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.365636110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.365686893 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.366451025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.366545916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.366580009 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.367346048 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.367459059 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.367507935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.368237019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.368407011 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.368460894 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.369158983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.369262934 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.369307995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.370069027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.370676994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.370728016 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.370960951 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.415406942 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.515316963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.515347004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.515461922 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.515734911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.515850067 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.515929937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.516092062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.516794920 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.516840935 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.516936064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.517699003 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.517749071 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.517806053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.518564939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.518615007 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.518639088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.519514084 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.519563913 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.519573927 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.520384073 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.520428896 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.520495892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.521610975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.521658897 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.521727085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.522663116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.522712946 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.522735119 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.523165941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.523216009 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.523274899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.524055004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.524106026 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.524157047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.524971962 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.525022984 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.525140047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.525866985 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.525919914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.526181936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.526787996 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.526838064 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.526901007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.527704954 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.527753115 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.527813911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.528588057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.528637886 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.528683901 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.529509068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.529557943 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.529603004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.530401945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.530447960 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.530508995 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.531337023 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.531380892 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.531414032 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.532239914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.532290936 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.532345057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.533195019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.533241987 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.533312082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.534109116 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.534161091 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.534181118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.534975052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.535027981 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.535096884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.535918951 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.535979033 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.536015987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.536809921 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.536868095 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.536990881 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.537734032 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.537811995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.537837029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.538615942 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.538676977 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.538727045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.539531946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.539599895 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.539653063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.540425062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.540465117 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.540512085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.541372061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.541428089 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.541429996 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.542239904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.542290926 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.542407990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.543164968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.543215036 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.543287992 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.544085979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.544136047 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.544217110 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.545044899 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.545092106 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.545094967 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.545914888 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.545973063 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.546035051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.546837091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.546900034 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.546921015 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.547744989 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.547801971 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.547868013 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.548655987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.548703909 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.548755884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.549550056 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.549597025 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.549649000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.550477982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.550522089 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.550606966 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.551397085 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.551450968 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.551472902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.552285910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.552330017 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.552390099 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.553251982 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.553299904 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.553361893 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.554131985 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.554179907 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.554208994 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.555006027 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.555067062 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.555100918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.555958033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.556041956 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.556094885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.556864977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.556915998 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.556946993 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.557748079 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.557796955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.557799101 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.558643103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.558690071 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.558764935 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.559551954 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.559607029 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.559690952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.560484886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.560528040 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.560549974 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.561371088 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.561414957 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.561490059 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.562293053 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.562330008 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.562355042 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.602900982 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.707693100 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.707856894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.707900047 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.708055973 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.708286047 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.708331108 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.709008932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.709112883 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.709156990 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.709875107 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.709913969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.709950924 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.710769892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.710997105 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.711045027 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.711694002 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.711710930 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.711751938 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.712580919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.712723970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.712765932 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.713494062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.713576078 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.713619947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.714492083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.714833975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.714881897 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.715343952 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.715507984 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.715558052 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.716236115 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.716346979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.716394901 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.717134953 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.717197895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.717238903 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.718108892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.718203068 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.718242884 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.718971014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.719036102 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.719084024 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.719886065 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.719990969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.720036983 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.720782995 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.720925093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.720979929 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.721693039 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.721754074 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.721788883 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.722641945 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.722716093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.722763062 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.723515987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.723627090 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.723676920 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.724456072 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.724509954 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.724606991 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.725382090 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.725475073 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.725522041 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.726262093 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.726361990 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.726407051 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.727197886 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.727240086 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.727282047 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.728085041 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.728179932 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.728223085 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.728992939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.729099989 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.729141951 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.729935884 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.729984999 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.730016947 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.730799913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.730937958 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.730983973 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.731724977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.731782913 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.731822014 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.732624054 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.732846022 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.732888937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.733519077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.733556032 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.733602047 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.734431028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.734523058 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.734569073 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.735353947 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.735426903 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.735466957 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.736274004 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.736460924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.736512899 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.737185001 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.737306118 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.737358093 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.738121033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.738189936 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.738235950 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.739196062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.739259005 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.739305019 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.739942074 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.740196943 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.740247011 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.740812063 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.740928888 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.740978956 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.741738081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.741837025 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.741878986 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.742660046 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.742799997 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.742846966 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.743552923 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.743669033 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.743712902 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.744450092 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.744539976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.744596958 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.745353937 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.745486975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.745537043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.746323109 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.746335983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.746385098 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.747185946 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.747271061 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.747319937 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.748117924 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.748162031 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.748203039 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.748994112 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.749116898 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.749160051 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.749932051 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.750046968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.750097990 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.750814915 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.750895977 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.750931025 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.751743078 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.751827955 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.751864910 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.752645969 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.752752066 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.752801895 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.753573895 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.753624916 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.753667116 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.754502058 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.754513979 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.754556894 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.755352020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.806036949 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.899815083 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.899846077 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.899912119 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.900213003 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.900495052 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.900541067 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.901133060 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.901352882 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.901410103 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.902009010 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.902131081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.902175903 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.902925968 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.903053045 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.903101921 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.903837919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.903958082 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.904010057 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.904762983 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.904881954 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.904933929 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.905643940 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.905724049 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.905769110 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.906575918 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.906702042 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.906745911 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.907454967 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.907618999 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.907674074 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.908385038 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.908539057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.908591032 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.909308910 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.909461975 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.909512043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.910197020 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.910300970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.910352945 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.911101103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.911192894 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.911236048 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.912019014 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.912127972 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.912164927 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.912961960 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.913048029 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.913094044 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.913846970 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.913935900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.913975000 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.914756060 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.914851904 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.914896011 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.915672064 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.915791988 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.915837049 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.916596889 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.916703939 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.916743994 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.917490959 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.917604923 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.917675018 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.918390036 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.918483019 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.918524981 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.919327021 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.919433117 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.919481039 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.920208931 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.920376062 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.920425892 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.921140909 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.921196938 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.921236038 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.922086000 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.922198057 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.922244072 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.922988892 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.923059940 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.923098087 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.923885107 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.923985958 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.924024105 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.924812078 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.924865007 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.924904108 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.925699949 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.925755978 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.925792933 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.926604986 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.926640987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.926682949 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.927501917 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.927548885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.927588940 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.928411961 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.928544044 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.928587914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.929330111 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.929445028 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.929491043 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.930244923 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.930347919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.930387020 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.931119919 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.931257963 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.931303024 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.932061911 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.932195902 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.932234049 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.932961941 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.933053017 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.933094025 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.933854103 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.933979034 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.934029102 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.934786081 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.934897900 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.934943914 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.935734987 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.935812950 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.935851097 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.936594009 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.936677933 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.936717987 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.937506914 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.937625885 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.937673092 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.938445091 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.938570976 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.938615084 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:53.939285040 CET	80	49730	18.165.213.23	192.168.2.4
Dec 11, 2024 00:53:53.993535995 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:53:54.028546095 CET	49730	80	192.168.2.4	18.165.213.23
Dec 11, 2024 00:54:01.083875895 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:01.083908081 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:01.083996058 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:01.087456942 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:01.087469101 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:02.761924028 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:02.762011051 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:02.792298079 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:02.792310953 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:02.793291092 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:02.837320089 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:02.985981941 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:02.986072063 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:02.986201048 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.013534069 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.013591051 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.013612032 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.013655901 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.013675928 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.013694048 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.013892889 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.013950109 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.013955116 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.014039993 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.014091015 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.016052008 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.016062975 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.016093016 CET	49731	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.016098976 CET	443	49731	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.189255953 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.189291954 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:04.189445019 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.189770937 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:04.189783096 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:05.908006907 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:05.908073902 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:05.909538984 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:05.909553051 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:05.909779072 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:05.911103010 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:05.911125898 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:05.911129951 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:06.925569057 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:06.925785065 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:06.925848961 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:06.925954103 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:06.925968885 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:06.925983906 CET	49732	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:06.925988913 CET	443	49732	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:07.100759983 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:07.100805998 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:07.100971937 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:07.101331949 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:07.101346970 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.331415892 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.331494093 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.343065977 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.343086004 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.343398094 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.357429981 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.403332949 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.801976919 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.802102089 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.802167892 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.802192926 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.802304983 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.802349091 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.802356958 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.802469015 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.802514076 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.802520990 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.809927940 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.809982061 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.809990883 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.818411112 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.818470955 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.818480015 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.868695974 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.868705988 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.915446043 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.922612906 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.977950096 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.993264914 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.993412018 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.993419886 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.993441105 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.993479967 CET	49735	443	192.168.2.4	172.67.26.92
Dec 11, 2024 00:54:08.993488073 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:08.993506908 CET	443	49735	172.67.26.92	192.168.2.4
Dec 11, 2024 00:54:09.060895920 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:09.060925961 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:09.061005116 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:09.061343908 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:09.061355114 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:10.738421917 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:10.738504887 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:10.739778042 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:10.739783049 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:10.740170956 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:10.747332096 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:10.791332006 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.310542107 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.352945089 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.357110977 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.357147932 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.357180119 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.357197046 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.357215881 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.357223034 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.357255936 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.357263088 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.357297897 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.540540934 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.540606022 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.540626049 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.540633917 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.540683985 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.589310884 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.589360952 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.589390039 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.589396000 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.589437962 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.589442968 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.589514017 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.589560986 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.603543043 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.603549957 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.603566885 CET	49738	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.603570938 CET	443	49738	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.643558025 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.643585920 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:11.643660069 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.644051075 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:11.644066095 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:12.592112064 CET	49723	80	192.168.2.4	199.232.214.172
Dec 11, 2024 00:54:12.713135958 CET	80	49723	199.232.214.172	192.168.2.4
Dec 11, 2024 00:54:12.713324070 CET	49723	80	192.168.2.4	199.232.214.172
Dec 11, 2024 00:54:13.306667089 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.306771040 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:13.308120012 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:13.308129072 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.308384895 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.316348076 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:13.363337040 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.934051037 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.977972031 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:13.980576038 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.980602026 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.980643034 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.980650902 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:13.980673075 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.980690956 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.980710983 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:13.980720043 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:13.980732918 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:13.980761051 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:14.153512001 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:14.153554916 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:14.153579950 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:14.153598070 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:14.153637886 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:14.263889074 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:14.263909101 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:14.263919115 CET	49740	443	192.168.2.4	65.9.108.35
Dec 11, 2024 00:54:14.263926029 CET	443	49740	65.9.108.35	192.168.2.4
Dec 11, 2024 00:54:23.589359999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:23.709980965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:23.710294962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:23.710481882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:23.831252098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954541922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954585075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954596996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954641104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:24.954809904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954821110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954843998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954859972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.954866886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:24.954874992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:24.955092907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.955226898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.955240965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:24.955280066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.074131012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.074143887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.074189901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.146892071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.147034883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.147089958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.150863886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.151022911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.151067972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.159302950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.159374952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.159435987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.167653084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.167787075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.167834997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.176122904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.176353931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.176399946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.184461117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.184581995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.184628963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.192861080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.193012953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.193058014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.201317072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.201415062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.201456070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.209666967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.209768057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.209826946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.218095064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.218182087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.218225002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.226499081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.226821899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.226867914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.266340971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.266421080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.266480923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.338588953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.338654041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.338710070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.341087103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.342025042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.342077017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.342138052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.347132921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.347172022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.347196102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.352144957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.352202892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.352221012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.357219934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.357278109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.357304096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.362042904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.362114906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.362175941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.366890907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.366952896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.366967916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.371818066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.371869087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.371891022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.376605034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.376667023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.376698017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.381468058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.381510973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.381571054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.386431932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.386503935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.386524916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.391187906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.391289949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.391319036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.396085024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.396147013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.396179914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.399862051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.399924040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.399966955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.403676987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.403748035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.403765917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.407483101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.407546043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.407576084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.411269903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.411326885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.411417961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.415083885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.415143013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.415195942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.418953896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.418963909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.419023991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.425672054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.425683022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.425721884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.458035946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.458091021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.458127975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.459927082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.459971905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.460036039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.463815928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.463850021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.463877916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.509259939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.530599117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.530687094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.530741930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.532129049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.532273054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.532316923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.535214901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.536350012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.536397934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.536456108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.539382935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.539433002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.539438009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.542320967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.542365074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.542428970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.545200109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.545242071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.545320034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.547960043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.548008919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.548070908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.550709963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.550753117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.550784111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.553420067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.553467035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.553499937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.556142092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.556184053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.556257010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.558887959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.558931112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.558942080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.561583996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.561621904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.561638117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.564296961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.564474106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.564500093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.566998959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.567037106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.567110062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.569732904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.569782019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.569859028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.572424889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.572470903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.572542906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.575159073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.575196981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.575248957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.577883005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.577934027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.577986002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.580614090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.580647945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.580656052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.583363056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.583405972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.583411932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.585395098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.585436106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.585520029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.587433100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.587475061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.587548018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.589452982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.589500904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.589565039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.591553926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.591595888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.591628075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.593580008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.593616009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.593687057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.595571041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.595622063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.595691919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.597547054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.597600937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.597685099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.599571943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.599600077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.599618912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.601578951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.601638079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.601638079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.603636980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.603661060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.603679895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.605629921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.605684042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.605688095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.607645988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.607692957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.607772112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.609671116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.609714985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.609935999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.611720085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.611754894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.611771107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.613763094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.613784075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.613807917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.615761995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.615797997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.615807056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.617779016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.617822886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.617909908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.619801998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.619838953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.722538948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.722626925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.722680092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.723341942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.723661900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.723714113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.723773003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.725323915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.725370884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.725461960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.726967096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.727016926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.727019072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.728564978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.728612900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.728665113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.730117083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.730165958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.730232954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.731692076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.731740952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.731776953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.733423948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.733479977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.733511925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.734738111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.734785080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.734837055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.736251116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.736296892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.736375093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.737792015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.737845898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.737848043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.739195108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.739253998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.739289045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.740643024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.740679979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.740753889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.742100954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.742141962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.742175102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.743519068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.743563890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.743597031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.744940042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.744988918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.745034933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.746335983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.746381044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.746433020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.747797966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.747850895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.747850895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.749176025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.749222994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.749284983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.750586033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.750633001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.750693083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.752059937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.752108097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.752156973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.753434896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.753480911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.753535032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.754847050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.754889011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.754926920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.756309032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.756364107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.756403923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.757710934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.757766962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.757850885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.759104967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.759144068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.759221077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.760530949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.760572910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.760629892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.761944056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.761986017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.762082100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.763376951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.763421059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.763648987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.764780998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.764822006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.764904976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.766186953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.766237020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.766288996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.767613888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.767662048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.767682076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.769021988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.769068003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.769114971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.770442009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.770488024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.770543098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.771876097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.771924973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.771982908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.773293018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.773332119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.773417950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.774698973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.774744034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.774806976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.776112080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.776154041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.776213884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.777546883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.777590036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.777719975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.778958082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.779000998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.779006004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.780369043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.780410051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.780473948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.781799078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.781840086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.781903982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.783211946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.783255100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.783289909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.784631014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.784673929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.784734011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.786111116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.786154032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.786158085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.787475109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.787518024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.787561893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.789014101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.789057970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.789123058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.790290117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.790333033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.790412903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.791718960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.791765928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.791791916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.793176889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.793216944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.793382883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.794581890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.794621944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.794667006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.795963049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.796004057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.914669991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.914800882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.914866924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.915280104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.915364981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.915406942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.916568041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.916630983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.916673899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.917701006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.917804956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.917850018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.918833971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.918972015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.919013977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.920036077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.920134068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.920176029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.921211958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.921334982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.921386957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.922425032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.922631025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.922673941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.923584938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.923727989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.923774958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.924763918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.924860001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.924901962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.925966978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.926070929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.926114082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.927139044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.927246094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.927290916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.928314924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.928354979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.928395987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.929532051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.929637909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.929675102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.930699110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.930809021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.930855989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.931907892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.932137966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.932182074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.933084011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.933203936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.933250904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.934282064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.934408903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.934451103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.935465097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.935576916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.935620070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.936635017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.936786890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.936829090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.937871933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.937994957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.938040972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.939018965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.939141035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.939196110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.940206051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.940294027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.940342903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.941386938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.941497087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.941546917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.942564964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.942677021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.942718983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.943752050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.943865061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.943917036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.944947958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.944988966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.945034027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.946122885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.946238995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.946300030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.947285891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.947469950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.947515965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.948481083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.948599100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.948647976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.949733019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.949882984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.949922085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.950892925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.951025009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.951072931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.952184916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.952467918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.952514887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.953265905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.953393936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.953435898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.954427004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.954534054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.954575062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.955651999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.955769062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.955817938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.956810951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.956943035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.956991911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.957993031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.958118916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.958163023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.959166050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.959259033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.959306955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.960402012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.960452080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.960501909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.961534977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.961685896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.961730957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.962708950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.962824106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.962876081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.963907003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.964014053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.964061975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.965079069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.965193033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.965234041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.966274023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.966388941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.966429949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.967468977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.967570066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.967614889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.968655109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.968765974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.968811989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.969825029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.970000982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.970046043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.970998049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.971162081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.971200943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.972187996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.972312927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.972356081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.973414898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.973525047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.973568916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.974569082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.974667072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.974709034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.975802898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.975902081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:25.975946903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:25.976907015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.024912119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.106868029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.106965065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.107042074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.107443094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.107589006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.107642889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.108593941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.109034061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.109086037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.109134912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.110213995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.110325098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.110378027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.111399889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.111557961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.111605883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.112586021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.112637043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.112690926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.113785982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.113883972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.113938093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.114983082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.115057945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.115103960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.116153955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.116266966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.116314888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.117328882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.117377043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.117450953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.118539095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.118622065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.118675947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.119712114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.119760036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.119782925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.120891094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.120939970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.121001005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.122112036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.122172117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.122240067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.123287916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.123333931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.123377085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.124469042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.124512911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.124543905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.125629902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.125727892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.125777960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.126816988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.126920938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.126966953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.128000021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.128046989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.128117085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.129194975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.129240990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.129323006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.130383015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.130501986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.130554914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.131555080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.131652117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.131695986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.132733107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.132778883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.132808924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.133944988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.134064913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.134111881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.135104895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.135232925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.135284901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.136301994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.136418104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.136462927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.137495041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.137542009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.137631893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.138752937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.138792992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.138803959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.139863968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.139935970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.139982939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.141061068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.141103983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.141159058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.142255068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.142309904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.142410994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.143425941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.143548965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.143599987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.144610882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.144709110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.144757032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.145802021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.145889044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.145942926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.147006035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.147066116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.147095919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.148173094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.148220062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.148274899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.149346113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.149401903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.149451971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.150532961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.150636911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.150692940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.151743889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.151839972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.151890039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.152909040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.152955055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.153059959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.154100895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.154195070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.154243946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.155297995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.155347109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.155399084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.156476021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.156518936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.156569004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.157660961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.157706022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.157758951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.158838034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.158880949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.158910036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.160024881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.160067081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.160116911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.161205053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.161245108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.161292076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.162396908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.162430048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.162492990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.163578033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.163619995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.163685083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.164778948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.164820910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.164853096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.165961027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.166007042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.166048050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.167136908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.167191982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.167246103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.168329954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.168371916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.168385029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.212412119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.299249887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.299391031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.299441099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.299806118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.299865961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.299911022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.301009893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.301106930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.301147938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.302196980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.302272081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.302311897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.303390980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.303486109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.303533077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.304563046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.304640055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.304685116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.305777073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.305840015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.305882931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.306901932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.306993008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.307039976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.308115005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.308237076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.308279991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.309313059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.309452057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.309489965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.310482025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.310561895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.310601950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.311657906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.311779022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.311820984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.312848091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.312948942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.312990904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.314034939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.314143896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.314184904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.315232992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.315347910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.315387964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.316406012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.316524029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.316562891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.317596912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.317696095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.317734003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.318768978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.318883896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.318924904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.319991112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.320090055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.320123911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.321151018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.321259975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.321300983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.322335005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.322436094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.322474957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.323518038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.323690891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.323740005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.324732065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.324851036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.324892044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.325957060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.326035976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.326093912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.327091932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.327192068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.327234983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.328324080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.328394890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.328435898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.329476118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.329582930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.329622984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.330656052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.330763102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.330806017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.331828117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.331923962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.331967115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.333024979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.333139896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.333178997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.334191084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.334307909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.334351063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.335380077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.335541010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.335589886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.336566925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.336713076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.336760998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.337768078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.337896109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.337935925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.338956118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.339076996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.339123011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.340137005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.340248108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.340296984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.341329098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.341440916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.341483116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.342520952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.342655897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.342721939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.343698978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.343755960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.343799114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.344863892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.344980955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.345021009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.346050024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.346157074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.346198082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.347296000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.347354889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.347398996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.348434925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.348527908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.348568916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.349634886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.349739075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.349782944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.350806952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.350924015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.350964069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.351982117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.352111101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.352160931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.353146076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.353269100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.353311062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.354341984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.354471922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.354511976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.355540991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.355704069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.355746984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.356736898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.356853008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.356894016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.357923985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.358053923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.358093977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.359113932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.359208107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.359256029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.360294104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.360414982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.360456944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.361423969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.415508032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.491259098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.491319895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.491445065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.491815090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.491971970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.492016077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.493011951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.493151903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.493196964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.494230032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.494350910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.494395018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.495394945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.495516062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.495563030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.496577024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.496679068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.496716976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.497756958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.497957945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.497999907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.498933077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.499039888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.499089956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.500117064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.500248909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.500302076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.501322985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.501454115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.501507044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.502505064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.502636909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.502691984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.503695965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.503854990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.503901958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.504858017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.504956961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.505001068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.506058931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.506150007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.506196976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.507226944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.507358074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.507409096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.508402109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.508517027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.508562088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.509598017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.509728909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.510796070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.510844946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.511033058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.511080980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.512018919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.512084961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.512120962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.513153076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.513293028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.513340950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.514384031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.514457941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.514506102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.515548944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.515657902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.515702963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.516705990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.516846895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.516890049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.517906904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.518023014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.518071890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.519093037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.519218922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.519259930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.520265102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.520394087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.520437956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.521466017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.521682978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.521728039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.522728920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.522855997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.522900105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.523883104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.524025917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.524066925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.525084019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.525223017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.525260925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.526205063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.526339054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.526431084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.527417898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.527549982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.527590990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.528572083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.528677940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.528723001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.529755116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.529867887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.529911995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.530949116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.531050920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.531091928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.532130003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.532243967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.532288074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.533318043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.533417940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.533457994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.534497976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.534603119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.534641027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.535706997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.535804033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.535849094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.536914110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.536988974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.537038088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.538064957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.538197994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.538244009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.539251089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.539383888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.539426088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.540458918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.540721893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.540760994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.541631937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.541740894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.541785955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.542794943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.542918921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.542958021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.543999910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.544141054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.544198990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.545178890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.545284033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.545373917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.546386957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.546509027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.546562910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.547545910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.547749043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.547799110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.549099922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.549144983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.549192905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.549942970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.550033092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.550076008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.551101923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.551219940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.551264048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.552294016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.552429914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.552469015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.553445101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.603027105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.683552027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.683644056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.683697939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.684084892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.684146881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.684194088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.685291052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.685419083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.685477018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.686470985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.686567068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.686616898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.687680006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.687788963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.687839985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.688858032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.688987970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.689524889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.690032959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.690148115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.691226006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.691267014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.691358089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.692408085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.692451000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.692487001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.692528009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.693604946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.693705082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.694771051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.694813967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.694891930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.695975065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.696014881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.696091890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.696135998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.697145939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.697259903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.697303057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.698911905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.698935032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.698977947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.699515104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.699642897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.700721025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.700766087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.700830936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.701523066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.701903105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.702003002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.702049971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.703078032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.703212976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.703253984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.704260111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.704390049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.705441952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.705487967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.705545902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.706654072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.706685066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.706698895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.706726074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.707839012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.707957029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.708000898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.709021091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.709112883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.709161043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.710191011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.710329056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.711374044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.711432934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.711488008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.712565899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.712613106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.712682962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.713736057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.713782072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.713867903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.713915110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.714920998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.715085030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.715132952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.716151953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.716725111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.716767073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.719784975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.719795942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.719830990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.719841003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.719844103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.719863892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.719875097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.719891071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.719908953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.721204996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.721215963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.721251011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.723721027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.724190950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.724232912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.724319935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.724337101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.724384069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.724442005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.724570036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.726061106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.726070881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.726110935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.727199078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.727210999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.727247000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.728743076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.728823900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.729186058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.729234934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.729338884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.730521917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.730534077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.730561018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.730577946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.731640100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.731813908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.731858969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.732744932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.732819080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.732858896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.733938932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.734066010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.735096931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.735141039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.735224962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.736287117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.736339092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.736408949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.736452103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.737544060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.737627983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.737672091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.738671064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.738806009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.738850117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.739886999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.739990950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.740045071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.741044044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.741174936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.742217064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.742264986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.742352009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.743407965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.743451118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.743530035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.743573904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.744600058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.744726896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.744781971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.745719910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.790517092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.875781059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.875977039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.876056910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.876317978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.876386881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.876435041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.877543926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.877651930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.877696037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.878681898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.878793955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.879527092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.879882097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.879992008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.881083965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.881130934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.881155968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.882250071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.882293940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.882302999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.882344961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.883436918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.883542061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.883588076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.884608984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.884707928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.885793924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.885843039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.885926962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.886992931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.887053967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.887087107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.887140989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.888212919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.888302088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.888349056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.889358044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.889486074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.889528990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.890538931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.890666962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.891520023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.891725063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.891844988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.892925024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.892966986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.893062115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.894110918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.894150019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.894232035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.895297050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.895328999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.895332098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.895365953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.896478891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.896600008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.896645069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.897681952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.897804022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.897845984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.898860931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.898961067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.899557114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.900029898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.900135040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.901252985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.901312113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.901324034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.902431965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.902482033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.902515888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.902558088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.903605938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.903712988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.904779911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.904825926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.904884100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.905950069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.905998945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.906061888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.907154083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.907195091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.907257080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.907305956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.908334017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.908456087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.908500910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.909507990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.909611940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.909656048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.910738945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.910819054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.911569118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.911894083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.912009954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.912055016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.913089037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.913203001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.913258076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.914266109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.914391994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.914436102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.915471077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.915621042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.916003942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.916625977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.916662931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.916876078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.917835951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.917939901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.917987108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.919006109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.919122934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.919174910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.920218945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.920285940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.920331001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.921371937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.921498060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.921545982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.922550917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.922662020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.923763037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.923810959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.923897028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.924943924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.924989939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.925045013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.925090075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.926126003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.926249981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.926294088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.927337885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.927442074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.927488089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.928488970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.928617001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.928662062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.929677010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.929830074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.930876017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.930918932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.930941105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.931552887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.932064056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.932164907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.932212114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.933234930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.933341026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.933384895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.934423923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.934621096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.935591936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.935605049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.935723066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.936810017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.936846018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:26.936887980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.937946081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:26.937992096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.067954063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.068097115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.068142891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.068532944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.068630934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.068674088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.069721937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.069819927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.069859982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.070856094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.070960045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.071053982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.072052002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.072202921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.072252035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.073256969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.073354006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.073405027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.074438095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.074532032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.074565887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.075634003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.075812101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.075855970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.076806068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.076934099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.076975107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.077986002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.078138113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.078178883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.079160929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.079269886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.079307079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.080390930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.080490112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.080533981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.081554890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.081667900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.081702948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.082743883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.082839966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.082880020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.083893061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.083950996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.083987951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.085100889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.085232019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.085275888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.086277962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.086385012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.086424112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.087511063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.087594032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.087631941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.088804007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.088911057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.088943958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.089863062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.089972973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.090007067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.091036081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.091137886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.091182947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.092231035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.092427969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.092468977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.093401909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.093472004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.093508005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.094583988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.094722033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.094763041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.095823050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.095909119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.095957994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.096976995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.097090960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.097136021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.098156929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.098285913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.098324060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.099364042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.099473953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.099514961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.100517988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.100579977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.100615978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.101732016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.101830959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.101870060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.102933884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.103130102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.103168011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.104096889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.104299068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.104340076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.105271101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.105396032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.105439901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.106477976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.106585979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.106623888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.107656956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.107769012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.107815027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.108818054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.108937979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.108979940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.110016108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.110131025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.110168934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.111211061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.111406088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.111448050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.112524986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.112546921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.112591982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.113586903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.113687992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.113725901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.114743948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.114864111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.114903927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.115979910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.116290092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.116333961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.117129087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.117238998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.117283106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.118304014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.118447065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.118485928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.119503021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.119636059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.119679928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.120663881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.120780945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.120821953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.121846914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.121956110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.121998072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.123034000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.123172998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.123214006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.124234915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.124341965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.124387026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.125442028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.125559092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.125603914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.126600981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.126746893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.126791000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.127788067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.127904892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.127947092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.128967047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.129085064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.129128933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.130132914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.181149006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.260396957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.260435104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.260502100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.260895014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.261157990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.261199951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.261280060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.262336016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.262378931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.262409925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.263534069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.263581038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.263612032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.264707088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.264748096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.264797926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.265914917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.265958071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.266011953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.267097950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.267136097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.267183065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.268277884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.268322945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.268382072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.269453049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.269500017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.269537926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.270641088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.270678997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.270766973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.271812916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.271859884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.271925926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.272994041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.273034096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.273109913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.274200916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.274240017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.274287939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.275392056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.275435925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.275475979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.276562929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.276612043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.276674986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.277781963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.277827024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.277873993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.278923035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.278969049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.279042959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.280127048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.280170918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.280234098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.281320095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.281358957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.281414986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.282475948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.282517910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.282665968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.283688068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.283734083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.283859968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.284861088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.284897089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.284955025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.286077976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.286124945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.286155939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.287245989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.287290096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.287359953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.288435936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.288476944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.288552999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.289596081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.289639950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.289685965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.290806055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.290847063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.290890932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.291985989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.292028904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.292084932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.293163061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.293205976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.293273926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.294343948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.294388056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.294456959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.295583963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.295619011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.295736074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.296763897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.296807051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.296916962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.297959089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.298000097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.298022032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.299107075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.299149036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.299181938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.300288916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.300332069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.300472021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.301471949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.301515102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.301570892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.302683115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.302720070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.302725077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.303838015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.303879976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.303941965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.305061102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.305077076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.305100918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.306221962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.306266069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.306320906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.307415962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.307462931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.307498932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.308583021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.308626890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.308687925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.309777975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.309818983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.309833050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.310975075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.311018944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.311070919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.312156916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.312197924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.312208891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.313339949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.313379049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.313497066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.314501047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.314542055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.314615965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.315701008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.315746069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.315799952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.316880941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.316922903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.317003012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.318088055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.318135023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.318182945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.319247961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.319286108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.319288969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.320451021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.320496082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.320523977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.321656942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.321700096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.321721077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.368634939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.455950975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.456059933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.456109047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.456492901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.456589937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.456629038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.457672119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.457724094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.457770109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.458842039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.459223986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.459270954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.459338903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.460427046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.460469961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.460536957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.461622000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.461664915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.461695910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.462798119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.462842941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.462872982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.463975906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.464021921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.464068890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.465177059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.465221882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.465290070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.466352940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.466399908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.466460943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.467550993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.467593908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.467634916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.468764067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.468807936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.468898058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.469926119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.469969034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.470016956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.471093893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.471139908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.471256971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.472304106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.472348928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.472384930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.473496914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.473537922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.473557949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.474654913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.474701881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.474786997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.475873947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.475924969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.475996971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.477025986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.477075100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.477268934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.478218079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.478271008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.478297949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.479399920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.479438066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.479448080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.480590105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.480638027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.480709076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.481796980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.481842041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.481959105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.482954025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.482996941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.483077049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.484152079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.484205961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.484316111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.485348940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.485399008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.485404015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.486524105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.486572981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.486658096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.487718105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.487767935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.487823963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.488903999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.488951921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.489042044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.490111113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.490148067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.490246058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.491262913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.491305113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.491348982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.492456913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.492503881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.492556095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.493639946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.493676901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.493812084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.494834900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.494878054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.494955063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.496038914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.496082067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.496202946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.497191906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.497240067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.497261047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.498403072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.498450041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.498523951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.499577045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.499619961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.499780893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.500749111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.500793934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.500921965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.501972914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.502032995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.502119064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.503118992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.503163099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.503283978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.504300117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.504343987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.504447937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.505479097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.505520105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.505539894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.506750107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.506789923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.506823063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.507863045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.507905960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.508021116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.509048939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.509094000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.509162903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.510253906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.510293007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.510346889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.511406898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.511447906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.511508942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.512626886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.512669086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.512716055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.513803005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.513844967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.513961077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.514986038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.515022993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.515060902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.516175032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.516216993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.516223907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.517343044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.517393112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.517472982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.571804047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.648004055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.648024082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.648091078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.648340940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.648447990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.648507118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.649517059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.649645090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.649689913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.650747061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.650757074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.650799036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.651529074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.651752949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.651801109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.652736902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.652820110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.652863979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.653924942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.654026985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.654083014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.655097008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.655153036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.655200005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.656280041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.656414032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.656455994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.657488108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.657614946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.657658100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.658663034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.658809900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.658852100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.659851074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.659955025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.660005093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.661050081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.661148071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.661190987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.662225962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.662390947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.662434101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.663413048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.663458109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.663503885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.664668083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.664690971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.664732933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.665761948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.665844917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.665889025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.666989088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.667114973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.667155981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.668152094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.668253899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.668318033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.669336081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.669441938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.669487953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.670512915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.670619011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.670661926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.671688080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.671799898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.671844959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.672928095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.673022032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.673063993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.674182892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.674194098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.674231052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.675260067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.675395966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.675442934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.676472902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.676511049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.676549911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.677653074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.677748919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.677791119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.678828001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.678944111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.678988934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.680001974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.680039883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.680078983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.681190968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.681269884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.681312084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.682399988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.682502985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.682537079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.683574915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.683665037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.683701038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.684745073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.684807062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.684851885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.685936928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.686028004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.686074972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.687169075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.687273979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.687329054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.688354969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.688543081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.688582897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.689481974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.689591885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.689635992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.690674067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.690797091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.690838099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.691871881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.691965103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.692008018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.693059921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.693181992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.693226099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.694242954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.694336891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.694380999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.695429087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.695539951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.695580006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.696618080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.696765900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.696808100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.697797060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.697926044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.697962046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.698971033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.699111938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.699157000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.700196981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.700232983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.700274944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.701404095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.701524973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.701567888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.702543020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.702667952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.702706099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.703758955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.703828096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.703875065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.704929113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.705032110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.705075979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.706098080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.706209898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.706254005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.707309961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.707428932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.707474947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.708519936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.708636999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.708676100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.709676027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.709697962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.709743023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.840215921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.840266943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.840329885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.840756893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.840832949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.840882063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.841984034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.842396021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.842432976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.842717886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.843537092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.843578100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.843600035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.844712973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.844755888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.844799042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.845901012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.845941067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.846009016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.847074032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.847126961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.847166061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.848269939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.848309994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.848382950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.849452972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.849492073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.849560976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.850629091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.850667953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.850718021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.851819038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.851855040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.851963043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.853005886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.853043079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.853104115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.854199886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.854243994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.854315996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.855407953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.855458021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.855463982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.856575012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.856616020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.856697083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.857764006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.857800007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.857882023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.858958960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.858997107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.859044075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.860126972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.860176086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.860224962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.861308098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.861350060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.861418009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.862499952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.862535954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.862601042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.863673925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.863709927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.863753080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.864866972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.864905119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.864952087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.866041899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.866080046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.866127014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.867240906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.867275953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.867276907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.868438959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.868479967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.868546009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.869632959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.869676113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.869740963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.870834112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.870874882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.870887041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.871967077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.872005939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.872071028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.873229980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.873274088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.873285055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.874365091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.874412060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.874447107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.875565052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.875607014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.875638008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.876713991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.876751900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.876797915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.877919912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.877958059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.878024101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.879091024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.879123926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.879189968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.880265951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.880307913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.880393982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.881485939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.881525040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.881541967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.882651091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.882695913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.882818937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.883867979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.883905888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.883949041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.885026932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.885060072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.885191917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.886214972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.886254072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.886271954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.887397051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.887447119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.887511969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.888585091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.888628006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.888696909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.889769077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.889812946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.889873028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.890957117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.890966892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.890995979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.892138958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.892184973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.892261982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.893424034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.893460035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.893470049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.894509077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.894552946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.894625902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.895697117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.895741940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.895829916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.896883011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.896927118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.896939993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.898066998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.898112059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.898189068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.899257898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.899298906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.899352074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.900450945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.900500059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.900525093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.901638031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.901680946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:27.901706934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:27.946758032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.032370090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.032423973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.032527924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.032938957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.033015013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.033058882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.033860922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.033884048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.033926010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.035062075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.035114050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.035151005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.035686970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.035787106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.035825968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.036988020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.037127018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.037174940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.038079977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.038184881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.038224936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.039232969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.039294958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.039339066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.040410042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.040476084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.040523052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.041603088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.041712999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.041754961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.042804956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.042944908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.042987108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.044002056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.044173956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.044220924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.045193911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.045340061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.045382977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.046358109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.046380997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.046427011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.047555923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.047698021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.047743082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.048713923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.048832893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.048877954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.049959898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.050040960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.050084114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.051101923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.051237106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.051276922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.052309036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.052438974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.052479982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.053458929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.053563118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.053616047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.054651976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.054779053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.054827929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.055856943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.055980921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.056029081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.057045937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.057130098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.057173014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.058214903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.058342934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.058382034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.059402943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.059530973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.059571028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.060586929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.060712099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.060765982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.061773062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.061881065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.061918020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.062958002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.063098907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.063137054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.064156055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.064224958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.064265013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.065373898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.065412998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.065453053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.066509962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.066627979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.066667080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.067711115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.067817926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.067857027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.068861008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.068984985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.069026947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.070247889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.070305109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.070343018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.071258068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.071319103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.071360111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.072464943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.072607040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.072650909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.073631048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.073694944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.073734045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.074816942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.074942112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.074980974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.076035023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.076106071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.076144934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.077215910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.077531099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.077575922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.078388929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.078583002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.078620911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.079533100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.079670906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.079711914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.080749989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.080871105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.080914974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.081934929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.082072020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.082115889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.083120108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.083234072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.083271027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.084295034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.084459066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.084496975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.085474968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.085546970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.085589886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.086719990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.086741924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.086781979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.087868929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.087974072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.088013887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.089204073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.089350939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.089386940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.090234041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.090414047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.090455055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.091411114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.091533899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.091577053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.092602015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.092669010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.092711926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.093780041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.093862057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.093904018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.224548101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.224658966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.224706888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.225135088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.225234985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.225274086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.226303101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.226491928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.226531029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.227448940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.227848053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.227889061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.227957010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.229054928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.229090929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.229171991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.230249882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.230290890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.230375051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.231405973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.231446028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.231467009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.232639074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.232691050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.232753992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.233793020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.233836889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.233896971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.234982967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.235008955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.235032082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.236160040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.236210108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.236270905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.237373114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.237421989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.237449884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.238545895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.238624096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.238653898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.239725113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.239753008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.239778042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.240884066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.240940094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.241014957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.242093086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.242137909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.242201090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.243258953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.243304968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.243371010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.244466066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.244519949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.244561911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.245647907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.245688915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.245768070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.246859074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.246907949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.246937990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.248037100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.248079062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.248107910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.249218941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.249277115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.249305010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.250411034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.250463963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.250485897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.251594067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.251646996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.251715899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.252814054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.252866030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.252873898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.253962040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.254024029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.254055023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.255127907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.255176067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.255284071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.256320000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.256359100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.256407976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.257512093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.257551908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.257591009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.258697033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.258739948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.258805990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.259872913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.259918928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.259978056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.261097908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.261147976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.261161089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.262247086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.262303114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.262377977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.263432980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.263478041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.263497114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.264610052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.264657021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.264683962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.265837908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.265875101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.265904903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.266794920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.266971111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.267016888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.267083883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.268203020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.268244982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.268256903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.269365072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.269406080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.269459963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.270571947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.270605087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.270672083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.271780014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.271820068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.271955967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.272977114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.273014069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.273026943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.274122953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.274168015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.274226904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.275321007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.275356054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.275424957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.276506901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.276549101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.276578903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.277671099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.277708054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.277781010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.278870106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.278908968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.278975964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.280040026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.280092001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.280153036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.281240940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.281285048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.281339884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.282407045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.282452106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.282473087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.283631086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.283668041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.283704996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.284810066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.284847021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.284859896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.286011934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.286022902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.286050081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.337387085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.436925888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.436975956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.437020063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.437211037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.437320948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.437356949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.438452005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.438558102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.438596964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.439625978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.439693928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.439730883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.440471888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.441024065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.441063881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.441653013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.441766024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.441806078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.442815065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.442971945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.443007946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.444025040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.444123983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.444161892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.445198059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.445283890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.445342064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.446449995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.446535110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.446599960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.447587967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.447747946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.447797060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.448751926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.448878050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.448915958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.449959993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.450025082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.450058937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.451138020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.451368093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.451411963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.452317953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.452450037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.452483892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.453510046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.453627110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.453665972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.454715014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.454819918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.454869032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.455883026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.455991030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.456028938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.457055092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.457175016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.457212925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.458249092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.458312035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.458348036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.459424019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.459530115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.459563017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.460599899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.460736036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.460773945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.461827993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.461915970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.461958885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.462971926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.463114023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.463150978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.464173079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.464318037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.464370966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.465354919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.465459108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.465502977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.466586113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.466711998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.466758013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.467758894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.467879057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.467919111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.468909979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.468993902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.469037056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.470124960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.470211029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.470257044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.471321106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.471400023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.471443892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.472471952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.472587109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.472628117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.473661900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.473777056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.473817110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.474853039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.474948883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.474982023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.476026058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.476145983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.476183891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.477219105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.477400064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.477442980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.478389025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.478526115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.478609085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.479593039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.479702950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.479744911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.480777979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.480856895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.480901003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.481981993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.482132912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.482181072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.483143091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.483267069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.483326912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.484313011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.484448910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.484494925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.485518932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.485635042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.485677004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.486702919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.486829996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.486872911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.487922907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.488015890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.488065958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.489166975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.489258051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.489299059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.490269899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.490437031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.490487099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.491452932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.491492033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.491528988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.492636919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.492752075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.492804050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.493952036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.494005919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.494061947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.495012045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.495140076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.495179892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.496201038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.496329069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.496371031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.497387886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.497512102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.497555971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.498560905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.498696089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.498738050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.629096985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.629338980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.629403114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.629679918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.629815102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.629861116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.630861044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.630958080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.631001949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.632033110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.632401943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.632447004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.632525921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.633596897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.633637905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.633688927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.634772062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.634818077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.634849072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.635986090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.636033058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.636101961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.637154102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.637193918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.637254000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.638365030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.638410091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.638437033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.639548063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.639594078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.639708042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.640721083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.640764952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.640811920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.641905069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.641944885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.642009020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.643100977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.643138885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.643181086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.644263029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.644311905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.644359112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.645452023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.645495892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.645572901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.646652937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.646696091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.646747112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.647866011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.647913933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.648129940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.649039030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.649085045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.649477959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.650212049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.650250912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.650320053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.651376009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.651412964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.651510954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.652589083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.652631044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.652692080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.653776884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.653816938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.653930902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.654968977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.655011892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.655040979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.656127930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.656172037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.656233072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.657339096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.657376051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.657437086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.658499002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.658540964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.658611059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.659703016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.659744978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.659815073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.660856009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.660898924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.660959959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.662098885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.662141085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.662220001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.663250923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.663294077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.663364887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.664449930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.664494038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.664515018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.665627003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.665673018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.665730953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.666831017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.666870117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.666902065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.667994022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.668032885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.668087959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.669166088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.669209957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.669281006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.670371056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.670412064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.670456886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.671571016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.671612978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.671669960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.672744989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.672787905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.672867060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.673935890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.673971891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.674045086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.675110102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.675149918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.675226927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.676311016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.676357031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.676449060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.677489996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.677532911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.677599907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.678680897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.678724051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.678807974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.679863930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.679905891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.679945946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.681072950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.681128979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.681148052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.682235956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.682280064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.682368040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.683459997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.683500051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.683520079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.684598923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.684643030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.684700966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.685782909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.685826063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.685895920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.686971903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.687014103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.687092066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.688188076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.688235998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.688257933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.689341068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.689380884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.689441919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.690551043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.690589905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.690622091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.743650913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.821191072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.821293116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.821345091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.821805000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.821908951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.821948051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.822926044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.823065042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.823106050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.824069023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.824457884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.824502945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.824587107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.825666904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.825706959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.825778008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.826860905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.826900959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.827049971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.828108072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.828151941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.828172922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.829243898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.829287052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.829356909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.830406904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.830447912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.830526114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.831609964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.831645966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.831676006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.832776070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.832817078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.832876921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.833964109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.834007025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.834078074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.835163116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.835206032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.835236073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.836347103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.836389065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.836424112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.837552071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.837594986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.837668896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.838732004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.838777065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.838781118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.839912891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.839956999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.840022087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.841078043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.841120005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.841185093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.842267036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.842309952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.842381001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.843442917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.843481064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.843539000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.844641924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.844685078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.844808102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.845839977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.845882893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.845911980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.847017050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.847054958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.847136974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.848196030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.848244905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.848319054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.849396944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.849440098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.849503994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.850599051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.850641012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.850671053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.851779938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.851818085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.851927042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.852946043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.853005886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.853029966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.854096889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.854137897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.854213953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.855340958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.855389118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.855408907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.856515884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.856561899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.856626034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.857702971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.857743979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.857892036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.858911991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.858962059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.858975887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.860065937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.860111952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.860181093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.861244917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.861285925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.861351967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.862445116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.862485886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.862541914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.863631964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.863675117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.863797903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.864811897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.864849091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.864881039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.865979910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.866024017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.866100073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.867197037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.867235899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.867424011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.868365049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.868407011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.868469000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.869554043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.869586945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.869684935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.870747089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.870778084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.870788097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.871915102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.871959925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.872018099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.873132944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.873173952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.873203039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.874355078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.874397993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.874408007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.875483990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.875529051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.875610113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.876667023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.876720905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.876774073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.877868891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.877897024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.877916098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.879029036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.879070044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.879219055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.880213976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.880259037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.880320072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.881407022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.881449938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.881520987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.882577896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.882620096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:28.882651091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:28.931143045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.013319016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.013540983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.013601065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.014008999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.014019012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.014044046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.014060020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.015192986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.015237093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.015333891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.016366959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.016406059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.016537905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.017599106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.017641068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.017690897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.018760920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.018804073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.018832922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.019917965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.019962072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.020015955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.021086931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.021130085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.021194935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.022293091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.022337914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.022403955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.023500919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.023541927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.023571014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.024665117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.024708033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.024739027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.025847912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.025887012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.025964022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.027053118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.027096033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.027146101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.028270960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.028310061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.028433084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.029422045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.029463053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.029565096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.030595064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.030637980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.030689955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.031783104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.031826973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.031907082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.032962084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.033008099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.033077955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.034183979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.034224987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.034390926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.035370111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.035417080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.035470963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.036531925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.036575079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.036624908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.037719011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.037760973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.037813902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.038901091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.038943052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.038973093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.040116072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.040153980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.040210962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.041296005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.041340113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.041372061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.042457104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.042503119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.042516947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.043648005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.043694019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.043741941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.044819117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.044866085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.044977903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.046031952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.046072960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.046150923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.047208071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.047250032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.047300100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.048397064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.048441887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.048521996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.049609900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.049649954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.049669981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.050756931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.050801039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.050832987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.051938057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.051983118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.052058935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.053127050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.053169012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.053232908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.054336071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.054383039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.054405928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.055514097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.055562973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.055623055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.056689024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.056740999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.056797981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.057902098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.057924986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.057952881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.059027910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.059076071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.059154987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.060251951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.060296059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.060380936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.061449051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.061485052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.061506033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.062622070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.062665939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.062740088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.063836098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.063879013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.063954115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.065040112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.065080881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.065651894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.066195965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.066235065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.066288948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.067377090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.067420959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.067442894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.068545103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.068588972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.068659067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.069742918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.069782019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.069850922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.070944071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.070981979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.071005106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.072117090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.072164059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.072249889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.073297977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.073339939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.073406935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.074491024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.074536085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.074556112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.118633986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.205544949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.205636978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.205718040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.206057072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.206258059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.206310034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.207258940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.207390070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.207432985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.208411932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.208806038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.208851099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.208895922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.209996939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.210042953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.210058928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.211169004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.211208105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.211321115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.212351084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.212394953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.212467909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.213551044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.213601112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.213654995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.214737892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.214783907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.214817047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.215954065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.215997934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.216032028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.217114925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.217156887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.217219114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.218327999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.218379974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.218426943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.219527960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.219574928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.219615936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.220698118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.220740080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.221010923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.221859932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.221899033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.221935034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.223061085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.223105907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.223165989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.224221945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.224267006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.224324942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.225389957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.225436926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.225506067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.226572037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.226610899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.226686001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.227803946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.227847099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.227894068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.228956938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.229000092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.229084969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.230168104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.230206966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.230282068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.231360912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.231477022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.231493950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.232526064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.232568026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.232594013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.233725071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.233760118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.233792067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.234914064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.234961033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.235002995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.236099005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.236139059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.236193895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.237293005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.237384081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.237385035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.238471985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.238514900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.238591909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.239650011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.239692926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.239763021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.240844965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.240890026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.240951061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.242003918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.242033958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.242090940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.243197918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.243240118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.243308067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.244388103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.244443893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.244498968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.245610952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.245659113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.245861053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.246788025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.246848106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.246871948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.247960091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.248003960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.248066902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.249125957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.249160051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.249243021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.250343084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.250379086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.250432014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.251504898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.251537085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.251595020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.252752066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.252789021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.252847910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.253864050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.253901005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.253985882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.255053043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.255096912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.255150080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.256231070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.256270885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.256337881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.257416964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.257457972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.257531881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.258631945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.258675098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.258730888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.259829044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.259877920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.259934902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.261039972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.261090040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.261111975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.262162924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.262203932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.262264967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.263385057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.263417959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.263499975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.264569044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.264609098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.264759064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.265750885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.265806913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.265846968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.266921997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.266968966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.266973019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.321755886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.397490025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.397552013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.397602081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.397795916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.397934914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.397973061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.399008989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.399139881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.399183989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.400185108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.400254011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.400304079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.401015043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.401144981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.401184082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.402236938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.402360916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.402401924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.403408051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.403637886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.403681040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.404581070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.404659033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.404699087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.405837059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.405968904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.406013966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.406980038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.407016039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.407048941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.408159018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.408274889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.408313036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.409426928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.409507990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.409550905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.410548925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.410625935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.410669088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.411730051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.411947012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.411984921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.413393021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.413436890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.413477898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.414102077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.414196968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.414239883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.415290117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.415379047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.415420055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.416464090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.416555882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.416596889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.417651892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.417716980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.417756081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.418845892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.418951988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.418997049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.420017958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.420109034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.420145035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.421204090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.421402931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.421442032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.422370911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.422511101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.422553062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.423588991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.423696995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.423739910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.424841881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.424945116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.424983978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.425944090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.426076889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.426116943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.427151918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.427336931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.427378893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.428345919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.428421021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.428461075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.429523945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.429626942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.429666042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.430675030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.430766106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.430813074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.431854010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.431994915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.432039976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.433060884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.433165073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.433208942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.434245110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.434372902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.434415102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.435421944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.435556889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.435599089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.436666965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.436800957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.436844110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.437781096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.437892914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.437932014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.439023972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.439129114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.439165115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.440171957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.440280914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.440321922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.441386938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.441477060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.441514969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.442569971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.442646027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.442683935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.443767071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.443824053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.443865061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.444916964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.445014954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.445055008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.446086884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.446222067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.446264982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.447288036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.447423935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.447463989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.448520899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.448564053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.448606014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.449651003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.449791908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.449832916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.450824976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.450943947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.450985909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.452037096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.452141047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.452181101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.453211069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.453439951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.453480959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.454426050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.454545021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.454585075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.455612898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.455734968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.455773115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.456759930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.456885099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.456922054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.458005905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.458081961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.458122969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.459141970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.459212065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.459258080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.589613914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.589749098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.589808941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.590162992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.590297937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.590342045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.591414928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.591474056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.591516972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.592565060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.592946053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.592988968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.593044043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.594160080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.594217062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.594234943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.595329046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.595375061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.595495939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.596487999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.596539021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.596647978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.597678900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.597718954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.597733974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.598866940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.598915100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.598980904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.600068092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.600116968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.600161076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.601203918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.601250887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.601324081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.602416039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.602458954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.602530003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.603596926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.603657961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.603672028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.604799986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.604841948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.604973078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.605994940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.606033087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.606092930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.607171059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.607217073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.607264042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.608355999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.608402967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.608504057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.609551907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.609600067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.609635115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.610685110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.610733986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.610810041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.611934900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.611983061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.612087965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.613084078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.613133907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.613154888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.614296913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.614348888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.614413023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.615480900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.615525961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.615592957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.616641045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.616679907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.616755962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.617849112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.617886066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.617959976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.619050026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.619095087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.619113922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.620206118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.620249987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.620311975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.621393919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.621443033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.621510983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.622615099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.622658968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.622740030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.623754025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.623805046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.623883009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.624931097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.624974012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.625046015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.626135111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.626177073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.626235008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.627334118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.627372980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.627434015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.628562927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.628607035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.628683090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.629690886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.629734039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.629812002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.630867004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.630906105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.630928040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.632085085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.632132053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.632210016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.633253098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.633294106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.633382082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.634458065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.634500027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.634607077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.635649920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.635694027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.635936975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.636790991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.636831999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.636902094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.637996912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.638042927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.638108969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.639204979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.639247894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.639267921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.640367031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.640408993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.640444040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.641545057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.641590118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.641659021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.642743111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.642781973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.642854929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.643913031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.643955946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.643975019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.645102978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.645148993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.645207882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.646289110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.646332026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.646385908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.647471905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.647520065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.647600889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.648679972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.648722887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.648780107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.649853945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.649893999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.649985075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.651048899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.651091099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.651119947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.696805954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.781656027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.781702995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.781754017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.781979084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.782089949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.782134056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.783169031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.783255100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.783297062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.784346104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.784466028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.784507990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.785219908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.785393953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.785432100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.786387920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.786514044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.786561966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.787583113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.787708998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.787749052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.788794041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.788897991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.788939953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.789953947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.790055990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.790097952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.791251898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.791395903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.791444063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.792387009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.792459965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.792501926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.793567896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.793623924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.793669939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.794672966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.794838905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.794878960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.795914888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.796006918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.796056032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.797064066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.797205925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.797247887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.798279047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.798393011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.798439026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.799458027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.799582958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.799624920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.800612926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.800740004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.800779104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.801820040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.801951885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.801994085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.803004026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.803105116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.803144932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.804172039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.804280043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.804321051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.805378914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.805454016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.805497885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.806556940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.806668997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.806708097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.807738066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.807967901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.808007002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.808938026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.809046984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.809092999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.810100079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.810211897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.810257912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.811281919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.811392069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.811429024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.812482119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.812572956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.812614918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.813663960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.813765049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.813802958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.814858913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.814949036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.814991951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.816059113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.816158056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.816200972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.817255974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.817342043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.817387104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.818414927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.818532944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.818572998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.819581032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.819695950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.819740057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.820776939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.820920944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.820959091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.821974039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.822065115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.822105885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.823136091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.823199987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.823237896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.824341059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.824491978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.824537992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.825548887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.825696945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.825736046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.826718092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.826837063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.826874018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.827924967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.828056097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.828095913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.829066038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.829226971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.829267979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.830465078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.830538034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.830581903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.831465006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.831578970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.831626892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.832621098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.832743883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.832787991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.833848953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.833969116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.834003925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.835005999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.835160971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.835203886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.836229086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.836405993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.836455107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.837404013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.837541103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.837585926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.838582993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.838692904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.838733912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.839803934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.839931965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.839981079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.840970993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.841084957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.841126919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.842128992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.842263937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.842305899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.843333960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.843417883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.843461037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.973927975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.974009037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.974064112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.974419117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.974539995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.974601030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.975599051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.975744009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.975799084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.976752996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.977150917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.977195024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.977389097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.978357077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.978398085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.978447914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.979542971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.979583979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.979635954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.980722904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.980765104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.980784893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.981885910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.981930971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.982000113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.983056068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.983098030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.983175039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.984271049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.984309912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.984363079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.985459089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.985507011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.985522985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.986605883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.986649036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.986735106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.987852097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.987894058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.987950087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.989006996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.989053011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.989111900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.990187883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.990233898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.990278959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.991364956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.991406918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.991502047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.992568016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.992608070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.992676973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.993788004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.993833065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.993881941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.994952917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.994997025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.995053053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.996139050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.996186018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.996252060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.997339964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.997385979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.997889042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.998514891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.998558044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.998594046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.999695063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:29.999737978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:29.999816895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.000879049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.000922918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.000977993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.002053976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.002101898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.002172947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.003232956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.003281116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.003323078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.004414082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.004453897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.004548073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.005614042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.005657911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.005723953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.006789923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.006834030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.006896019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.007976055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.008019924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.008071899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.009166956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.009213924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.009294987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.010349989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.010396004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.010448933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.011554003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.011591911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.011605024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.012764931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.012808084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.012830019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.013921976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.013961077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.013984919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.015093088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.015141010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.015218019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.016271114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.016311884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.016397953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.017488956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.017534971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.017580986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.018645048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.018692017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.018774033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.019821882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.019866943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.019901037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.021056890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.021100998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.021157026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.022232056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.022274971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.022294044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.023411989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.023456097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.023530960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.024630070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.024673939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.024754047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.025784016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.025826931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.025861979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.026961088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.027009964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.027062893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.028182030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.028220892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.028235912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.029380083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.029427052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.029478073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.031280041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.031333923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.031419039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.031707048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.031752110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.031800032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.032913923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.032958031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.033020020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.034071922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.034113884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.034164906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.035290003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.035300970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.035329103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.087392092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.166260004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.166368961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.166418076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.166793108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.166922092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.166975021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.168010950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.168102980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.168145895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.169218063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.169558048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.169599056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.169634104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.170758009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.170803070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.170854092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.171940088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.171978951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.172027111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.173105001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.173147917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.173223019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.174331903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.174375057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.174402952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.175481081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.175527096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.175601006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.176662922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.176703930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.176759958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.177860975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.177903891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.177963018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.179047108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.179090023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.179126024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.180223942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.180264950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.180332899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.181411982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.181451082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.181505919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.182615042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.182653904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.182687044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.183773994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.183820009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.183872938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.184947968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.184989929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.185069084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.186187029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.186229944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.186285019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.187344074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.187383890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.187431097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.188534021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.188575983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.188637972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.189764023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.189805031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.189821005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.190900087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.190943956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.191009045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.192075968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.192116022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.192255020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.193295956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.193341017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.193396091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.194495916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.194533110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.194607019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.195658922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.195699930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.195722103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.196842909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.196888924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.197061062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.198049068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.198091030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.198146105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.199215889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.199253082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.199323893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.200400114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.200445890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.200476885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.201565027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.201606035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.201668024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.202769995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.202814102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.202876091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.203963995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.204006910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.204039097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.205193043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.205238104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.205312967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.206345081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.206382990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.206407070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.207529068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.207572937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.207623959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.208709002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.208754063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.208800077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.209928036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.209970951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.209995031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.211072922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.211113930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.211139917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.212239981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.212277889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.212301016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.213469028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.213506937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.213591099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.214648962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.214692116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.214762926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.215815067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.215857029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.215943098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.217029095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.217073917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.217120886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.218218088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.218261003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.218269110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.219389915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.219430923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.219444036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.220558882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.220603943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.220690966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.221750021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.221786976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.221853018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.222908020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.222949982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.222975016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.224100113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.224143028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.224203110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.225282907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.225322008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.225377083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.226526022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.226566076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.226618052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.227689028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.227732897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.227763891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.274893045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.362823009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.362863064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.362936974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.363401890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.363523006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.363574982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.364593983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.364692926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.364736080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.365752935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.365817070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.365864038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.366925001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.367001057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.367041111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.368124962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.368218899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.368261099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.369343996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.369419098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.369462013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.370487928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.370596886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.370642900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.371674061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.371798038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.371839046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.372890949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.373009920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.373075962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.374063015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.374136925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.374180079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.375240088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.375375032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.375413895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.376446962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.376554966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.376599073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.377638102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.377801895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.377846956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.378825903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.378947020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.378987074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.379987001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.380094051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.380140066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.381174088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.381309986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.381352901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.382342100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.382450104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.382492065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.383534908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.383650064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.383694887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.384743929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.384881973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.384922981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.385921001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.386029959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.386071920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.387141943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.387284040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.387331009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.388339043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.388418913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.388463974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.389473915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.389597893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.389638901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.390674114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.390778065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.390819073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.391881943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.392029047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.392076015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.393028021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.393165112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.393204927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.394217014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.394320011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.394361973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.395401955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.395539045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.395584106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.396585941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.396684885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.396727085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.397789001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.397892952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.397938967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.398971081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.399076939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.399117947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.400130987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.400254011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.400300026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.401333094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.401391983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.401434898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.402503014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.402609110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.402648926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.403692007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.403954029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.403995991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.404901028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.404967070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.405010939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.406081915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.406163931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.406207085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.407265902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.407411098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.407453060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.408452988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.408570051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.408612967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.409651995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.409784079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.409831047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.410828114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.410931110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.410975933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.412039995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.412148952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.412194014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.413182020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.413312912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.413362980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.414380074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.414499044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.414542913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.415622950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.415716887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.415760040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.416734934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.416867018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.416912079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.417923927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.418040037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.418082952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.419125080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.419264078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.419308901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.420284986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.420399904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.420444012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.421492100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.421612024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.421653986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.422660112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.422751904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.422795057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.423883915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.424005032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.424052000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.424984932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.478046894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.555114985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.555159092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.555210114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.555649042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.555694103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.555732965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.556811094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.556902885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.556951046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.557961941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.558106899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.558155060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.559138060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.559292078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.559333086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.560332060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.560437918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.560477972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.561513901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.561619997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.561659098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.562691927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.562828064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.562877893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.563863993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.563997984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.564043999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.565074921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.565196037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.565239906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.566262960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.566401005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.566452026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.567473888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.567703009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.567750931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.568629026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.568757057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.568803072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.569874048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.570317030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.570358992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.571038961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.571289062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.571331978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.572192907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.572304964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.572357893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.573375940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.573451996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.573497057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.574558020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.574649096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.574691057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.575768948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.575903893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.575943947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.576980114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.577083111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.577126026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.578155041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.578321934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.578361988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.579339027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.579483032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.579521894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.580507994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.580653906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.580691099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.581691027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.581809998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.581857920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.582889080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.583076000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.583116055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.584088087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.584163904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.584202051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.585361004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.585520983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.585566044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.586416006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.586534023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.586584091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.587661028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.587794065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.587840080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.588836908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.588972092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.589015961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.590045929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.590250969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.590291023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.591206074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.591370106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.591417074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.592391968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.592514992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.592559099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.593586922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.593739986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.593781948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.594764948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.594949961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.594994068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.596003056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.596168041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.596210957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.597171068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.597364902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.597408056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.598321915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.598381996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.598428965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.599510908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.599667072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.599710941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.600738049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.600895882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.600941896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.601880074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.602022886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.602066040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.603121996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.603261948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.603302956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.604274035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.604389906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.604428053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.605484962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.605660915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.605710983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.606597900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.606744051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.606794119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.607815027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.607902050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.607944012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.608967066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.609005928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.609045029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.610145092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.610239983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.610284090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.611361980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.611460924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.611510038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.612503052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.612602949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.612649918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.613687992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.613816977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.613861084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.614864111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.614960909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.615005016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.616081953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.616251945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.616296053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.617362022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.665507078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.747188091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.747329950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.747379065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.747451067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.747522116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.747556925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.748673916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.748691082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.748728037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.749849081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.749939919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.749978065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.751200914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.751219034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.751252890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.752208948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.752334118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.752371073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.753400087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.753479958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.753515005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.754590034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.754729033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.754764080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.755776882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.755882978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.755920887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.756963015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.757416964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.757448912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.758254051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.758363008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.758434057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.759326935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.759445906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.759512901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.760521889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.760628939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.760668993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.761682034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.761804104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.761843920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.762876034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.762981892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.763032913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.764064074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.764173031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.764206886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.765270948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.765408039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.765451908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.766446114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.766550064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.766587973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.767615080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.767716885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.767756939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.768810034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.768887043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.768927097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.769985914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.770159960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.770199060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.771173000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.771250963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.771287918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.772372961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.772561073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.772599936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.773571968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.773664951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.773703098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.774744034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.774851084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.774903059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.775959015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.776034117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.776077986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.777112961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.777214050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.777252913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.778354883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.778485060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.778525114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.779496908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.779565096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.779599905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.780658960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.780819893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.780855894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.781845093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.781996012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.782035112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.783024073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.783175945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.783212900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.784233093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.784327030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.784369946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.785432100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.785542011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.785584927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.786609888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.786679983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.786719084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.787822008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.787925959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.787971020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.788976908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.789041996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.789082050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.790158033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.790277958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.790317059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.791379929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.791552067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.791590929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.792507887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.792644024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.792679071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.793725967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.793848991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.793888092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.794904947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.795041084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.795078993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.796087027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.796197891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.796237946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.797267914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.797385931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.797425985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.798481941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.798567057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.798599958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.799660921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.799781084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.799818993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.800828934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.800972939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.801014900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.802011013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.802144051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.802185059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.803186893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.803296089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.803328991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.804373980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.804436922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.804476023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.805582047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.805618048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.805660009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.806761980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.806860924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.806899071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.807949066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.808104038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.808137894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.809123039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.834012032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.939625025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.939826012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.939883947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.940112114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.940208912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.940248966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.941282988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.941360950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.941401005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.942506075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.942523003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.942560911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.943685055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.943826914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.943871021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.944866896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.945316076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.945359945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.946037054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.946114063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.946155071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.947228909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.947509050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.947551966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.948420048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.948472023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.948508024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.949599028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.949677944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.949717045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.950784922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.950905085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.950938940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.951955080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.952008963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.952049017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.953160048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.953315020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.953351021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.954322100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.954397917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.954433918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.955540895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.955636024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.955676079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.956717968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.956967115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.957005024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.957942009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.958024979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.958061934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.959095955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.959584951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.959629059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.960259914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.960885048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.960918903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.961466074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.961508989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.961549044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.962654114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.962917089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.962960958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.963821888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.963876009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.963908911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.965065002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.965111971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.965151072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.966195107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.966258049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.966296911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.967386961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.967439890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.967478991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.968580008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.968709946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.968746901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.969753981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.969932079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.969968081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.970946074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.971012115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.971050024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.972121954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.972785950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.972824097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.973340034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.973434925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.973469973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.974514008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.974591017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.974628925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.975711107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.975775957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.975814104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.976917982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.977147102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.977181911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.978056908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.978185892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.978220940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.979269981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.979397058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.979438066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.980411053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.980485916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.980525017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.981667995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.981703997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.981736898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.982809067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.982875109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.982916117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.984025002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.984201908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.984242916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.985208988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.985264063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.985304117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.986350060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.986417055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.986454010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.987557888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.987982988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.988024950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.988764048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.988805056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.988843918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.989974976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.990081072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.990117073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.991168022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.991178989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.991219044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.992307901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.992424965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.992466927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.993484974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.993520975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.993555069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.994651079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.994755983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.994797945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.995878935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.996010065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.996047020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.997092009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.997256994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.997289896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.998228073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.998402119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:30.998440027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:30.999416113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.000118017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.000159025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.000587940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.000998974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.001034021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.001769066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.056140900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.131654024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.131859064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.131920099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.132241964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.132534027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.132576942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.133383036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.133949995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.134005070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.134582043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.135416985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.135464907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.135776997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.136081934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.136125088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.136955976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.137759924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.137806892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.138159990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.138171911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.138209105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.139327049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.139455080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.139494896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.140605927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.141695976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.141707897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.141740084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.141789913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.141832113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.142868042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.144128084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.144140005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.144164085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.144174099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.144207001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.145220041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.146466970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.146477938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.146517992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.146529913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.146568060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.147659063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.147975922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.148027897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.148850918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.150036097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.150044918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.150070906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.150084972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.150120974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.151218891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.151231050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.151277065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.152370930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.152591944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.152637005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.153570890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.154187918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.154237032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.154757023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.154773951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.154817104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.156008005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.156018972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.156061888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.157144070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.157780886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.157819986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.158333063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.158341885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.158380985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.159575939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.159894943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.159939051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.160676956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.161288023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.161326885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.161884069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.161894083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.161928892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.163089991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.163100958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.163141966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.164225101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.164458036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.164504051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.165462017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.166080952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.166134119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.166577101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.167809963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.167850018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.167871952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.167881966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.167924881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.168972015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.169728994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.169775009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.170196056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.170205116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.170242071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.171382904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.171391964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.171432972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.172523975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.173738003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.173748016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.173789024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.173803091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.173847914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.174902916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.175821066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.175868034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.176127911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.176137924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.176172972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.177298069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.177411079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.177449942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.178488016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.179666996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.179676056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.179708958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.179723024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.179759026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.180826902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.181220055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.181268930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.182101011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.182111979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.182145119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.183234930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.183254004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.183299065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.184390068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.184524059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.184566021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.185630083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.185640097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.185677052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.186805010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.186815977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.186866999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.187952995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.188093901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.188129902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.189121962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.189228058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.189275026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.190335989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.190850019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.190891027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.191514969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.191530943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.191560984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.192681074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.193882942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.193892956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.193919897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.243652105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.323726892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.323829889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.323887110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.324067116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.324171066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.324225903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.325220108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.325320005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.325364113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.326422930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.326575041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.326621056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.327606916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.327851057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.327894926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.328771114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.328836918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.328877926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.329982996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.330147982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.330193043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.331146002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.331202984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.331257105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.332360029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.332451105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.332496881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.333540916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.333817005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.333859921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.334687948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.335894108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.335948944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.335967064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.335977077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.336019993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.337088108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.337169886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.337223053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.338294983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.338368893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.338417053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.339462042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.340163946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.340220928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.340636015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.341618061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.341670990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.341878891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.341892004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.341928005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.343013048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.343070984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.343112946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.344219923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.344888926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.344935894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.345375061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.345788002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.345834017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.346596003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.346607924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.346643925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.347770929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.348140001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.348181963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.348948956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.349180937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.349224091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.350111961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.350554943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.350601912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.351377010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.351417065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.351464987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.352489948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.352713108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.352746010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.353688002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.353933096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.353977919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.354888916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.355304003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.355356932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.356156111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.356321096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.356363058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.357269049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.357402086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.357445002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.358454943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.359637022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.359647036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.359678984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.359745979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.359823942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.360804081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.362029076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.362039089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.362075090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.362087011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.362121105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.363173962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.363435030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.363483906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.364458084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.364537001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.364583015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.365571022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.365936041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.365986109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.366748095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.367248058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.367290020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.367943048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.368063927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.368115902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.369105101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.369200945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.369241953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.370316029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.370337009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.370377064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.371495008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.372123003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.372179985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.372651100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.372982025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.373028994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.373846054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.374789000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.374825954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.375113964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.375124931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.375166893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.376259089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.377163887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.377207041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.377438068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.377453089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.377495050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.378601074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.379865885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.379875898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.379888058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.379913092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.379945993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.380966902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.381690025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.381740093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.382179976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.382318020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.382356882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.383382082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.383393049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.383441925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.384563923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.385404110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.385446072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.385715961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.431139946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.516064882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.516166925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.516212940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.516598940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.516712904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.516757965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.518579960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.518594980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.518630028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.519676924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.519687891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.519728899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.520771980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.520782948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.520824909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.521347046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.521465063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.521506071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.522460938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.523091078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.523139000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.524322033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.524333954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.524369955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.524854898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.525135040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.525178909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.526036024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.526457071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.526501894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.527195930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.527775049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.527812958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.528430939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.528594017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.528639078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.529619932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.529630899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.529671907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.530807972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.530818939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.530862093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.531953096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.532083035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.532124043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.533132076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.534368038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.534379005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.534418106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.534427881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.534466028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.535518885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.535898924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.535938025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.536688089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.537797928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.537851095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.537915945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.537930012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.537974119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.539060116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.540116072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.540167093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.540296078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.540313959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.540369987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.541593075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.541604996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.541654110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.542638063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.543844938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.543858051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.543880939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.543889999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.543922901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.547467947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.547487974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.547538042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.547550917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.547563076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.547574997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.547604084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.547868013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.547914028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.548585892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.550403118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.550415039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.550451994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.550997972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.551047087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.552093983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.552639961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.552651882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.552665949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.552675009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.552694082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.553323030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.554100037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.554147005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.554713964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.554723978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.554766893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.556055069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.556066036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.556124926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.556864023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.557795048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.557837009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.558099031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.558110952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.558147907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.559289932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.559300900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.559348106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.560426950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.560590029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.560677052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.561635017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.562839031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.562849045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.562899113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.562911034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.562947989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.563997984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.564832926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.564878941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.565150023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.566277027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.566323996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.566379070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.566389084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.566438913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.567533970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.567805052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.567864895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.568727970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.568840027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.568880081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.569892883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.572926044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.572976112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.573277950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.574059963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.574105978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.574456930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.574465990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.574475050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.574492931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.574506044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.574541092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.574651003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.575839996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.575850964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.575892925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.575997114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.576040983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.577914953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.579253912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.579304934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.579431057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.618689060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.708102942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.708390951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.708553076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.708693027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.708885908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.708933115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.709836006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.710692883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.710736990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.711046934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.711056948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.711098909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.712249994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.713346004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.713404894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.713455915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.713465929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.713502884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.714585066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.714971066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.715019941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.715804100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.715814114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.715862036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.716954947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.717768908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.717827082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.718178988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.718188047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.718235016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.719405890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.719415903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.719470024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.720513105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.721013069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.721065998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.721704960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.723215103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.723226070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.723237991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.723303080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.724061966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.725312948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.725323915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.725373983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.725385904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.725435972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.726432085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.727669001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.727679014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.727726936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.727740049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.727776051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.728832960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.728920937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.728976011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.730030060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.731216908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.731225967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.731266022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.731277943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.731307030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.732373953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.732467890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.732502937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.733557940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.733705997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.733742952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.734734058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.734899044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.734939098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.736000061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.736008883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.736051083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.737154007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.737792015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.737845898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.738343000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.738353968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.738390923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.739509106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.740078926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.740124941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.740670919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.741902113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.741918087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.741950989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.741964102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.741997957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.743041039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.744096994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.744144917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.744254112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.745490074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.745501995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.745534897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.745580912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.745625019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.746615887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.747840881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.747852087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.747889042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.747935057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.747972012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.748972893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.750191927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.750201941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.750238895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.750271082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.750310898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.751337051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.751502037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.751542091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.752558947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.752854109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.752902985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.753729105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.753873110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.753920078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.754914999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.755006075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.755048037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.756083965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.756201029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.756241083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.757303953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.757314920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.757352114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.758508921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.759682894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.759692907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.759727001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.759752035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.759794950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.760816097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.762065887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.762075901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.762115002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.762126923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.762166023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.763226032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.764058113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.764101982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.764427900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.764437914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.764471054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.765628099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.765636921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.765675068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.766804934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.766817093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.766869068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.767942905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.768057108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.768100977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.769191027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.770323038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.770334959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.770374060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.900152922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.900325060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.900412083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.900437117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.900513887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.900557995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.901679993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.901808977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.901854038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.902859926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.904055119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.904097080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.904124022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.904134989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.904181004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.905185938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.906399012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.906409025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.906454086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.906466007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.906503916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.907635927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.907645941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.907680988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.908744097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.909343958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.909394979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.909939051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.911151886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.911160946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.911190987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.911211967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.911258936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.912420988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.912632942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.912677050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.913528919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.913538933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.913573980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.914684057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.915685892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.915733099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.915884972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.915894985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.915932894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.917030096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.917932034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.917978048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.918226957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.919444084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.919456005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.919495106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.919508934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.919548988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.920588017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.921061039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.921098948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.921858072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.921866894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.921907902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.923032045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.923043966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.923075914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.924216032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.925394058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.925435066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.925579071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.925586939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.925621986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.926598072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.926608086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.926645994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.927830935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.927839994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.927880049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.928942919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.930144072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.930152893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.930191994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.930248022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.930290937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.931298971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.932003021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.932053089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.932517052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.932527065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.932565928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.933798075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.934545994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.934592009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.934848070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.936069012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.936079025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.936125040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.936146975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.936187983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.937236071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.937932014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.937978029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.938447952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.938458920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.938493967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.939738989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.939749956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.939788103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.940819025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.941998005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.942008972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.942049980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.942068100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.942107916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.943162918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.943330050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.943380117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.944339991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.945534945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.945545912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.945575953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.945625067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.945669889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.946719885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.947782040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.947900057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.947937012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.947947025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.947984934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.949086905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.950076103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.950124979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.950263023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.950434923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.950479984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.951492071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.951948881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.951988935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.952641010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.953115940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.953164101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.953830957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.953840017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.953877926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.954991102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.956223965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.956234932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.956274033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.956285000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.956322908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.957458973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.957468987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.957513094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.958615065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.959778070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.959786892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.959817886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.959872007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.959916115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.960942984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.961050034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:31.961095095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:31.962131977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.009342909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.092730045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.092763901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.092777014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.092818975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.092919111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.092962027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.093895912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.093986034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.094034910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.095060110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.095161915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.095206976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.096236944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.096338987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.096379042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.097409010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.097538948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.097583055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.098614931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.098757982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.098803997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.099793911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.099934101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.099976063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.100987911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.101118088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.101159096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.102206945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.102269888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.102314949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.103342056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.103436947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.103482008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.104526997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.104655981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.104697943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.105715036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.105825901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.105866909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.106916904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.106996059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.107038021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.108112097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.108211994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.108258009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.109272003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.109380960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.109426975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.110477924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.110600948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.110637903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.111649036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.111752987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.111793041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.112827063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.112936020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.112981081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.114075899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.114208937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.114255905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.115190983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.115310907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.115359068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.116378069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.116516113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.116564035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.117587090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.117669106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.117710114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.118762970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.118892908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.118933916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.119968891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.120085001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.120130062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.121141911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.121339083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.121383905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.122344971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.122422934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.122467041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.123513937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.123615026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.123653889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.124691963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.124800920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.124850988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.125876904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.125978947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.126020908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.127074003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.127208948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.127260923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.128249884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.128391981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.128436089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.129447937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.129576921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.129620075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.130620003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.130732059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.130769968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.131827116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.131973982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.132008076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.133004904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.133151054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.133196115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.134171009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.134315014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.134366989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.135524988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.135693073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.135736942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.136554956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.136658907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.136697054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.137741089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.137868881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.137912035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.138940096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.139067888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.139111042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.140108109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.140238047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.140283108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.141299009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.141388893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.141433001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.142481089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.142755985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.142800093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.143696070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.143810987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.143857956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.144876957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.144974947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.145020008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.146060944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.146195889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.146240950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.147222042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.147360086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.147404909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.148410082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.148549080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.148590088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.149597883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.149727106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.149770021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.150794029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.150923967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.150971889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.151992083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.152240038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.152283907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.153196096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.153309107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.153354883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.154355049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.196783066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.284812927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.284904957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.284957886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.285398960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.285501003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.285547972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.286576033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.286731958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.286775112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.287769079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.287899971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.287947893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.288913012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.289024115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.289071083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.290119886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.290219069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.290258884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.291301966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.291419983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.291464090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.292506933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.292625904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.292666912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.293675900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.293787956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.293827057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.294841051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.294976950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.295017004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.296044111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.296145916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.296183109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.297219038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.297339916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.297383070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.298412085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.298495054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.298542023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.299603939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.299715996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.299757004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.300787926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.300870895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.300913095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.301960945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.302095890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.302139044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.303132057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.303256989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.303298950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.304335117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.304408073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.304447889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.305530071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.305660009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.305706024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.306729078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.306822062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.306865931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.307908058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.308011055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.308053970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.309072018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.309181929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.309222937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.310318947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.310425997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.310467005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.311444998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.311566114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.311606884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.312637091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.312763929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.312805891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.313827991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.313931942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.313970089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.315016985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.315126896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.315176010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.316220045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.316323042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.316370010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.317394972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.317529917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.317574978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.318577051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.318706036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.318749905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.319773912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.319860935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.319905996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.320966959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.321084976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.321126938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.322123051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.322241068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.322284937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.323321104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.323406935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.323448896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.324492931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.324605942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.324650049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.325685978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.325803041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.325845957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.326880932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.326983929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.327028036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.328063011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.328181028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.328224897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.329233885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.329355001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.329401016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.330434084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.330527067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.330566883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.331634998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.331733942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.331774950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.332793951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.332912922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.332952023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.334412098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.334539890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.334580898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.335170031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.335267067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.335300922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.336359978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.336481094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.336524010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.337543964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.337675095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.337714911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.338746071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.338846922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.338903904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.339921951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.340037107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.340085983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.341113091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.341213942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.341263056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.342319965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.342432022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.342473984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.343471050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.343605042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.343656063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.344654083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.344769955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.344810963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.345856905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.345978022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.346019030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.347007990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.399908066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.476991892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.477111101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.477159977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.477531910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.477605104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.477648973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.478715897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.478818893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.478863955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.479881048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.479999065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.480042934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.481069088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.481161118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.481204033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.482239962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.482348919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.482392073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.483503103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.483562946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.483606100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.484631062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.484721899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.484769106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.485821962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.485929012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.485972881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.487020016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.487159014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.487202883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.488183975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.488306046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.488353014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.489362001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.489490986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.489537001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.490567923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.490736008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.490780115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.491751909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.491851091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.491894960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.492911100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.493010044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.493056059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.494102001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.494226933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.494275093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.495310068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.495512009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.495558977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.496488094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.496619940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.496668100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.497677088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.497812986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.497857094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.498847961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.498954058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.498996973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.500052929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.500168085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.500211954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.501214981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.501365900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.501404047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.502432108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.502531052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.502582073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.503616095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.503694057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.503741026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.504782915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.504879951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.504920959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.505964041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.506083965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.506127119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.507162094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.507260084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.507316113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.508343935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.508447886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.508492947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.509540081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.509653091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.509696007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.510723114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.510817051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.510859013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.511883974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.512021065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.512062073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.513072968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.513196945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.513241053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.514262915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.514364004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.514409065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.515487909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.515633106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.515676975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.516699076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.516805887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.516848087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.517838001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.517975092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.518023968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.519015074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.519119024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.519162893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.520195961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.520323038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.520366907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.521401882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.521512985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.521558046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.522559881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.522696018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.522741079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.523758888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.523900032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.523942947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.525002003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.525087118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.525130033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.526134014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.526253939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.526297092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.527324915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.527424097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.527470112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.528542995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.528682947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.528723955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.529685974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.529787064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.529833078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.530888081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.531011105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.531053066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.532088995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.532160997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.532202959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.533266068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.533368111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.533413887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.534451962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.534598112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.534641981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.535650969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.535775900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.535839081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.536808014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.537009001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.537090063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.538011074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.538122892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.538170099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.539119005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.587444067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.668987989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.669091940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.669146061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.669323921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.669455051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.669506073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.670506954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.670602083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.670648098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.671674967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.671766996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.671813011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.672848940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.672981024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.673024893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.674072981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.674127102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.674176931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.675220966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.675345898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.675390959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.676400900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.676510096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.676556110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.677587032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.677778006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.677815914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.678791046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.678847075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.678894997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.679965973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.680074930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.680140018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.681148052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.681258917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.681309938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.682336092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.682427883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.682471991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.683506012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.683628082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.683672905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.684695005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.684815884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.684861898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.685904980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.685986996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.686029911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.687109947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.687256098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.687299013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.688262939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.688405991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.688447952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.689496040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.689610004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.689652920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.690649033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.690743923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.690789938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.691831112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.691935062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.691977978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.693368912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.693480015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.693531036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.694214106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.694324970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.694371939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.695395947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.695514917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.695561886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.696561098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.696691990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.696751118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.697798967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.697946072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.697987080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.698945045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.699084997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.699127913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.700126886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.700232029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.700283051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.701303959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.701411963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.701455116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.702490091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.702594042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.702642918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.703670979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.703804970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.703846931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.704869986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.704987049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.705028057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.706058025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.706161976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.706206083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.707258940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.707333088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.707376957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.708446980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.708549976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.708592892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.709590912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.709702015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.709741116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.710788965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.710928917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.710973024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.711986065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.712100983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.712141037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.713198900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.713337898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.713382006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.714404106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.714474916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.714519024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.715570927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.715634108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.715681076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.716753960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.716860056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.716903925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.717911005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.718017101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.718065023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.719090939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.719187021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.719250917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.720288992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.720391989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.720431089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.721487999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.721586943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.721628904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.722654104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.722759008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.722801924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.723855019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.723963022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.724025965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.725053072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.725225925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.725270987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.726267099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.726361990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.726406097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.727425098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.727526903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.727577925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.728590965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.728755951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.728832006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.729780912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.729887962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.729928970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.730976105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.774898052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.861145020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.861212969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.861270905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.861699104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.861897945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.861942053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.861954927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.863096952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.863143921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.863194942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.864326954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.864372015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.864439011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.865464926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.865530014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.865585089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.866668940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.866723061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.866734982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.867862940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.867903948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.867963076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.869033098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.869080067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.869107008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.870237112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.870302916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.870400906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.871445894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.871490955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.871584892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.872611046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.872659922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.872728109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.873804092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.873846054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.873907089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.874994040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.875031948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.875053883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.876132011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.876173973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.876180887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.877324104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.877371073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.877448082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.878519058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.878566027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.878657103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.879736900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.879782915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.879796028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.880878925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.880924940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.880991936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.882093906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.882137060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.882203102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.883280993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.883332014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.883362055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.884473085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.884511948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.884567022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.885644913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.885691881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.885762930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.886831045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.886877060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.886914015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.888000011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.888034105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.888101101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.889218092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.889271021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.889312983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.890377998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.890425920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.890552044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.891575098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.891618967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.891676903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.892740011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.892787933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.892857075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.893937111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.893985987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.894057035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.895108938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.895153999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.895236969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.896325111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.896370888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.896395922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.897517920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.897557974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.897624969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.898678064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.898741961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.898777008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.899878979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.899921894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.899960995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.901041031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.901106119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.901128054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.902266979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.902312040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.902359962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.903444052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.903486013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.903537989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.904620886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.904664993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.904726028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.905810118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.905853987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.905930042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.906985998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.907028913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.907097101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.908190012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.908231020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.908266068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.909388065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.909431934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.909481049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.910557032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.910598993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.910687923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.911726952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.911792994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.911807060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.913008928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.913063049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.913130999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.914086103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.914130926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.914196968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.915296078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.915339947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.915394068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.916487932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.916532993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.916611910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.917695045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.917733908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.917887926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.918852091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.918898106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.919033051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.920053959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.920099974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.920173883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.921221972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.921267033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.921278954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.922425032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.922463894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:32.922509909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:32.978023052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.053251982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.053335905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.053500891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.053550005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.053674936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.053721905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.054737091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.054800034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.054853916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.055932999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.056061983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.056107044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.057112932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.057214022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.057269096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.058294058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.058432102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.058479071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.059482098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.059585094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.059631109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.060668945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.060724020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.060786009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.061865091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.061971903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.062017918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.063056946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.063133001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.063173056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.064208031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.064363003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.064409018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.065397978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.065535069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.065577984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.066589117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.066695929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.066742897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.067790031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.067913055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.067959070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.068985939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.069061995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.069102049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.070136070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.070261955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.070307970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.071332932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.071388006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.071433067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.072523117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.072619915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.072659016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.073700905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.073795080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.073832989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.074875116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.075005054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.075046062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.076070070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.076184034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.076222897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.077284098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.077487946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.077553988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.078465939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.078577995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.078668118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.079638004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.079757929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.079807997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.080879927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.080897093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.080945969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.082017899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.082128048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.082175016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.083190918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.083271027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.083311081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.084369898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.084480047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.084530115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.085553885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.085661888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.085706949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.086735010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.086852074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.086899042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.087935925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.088066101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.088144064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.089262009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.089371920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.089415073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.090301037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.090544939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.090590954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.091494083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.091609955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.091650009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.092701912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.092845917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.092884064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.093856096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.093955994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.094000101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.095027924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.095185041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.095232010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.096251965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.096393108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.096441031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.097450972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.097568035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.097615004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.098635912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.098735094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.098778963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.099822044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.099955082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.099997997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.101098061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.101182938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.101223946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.102161884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.102296114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.102343082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.103415966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.103482008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.103526115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.104540110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.104636908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.104684114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.105751038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.105922937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.105964899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.106930017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.107000113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.107040882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.108130932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.108216047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.108262062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.109296083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.109426022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.109477043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.110505104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.110578060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.110624075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.111699104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.111733913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.111776114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.112859964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.112987041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.113029957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.114031076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.114141941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.114187956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.115196943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.165524960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.245701075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.245811939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.245874882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.246201038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.246392965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.246440887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.247397900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.247484922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.247529030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.248600960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.248810053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.248857021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.249778032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.249958038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.250006914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.250998020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.251135111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.251174927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.252142906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.252238035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.252280951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.253379107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.253479004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.253529072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.254513025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.254647970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.254693031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.255697966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.255814075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.255857944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.256886005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.257034063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.257083893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.258097887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.258327007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.258373976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.259255886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.259373903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.259416103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.260446072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.260556936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.260605097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.261615992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.261734962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.261845112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.262840986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.262897015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.262938023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.264002085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.264107943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.264148951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.265177965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.265249014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.265294075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.266381025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.266491890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.266535997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.267608881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.267785072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.267829895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.268768072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.268867970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.268909931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.269942045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.270065069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.270111084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.271097898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.271214008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.271260977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.272286892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.272358894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.272397041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.273514032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.273693085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.273737907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.274672031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.274774075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.274815083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.275857925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.275968075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.276016951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.277055979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.277097940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.277136087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.278289080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.278390884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.278433084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.279444933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.279568911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.279616117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.280618906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.280658007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.280704975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.281797886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.281953096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.281996965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.282972097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.283092976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.283133030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.284162045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.284260035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.284300089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.285351038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.285460949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.285506010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.286566019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.286705971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.286746979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.287758112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.287801981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.287846088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.288893938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.289021015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.289064884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.290106058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.290189028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.290230989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.291280985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.291385889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.291426897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.292475939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.292633057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.292680025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.294044971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.294193983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.294240952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.294843912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.294948101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.294991016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.296068907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.296261072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.296304941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.297214985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.297390938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.297436953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.298427105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.298538923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.298587084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.299598932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.299704075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.299742937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.300784111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.300910950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.300954103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.301947117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.302174091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.302218914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.303138971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.303246975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.303296089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.304361105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.304488897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.304534912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.305567980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.305648088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.305691004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.306694984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.306914091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.306962013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.307904005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.353024006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.437886953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.437954903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.438008070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.438432932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.438551903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.438604116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.439583063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.439660072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.439707994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.440764904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.440890074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.440922976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.441955090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.442117929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.442162991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.443135023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.443233967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.443275928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.444329023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.444478035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.444524050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.445535898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.445622921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.445674896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.446686029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.446798086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.446839094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.447891951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.448018074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.448061943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.449115992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.449170113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.449258089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.450258017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.450361967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.450402975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.451435089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.451544046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.451579094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.452620983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.452727079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.452769995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.453824997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.453955889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.453998089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.454992056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.455046892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.455091953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.456218958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.456271887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.456316948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.463562012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.463620901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.463630915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.463668108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.463748932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.463759899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.463784933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.463794947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.463804960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.463820934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.464027882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.464076042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.464142084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.464152098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.464160919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.464171886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.464199066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.464221954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.464878082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.464953899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.464999914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.468163967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.468182087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.468194008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.468224049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.468379974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.468389988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.468405008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.468425989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.468442917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.469274998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.469430923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.469477892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.470444918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.470566034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.470608950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.471648932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.471754074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.471793890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.472809076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.472858906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.472902060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.474044085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.474138021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.474176884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.475179911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.475303888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.475344896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.476372957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.476484060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.476516962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.477555990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.477703094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.477745056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.478754044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.478858948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.478905916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.479912996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.480070114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.480118036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.481123924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.481249094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.481292009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.482306957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.482372046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.482410908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.483537912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.483592987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.483633041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.484679937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.484791994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.484831095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.485961914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.485974073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.486011982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.487035990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.487149000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.487185001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.488292933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.488377094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.488409042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.489425898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.489531040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.489569902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.490617037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.490725994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.490767956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.491807938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.491961002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.492005110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.492985010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.493125916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.493163109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.494173050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.494282007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.494323969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.495381117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.495482922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.495526075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.496524096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.496664047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.496700048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.497777939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.497911930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.497947931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.498955965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.499062061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.499099970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.500072956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.540527105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.630054951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.630142927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.630198002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.630579948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.630629063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.630769014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.631766081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.631870985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.631907940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.632921934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.633053064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.633095980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.634130001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.634217978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.634264946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.635305882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.635441065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.635483980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.636493921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.636607885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.636641026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.637705088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.637811899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.637852907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.638850927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.638891935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.638931990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.640053034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.640125036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.640167952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.641253948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.641427040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.641470909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.642602921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.642613888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.642652988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.643594980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.643697023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.643734932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.644855976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.644959927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.644995928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.646049976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.646138906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.646176100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.647195101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.647294044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.647334099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.648418903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.648428917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.648478985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.649561882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.649734974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.649772882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.650723934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.650785923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.650819063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.651906967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.652019024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.652076006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.653114080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.653214931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.653265953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.654278994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.654324055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.654386997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.655499935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.655657053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.655705929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.656678915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.656814098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.656866074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.657846928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.657968998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.658013105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.659018040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.659193993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.659245968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.660201073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.660322905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.660372019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.661407948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.661544085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.661592960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.662558079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.662882090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.662924051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.663777113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.663870096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.663907051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.664936066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.665018082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.665069103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.666136980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.666182995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.666229010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.667356968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.667423964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.667463064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.668519020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.668601990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.668639898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.669763088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.669773102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.669823885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.670880079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.670957088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.671000957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.672064066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.672132969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.672173023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.673226118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.673289061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.673329115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.674447060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.674659014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.674691916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.675683022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.675776005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.675817966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.676882029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.677000046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.677036047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.678008080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.678072929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.678111076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.679181099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.679297924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.679337025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.680393934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.680563927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.680602074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.681572914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.681698084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.681729078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.682753086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.682780981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.682809114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.683923006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.684010983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.684048891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.685108900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.685236931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.685272932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.686316013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.686458111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.686495066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.687489033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.687609911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.687650919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.688667059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.688806057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.688843966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.689889908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.689943075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.689976931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.691071987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.691399097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.691437960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.692207098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.743670940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.822515965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.822607040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.822654009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.823012114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.823029041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.823062897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.824215889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.824326038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.824362993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.825396061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.825463057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.825499058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.826601982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.826672077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.826711893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.827908039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.827970982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.828005075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.828954935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.829076052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.829114914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.830128908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.830246925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.830285072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.831320047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.831378937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.831425905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.832643986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.832659960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.832717896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.833697081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.833801985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.833838940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.834884882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.834981918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.835021019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.836080074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.836184978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.836232901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.837248087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.837400913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.837441921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.838443041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.838573933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.838612080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.839618921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.839790106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.839832067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.840817928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.840930939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.840966940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.842015028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.842127085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.842170954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.843213081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.843281031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.843334913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.844367027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.844480038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.844520092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.845630884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.845700026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.845746040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.846777916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.846848011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.846887112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.848139048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.848258018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.848300934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.849111080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.849240065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.849281073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.850297928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.850409985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.850450993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.851479053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.851593018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.851638079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.852658033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.852750063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.852791071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.853888035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.853981018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.854022980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.855025053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.855140924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.855180025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.856214046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.856342077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.856388092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.857409000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.857526064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.857567072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.858598948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.858716011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.858752966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.859759092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.859894037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.859934092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.860960960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.861067057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.861103058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.862191916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.862260103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.862302065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.863348961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.863460064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.863488913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.864588022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.864650011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.864686012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.865704060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.865824938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.865865946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.866923094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.867101908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.867141962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.868086100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.868206978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.868244886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.869337082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.869452953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.869493961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.870456934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.870567083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.870604038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.871646881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.871767998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.871813059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.872889042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.872992992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.873030901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.874031067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.874185085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.874222040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.875298977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.875361919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.875401974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.876388073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.876507998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.876545906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.877580881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.877708912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.877746105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.878799915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.878875971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.878910065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.879952908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.880065918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.880109072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.881133080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.881268978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.881308079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.882302999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.882419109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.882452965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.883490086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.883616924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.883661032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.884634018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:33.931144953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:33.931639910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.014605045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.014699936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.014744043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.015175104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.015279055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.015320063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.016345978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.016423941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.016464949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.017512083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.017637014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.017668009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.018709898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.018827915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.018874884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.019896030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.019949913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.019989967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.021115065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.021255970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.021295071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.022286892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.022404909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.022439003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.023459911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.023575068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.023627043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.024705887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.024739981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.024780989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.025846004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.025942087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.025984049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.027018070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.027184010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.027220011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.028218031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.028295994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.028352022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.029388905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.029505014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.029547930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.030551910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.030672073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.030708075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.031742096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.031856060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.031898022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.032952070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.033063889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.033101082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.034118891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.034256935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.034293890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.035375118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.035386086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.035429001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.036485910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.036608934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.036653042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.037731886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.037947893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.037987947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.038911104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.038994074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.039025068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.040080070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.040193081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.040230036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.041237116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.041352034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.041393042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.042435884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.042562008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.042598963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.043611050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.043776035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.043822050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.044786930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.044913054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.044959068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.046022892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.046072960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.046112061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.047188044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.047331095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.047369957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.048366070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.048474073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.048517942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.049551964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.049643993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.049691916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.050730944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.050775051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.050815105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.051944017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.052067995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.052112103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.053113937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.053212881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.053255081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.054317951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.054491997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.054533005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.055522919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.055599928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.055643082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.056747913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.056823015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.056870937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.057902098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.058085918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.058136940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.059051991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.059173107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.059217930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.060231924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.060323954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.060395956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.061459064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.061588049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.061674118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.062619925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.062727928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.062802076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.063843012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.063978910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.064027071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.065006018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.065148115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.065191031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.066174030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.066232920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.066292048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.067405939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.067491055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.067538023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.068528891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.068630934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.068675995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.069706917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.069776058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.069828033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.070897102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.071039915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.071108103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.072077036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.072267056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.072309971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.073295116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.073393106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.073436975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.074481964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.074594021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.074637890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.075659990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.075772047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.075812101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.076785088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.118833065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.206873894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.206969023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.207026958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.207392931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.207647085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.207792997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.208600044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.208767891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.208810091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.209779024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.209927082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.209969997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.210957050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.211133003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.211175919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.212124109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.212269068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.212312937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.213350058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.213514090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.213557959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.214536905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.214646101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.214684963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.215696096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.215775967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.215818882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.216927052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.216989040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.217037916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.218091011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.218213081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.218255043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.219244003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.219384909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.219429970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.220446110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.220556974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.220599890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.221617937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.221745014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.221790075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.222803116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.222901106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.222940922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.223995924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.224098921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.224142075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.225181103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.225375891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.225420952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.226349115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.226479053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.226521969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.227569103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.227664948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.227711916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.228741884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.228868961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.228913069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.229933977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.230042934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.230086088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.231115103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.231228113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.231272936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.232295036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.232439995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.232481003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.233485937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.233568907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.233613014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.234688997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.234834909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.234878063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.235862017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.235995054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.236037016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.237039089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.237164021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.237205029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.238279104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.238333941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.238379002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.239423037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.239542007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.239588022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.240633011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.240732908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.240777016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.241791964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.241911888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.241952896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.242984056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.243112087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.243154049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.244153976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.244245052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.244291067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.245352030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.245513916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.245556116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.246548891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.246803999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.246849060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.247731924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.247809887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.247853994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.248999119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.249015093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.249059916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.250096083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.250238895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.250277996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.251270056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.251379013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.251426935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.252485991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.252625942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.252666950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.253660917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.253767967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.253812075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.254831076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.254966021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.255003929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.256030083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.256148100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.256192923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.257205963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.257267952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.257308006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.258400917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.258627892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.258668900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.259618998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.259696960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.259748936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.260776043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.260898113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.260941029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.261938095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.262034893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.262078047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.263154984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.263293982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.263334990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.264332056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.264455080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.264499903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.265527964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.265538931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.265583038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.266678095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.266798973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.266843081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.267894030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.268002987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.268040895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.269032001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.321971893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.398930073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.399027109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.399386883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.399451971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.399642944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.399693966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.400645971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.400731087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.400772095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.401838064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.401942015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.401983976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.403021097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.403120041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.403160095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.404211044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.404309034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.404351950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.405397892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.405477047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.405523062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.406583071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.406683922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.406723976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.407766104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.407877922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.407924891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.408938885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.409065962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.409109116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.410130978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.410238981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.410281897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.411303043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.411432981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.411489010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.412533998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.412614107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.412657022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.413661957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.413816929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.413861990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.414886951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.415004969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.415046930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.416069031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.416229963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.416270971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.417249918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.417356968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.417404890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.418425083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.418508053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.418555975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.419608116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.419718027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.419759989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.420799017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.420855999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.420898914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.421981096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.422075033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.422116995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.423185110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.423302889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.423343897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.424364090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.424423933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.424463987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.425544977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.425589085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.425630093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.426717997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.426809072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.426851988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.427926064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.428013086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.428057909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.429114103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.429198027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.429239988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.430270910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.430398941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.430442095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.431479931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.431567907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.431610107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.432657957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.432749987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.432792902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.433849096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.433957100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.433998108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.435029984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.435134888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.435182095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.436223030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.436332941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.436373949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.437387943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.437514067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.437558889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.438656092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.438767910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.438812017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.439795017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.439913988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.439953089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.440984011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.441149950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.441189051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.442142010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.442274094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.442317009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.443372011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.443448067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.443492889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.444565058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.444667101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.444710016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.445705891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.445833921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.445875883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.446892023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.446947098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.446986914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.448090076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.448214054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.448256016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.449275970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.449384928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.449424028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.450452089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.450525999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.450570107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.451631069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.451687098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.451730967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.452841043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.453001022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.453042030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.454292059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.454400063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.454442978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.455176115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.455291033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.455337048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.456401110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.456510067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.456552029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.457576990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.457667112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.457709074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.458746910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.458842993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.458887100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.459922075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.460057020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.460100889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.461066008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.509449959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.591053963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.591160059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.591216087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.591597080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.591702938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.591754913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.592801094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.592989922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.593031883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.594017982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.594149113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.594189882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.595154047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.595268965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.595310926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.596357107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.596442938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.596493959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.597526073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.597577095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.597619057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.598761082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.598887920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.598937035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.599890947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.600032091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.600075960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.601161957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.601171970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.601213932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.602268934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.602381945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.602426052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.603466034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.603565931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.603604078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.604657888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.604787111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.604836941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.605851889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.605968952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.606014013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.607024908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.607151985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.607196093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.608197927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.608294964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.608344078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.609371901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.609497070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.609541893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.610565901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.610676050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.610721111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.611813068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.611882925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.611926079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.612941980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.613014936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.613061905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.614134073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.614214897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.614257097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.615483046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.615678072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.615724087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.616700888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.616791964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.616831064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.617676973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.617808104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.617854118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.618889093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.619004011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.619049072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.620109081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.620242119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.620285034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.621249914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.621366978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.621407032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.622459888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.622529030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.622575045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.623599052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.623719931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.623774052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.624802113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.624902010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.624947071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.625974894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.626089096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.626127005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.627177954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.627290010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.627335072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.628355980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.628530025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.628571987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.629534006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.629657030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.629709005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.630743027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.630836010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.630880117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.631913900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.631994963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.632036924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.633138895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.633214951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.633260012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.634283066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.634414911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.634475946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.635481119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.635555983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.635601997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.636689901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.636779070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.636826038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.637856960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.637970924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.638022900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.639028072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.639136076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.639183998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.640209913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.640346050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.640393019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.641401052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.641475916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.641520977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.642606020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.642702103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.642748117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.643830061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.643919945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.643958092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.644973040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.645111084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.645153999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.646138906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.646262884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.646307945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.647356033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.647526979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.647571087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.648519993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.648586035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.648629904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.649687052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.649797916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.649846077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.650876999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.650966883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.651009083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.652348995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.652573109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.652618885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.653219938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.696851015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.783240080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.783349991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.783411980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.783775091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.783907890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.783955097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.784981966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.785068989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.785119057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.786135912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.786256075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.786298990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.787338972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.787420034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.787462950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.788516998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.788639069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.788685083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.789696932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.789863110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.789906025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.790960073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.790971041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.791007996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.792068005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.792251110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.792296886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.793260098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.793404102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.793447018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.795008898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.795023918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.795062065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.795622110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.795687914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.795732975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.796819925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.796925068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.796963930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.801175117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.801332951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.801342964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.801353931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.801374912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.801392078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.801702976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.801882029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.801934004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.803035975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.803046942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.803086996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.804322004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.804508924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.804555893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.805373907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.805537939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.805578947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.806550980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.806720972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.806768894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.807689905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.807851076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.807893038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.808990955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.809453964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.809495926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.810245037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.810435057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.810477972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.811434031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.811618090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.811659098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.812434912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.812616110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.812659979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.813540936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.813730955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.813772917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.814836025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.815172911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.815215111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.816087961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.816097975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.816142082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.817289114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.817429066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.817471981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.818401098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.818563938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.818608999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.819652081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.819824934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.819865942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.820784092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.820960045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.821002960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.822096109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.822104931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.822144985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.823203087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.823376894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.823421955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.824342966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.824660063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.824703932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.825503111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.825665951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.825715065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.826621056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.826931000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.826976061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.827874899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.828084946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.828130960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.829011917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.829021931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.829032898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.829045057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.829052925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.829086065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.830003977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.830136061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.830177069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.831226110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.831326962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.831368923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.832402945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.832525969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.832561016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.836280107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837229013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837270021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.837404013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837413073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837423086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837434053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837467909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.837477922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.837692022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837703943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.837754965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.838325024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.838450909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.838494062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.839487076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.839621067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.839658976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.840692043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.840796947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.840840101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.841876030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.841984987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.842022896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.843115091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.843177080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.843221903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.844269037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.844367981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.844409943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.845451117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.899914980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.980678082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.980737925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.980943918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.980992079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.981098890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.981273890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.982201099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.982320070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.982367992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.983407021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.983541012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.983577967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.984606028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.984642029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.984687090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.985790014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.985934973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.985982895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.986972094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.987090111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.987127066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.988122940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.988384962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.988424063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.989314079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.989456892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.989500999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.990533113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.990622997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.990670919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.991682053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.991794109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.991841078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.992886066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.992942095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.992984056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.994015932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.994162083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.994205952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.995240927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.995311022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.995362043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.996439934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.996563911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.996609926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.997613907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.997678041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.997718096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.998785973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.998907089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:34.998955965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:34.999983072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.000118971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.000161886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.001200914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.001322031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.001364946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.002449989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.002523899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.002564907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.003549099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.003669024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.003710032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.004738092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.004867077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.004910946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.005937099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.006119967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.006165981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.007122993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.007241011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.007285118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.008325100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.008466959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.008506060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.009526968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.009664059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.009707928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.010669947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.010796070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.010838032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.011873960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.011956930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.012001038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.013051987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.013200045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.013242006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.014240026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.014364004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.014406919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.015439034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.015527010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.015569925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.016798019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.016880989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.016925097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.017852068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.017960072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.018003941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.019134045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.019201994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.019247055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.020137072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.020217896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.020261049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.021451950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.021516085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.021557093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.022558928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.022655010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.022696972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.023714066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.023834944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.023879051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.025063038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.025186062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.025228024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.026096106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.026258945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.026303053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.027267933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.027467012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.027513027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.028446913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.028583050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.028625965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.029614925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.029709101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.029755116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.030844927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.030961990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.031004906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.032087088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.032186985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.032227039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.033193111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.033328056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.033370018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.034379959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.035303116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.035348892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.035551071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.035661936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.035701990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.036757946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.036876917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.036916018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.037955999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.038057089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.038098097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.039154053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.039295912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.039334059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.040292978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.040410042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.040452003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.041456938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.041604996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.041650057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.042579889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.087446928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.182779074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.182924986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.183087111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.183532000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.183815956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.183859110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.184175014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.184300900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.184349060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.185344934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.185528994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.185576916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.186539888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.186633110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.186678886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.187722921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.187864065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.187906027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.188916922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.189035892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.189083099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.190104008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.190217972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.190260887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.191276073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.191404104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.191440105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.192477942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.192584038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.192622900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.193667889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.193774939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.193819046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.194869995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.194992065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.195034981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.196063995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.196181059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.196224928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.197233915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.197371006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.197415113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.198415995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.198574066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.198621988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.199682951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.199804068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.199856043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.200819016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.200926065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.200973988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.201973915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.202073097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.202116966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.203124046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.203238010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.203289032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.204340935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.204405069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.204457045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.205537081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.205637932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.205687046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.206696987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.206789017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.206832886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.207894087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.208019972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.208070040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.209104061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.209211111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.209259987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.210257053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.210371017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.210418940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.211460114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.211559057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.211611032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.212641001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.212754965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.212816954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.213835001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.213974953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.214010954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.214987993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.215106010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.215142965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.216229916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.216309071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.216353893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.217365026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.217541933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.217588902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.218569994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.218693972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.218746901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.220148087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.220279932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.220320940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.220978022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.221126080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.221167088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.222151041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.222282887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.222326994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.223355055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.223458052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.223500967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.224497080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.224616051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.224657059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.225792885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.225863934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.225910902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.226922989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.227004051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.227049112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.228091955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.228286028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.228348017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.229274035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.229403019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.229444981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.230457067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.230573893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.230617046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.231635094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.231736898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.231772900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.232820988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.232940912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.232984066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.234019041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.234158993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.234200954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.235193014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.235354900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.235400915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.236377001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.236440897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.236484051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.237571955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.237633944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.237672091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.238739014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.238873959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.238914967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.239907980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.240039110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.240083933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.241107941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.241214991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.241261005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.242259979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.242379904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.242425919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.243458986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.243588924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.243654966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.244648933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.290672064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.374907970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.375015974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.375106096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.375464916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.375591993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.375638962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.376677036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.376777887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.376822948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.377845049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.377953053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.377996922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.379050016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.379343987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.379385948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.380203962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.380327940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.380371094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.381429911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.381532907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.381577969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.382561922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.382688046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.382735014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.383791924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.383883953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.383929014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.384952068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.385073900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.385122061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.386126995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.386245966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.386288881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.387320042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.387443066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.387482882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.388495922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.388622999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.388660908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.389703035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.389838934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.389879942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.390892982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.391010046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.391052961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.392100096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.392174959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.392210960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.393266916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.393383980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.393425941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.394474030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.394553900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.394598961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.395634890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.395759106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.395804882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.396831036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.396919966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.396962881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.398011923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.398067951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.398113966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.399185896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.399302959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.399343967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.400372982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.400546074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.400584936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.401556969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.401717901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.401757956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.402754068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.402929068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.402964115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.403980970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.404119968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.404164076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.405143976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.405225992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.405267000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.406308889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.406414032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.406456947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.407501936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.407624006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.407666922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.408679008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.408791065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.408833027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.526806116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.526819944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.526989937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.527985096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.527997017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.528048038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.646013975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.646028042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.646205902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.647118092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.647133112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.647191048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765434980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765450954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765461922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765472889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765481949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765491009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765501976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765526056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765537024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765547037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765556097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765563965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765590906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765603065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765786886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765796900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765808105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765819073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765831947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765865088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765873909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765885115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765894890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765903950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765913010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765919924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765928984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.765935898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.765964985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.766659975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766673088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766726017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.766804934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766815901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766824007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766834021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766844034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766855001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.766863108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766872883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766881943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.766891003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.766899109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.766928911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.767689943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767702103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767709970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767719984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767729998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767736912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.767745972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767755985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767765045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.767771006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767779112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767786026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.767793894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767805099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767811060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.767818928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.767838955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.767862082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.768631935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.768642902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.768652916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.768662930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.768671989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.768681049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.768707991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.769095898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769109964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769126892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769135952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769144058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.769151926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769159079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.769171953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769182920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769192934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769202948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769212961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.769218922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769226074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.769247055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.769972086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769984007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.769992113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770075083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.770092964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770102978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770112038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770122051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770133018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770140886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.770149946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770155907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.770164013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770184994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.770843983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770854950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770889997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.770986080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.770997047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771006107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771015882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771028996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771034956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771043062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771054983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771064997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771071911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771084070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771213055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771819115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771831036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771840096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771869898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771909952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771924019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771934986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771945000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771954060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771964073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771971941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771980047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.771987915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.771996021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772033930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.772840023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772850037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772859097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772869110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772877932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772886038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.772895098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772906065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772912979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.772921085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772931099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772938967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.772947073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.772959948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.773761034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773772001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773781061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773791075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773802042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773809910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.773819923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773832083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773837090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.773844957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773854971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773864031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.773870945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.773890018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.774678946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774688959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774698973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774708986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774720907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.774725914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774740934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774749994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.774756908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774764061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.774772882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774782896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774794102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.774807930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.774823904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.775454998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775466919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775515079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.775599957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775609970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775626898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775636911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775644064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.775652885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775665045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775670052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.775677919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775688887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.775692940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.775706053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.776384115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776398897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776427984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.776540995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776551008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776561022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776570082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776580095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.776586056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776595116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.776601076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776611090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776619911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.776626110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.776644945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.777410030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777426004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777436972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777447939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777455091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.777467966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777475119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.777482986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777493954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777499914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.777508020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777518034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777537107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.777544022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777554035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.777559042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.777705908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.778230906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778242111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778280973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.778372049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778383017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778392076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778402090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778412104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778419018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.778428078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778435946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.778444052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778454065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.778470993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.778500080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.779221058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779231071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779239893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779259920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779267073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.779274940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779284954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779294968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779301882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.779310942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779326916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779335976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.779347897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.779352903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.779392004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.780199051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780209064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780219078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780230045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780241966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780246973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.780255079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780267000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.780271053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780280113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780287027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.780294895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780304909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.780314922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.780334949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.781042099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781053066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781069040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781079054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781086922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.781095982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781105995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781121969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.781147003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.781549931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781562090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.781595945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.781858921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.782037020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.782083988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.783030987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.783097029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.783142090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.784301996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.784326077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.784367085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.785412073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.785543919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.785588980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.786657095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.786760092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.786803007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.787936926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.787956953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.788000107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.788985014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.789082050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.789129019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.790150881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.790247917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.790297031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.791335106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.791440964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.791491032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.792546034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.792582035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.792619944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.793711901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.793814898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.793863058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.794902086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.795201063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.795248032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.884990931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.885054111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.885112047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.885502100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.885579109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.885627031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.886838913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.886858940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.886925936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.887901068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.888058901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.888117075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.889091969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.889188051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.889230013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.890269995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.890384912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.890424967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.891470909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.891644955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.891695023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.892642021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.892718077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.892766953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.893815041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.893956900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.894005060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.895021915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.895100117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.895277023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.896228075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.896294117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.896338940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.897396088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.897517920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.897564888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.898617029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.898904085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.898952961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.899775028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.899852037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.899912119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.900923014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.901050091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.901088953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.902118921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.902229071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.902273893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.903326035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.903409004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.903451920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.904510021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.904601097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.904644966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.905692101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.905842066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.905888081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.906881094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.906966925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.907012939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.908108950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.908205986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.908248901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.909261942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.951198101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.951253891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.951284885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.951751947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.951775074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.951793909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.955970049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.955985069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.955996990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.956011057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.956018925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.956028938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.956037998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.956046104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.956072092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.956552982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.956563950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.956593990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.958024979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.958061934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.958086967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.959613085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.959661007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.959969997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.960727930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.960740089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.960776091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.961209059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.961253881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.961616993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.962446928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.962492943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.962625027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.963588953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.963628054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.963702917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.964787006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.964827061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.964852095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.965965033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.966027021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.966058016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.967132092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.967173100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.967238903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.968333960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.968379021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.968437910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.969508886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.969546080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.969636917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.973496914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.973507881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.973516941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.973526955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.973540068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.973562956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.973572969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.973583937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.973604918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.974426985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.974469900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.974777937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.975903988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.975939989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.975990057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.978029966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.978041887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.978054047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.978070021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.978092909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.978107929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.979012966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.979053974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.979079962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.980422020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.980454922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.980515957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.981509924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.981522083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.981539011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.982603073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.982650995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.983134985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.983727932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.983763933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.984252930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.985116959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.985156059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.985294104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.986706972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.986722946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.986746073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.987760067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.987770081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.987795115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.988754034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.988780022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.988801956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.990042925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.990053892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.990093946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.991139889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.991149902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.991190910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.992393970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.992434978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.992748976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.993360996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.993371010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.993405104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.994622946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.994632959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.994659901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.995594978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.995640993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.996162891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.997395992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.997406960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.997442007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.998359919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.998370886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.998403072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.999130011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:35.999175072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:35.999197960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.000818014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.000834942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.000859022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.001718044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.001765013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.001823902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.002727032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.002768040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.002862930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.004035950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.004050016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.004072905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.005208015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.005240917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.005259037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.006275892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.006319046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.006375074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.007477999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.007523060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.007539988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.008636951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.008681059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.008805037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.009865046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.009910107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.009933949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.011039019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.011084080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.011140108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.012227058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.012274981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.012298107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.013334036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.013377905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.154881954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.154947042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.154984951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.155019999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.155250072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.155339956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.155450106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.155528069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.155548096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.155570984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.156392097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.156430960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.156450987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.156539917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.156577110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.157286882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.157361984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.157372952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.157399893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.158263922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.158303022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.158327103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.158338070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.158375978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.159162998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.159218073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.159226894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.159271955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.160058022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.160089970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.160202980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.160212994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.160247087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.161020994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.161118984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.161130905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.161171913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.162038088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.162048101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.162059069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.162079096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.162098885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.162853003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.162952900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.162967920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.162993908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.163803101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.163837910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.163872004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.163882971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.163916111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.164731026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.164791107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.164802074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.164827108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.165647984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.165689945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.165740967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.165750027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.165790081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.166567087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.166652918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.166662931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.166698933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.167510986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.167567015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.167586088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.167599916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.167642117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.168468952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.168598890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.168610096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.168646097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.169373035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.169418097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.169492960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.169503927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.169548035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.170310020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.170435905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.170445919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.170475006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.171216011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.171267986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.171324015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.171334028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.171366930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.172198057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.172255993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.172266960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.172296047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.173085928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.173131943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.173180103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.173188925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.173230886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.174012899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.174114943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.174125910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.174150944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.174942970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.174984932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.175046921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.175059080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.175096035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.175955057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.176203966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.176240921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.176311016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.176321030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.176362038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.177108049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.177190065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.177201033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.177227974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.178047895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.178086996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.178168058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.178177118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.178210020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.178967953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.179117918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.179128885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.179152012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.179899931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.179936886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.179990053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.180001020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.180052042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.180850983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.180927038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.180937052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.180963039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.181750059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.181788921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.181869030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.181879997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.181919098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.182687998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.182781935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.182791948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.182813883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.183626890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.183665037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.183691978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.183701992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.183739901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.184554100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.184629917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.184640884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.184664965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.185472965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.185512066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.185574055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.185583115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.185621023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.186456919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.186506033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.186516047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.186541080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.231637001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.347148895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.347177029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.347287893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.347306013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.347568035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.347623110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.347631931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.347650051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.347691059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.348463058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.348572969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.348582983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.348623037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.349400997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.349443913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.349462986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.349473000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.349517107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.350281000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.350393057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.350402117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.350438118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.351567984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.351613998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.351664066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.351675987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.351711988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.352155924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.352242947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.352255106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.352288961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.353106976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.353158951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.353178978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.353188992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.353229046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.354032040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.354090929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.354101896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.354136944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.355179071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.355231047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.355254889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.355264902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.355304003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.355987072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.356028080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.356038094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.356086016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.356795073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.356837988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.356862068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.356872082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.356914043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.357747078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.357811928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.357824087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.357850075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.358650923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.358690977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.358735085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.358746052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.358784914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.359575033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.359663010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.359673977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.359702110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.360517979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.360557079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.360605955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.360615969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.360670090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.361428022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.361545086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.361553907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.361587048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.362360001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.362401962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.362452984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.362462997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.362504005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.363287926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.363384962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.363398075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.363441944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.364229918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.364280939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.364305019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.364314079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.364355087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.365173101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.365257978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.365267992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.365315914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.366086006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.366154909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.366162062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.366172075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.366216898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.367003918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.367079973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.367089987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.367115021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.367942095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.368001938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.368249893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.368340015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.368350029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.368376017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.369189978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.369237900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.369260073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.369271040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.369308949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.370119095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.370187998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.370198965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.370228052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.371021986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.371078014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.371107101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.371117115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.371150970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.371984005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.372065067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.372076035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.372107983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.372894049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.372932911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.373002052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.373012066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.373047113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.373831034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.373913050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.373923063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.373955011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.374852896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.374861956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.374872923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.374900103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.374917030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.375689983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.375757933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.375767946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.375797987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.376621008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.376688004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.376713037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.376723051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.376763105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.377547979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.377635956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.377645969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.377682924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.378468037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.378524065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.378555059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.378565073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.378598928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.379358053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.381494045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.539259911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.539300919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.539324045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.539457083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.539614916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.539669037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.539694071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.539705038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.539748907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.540731907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.540831089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.540843010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.540879965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.541444063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.541484118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.541569948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.541589022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.541632891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.542563915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.542648077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.542659998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.542694092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.543307066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.543356895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.543379068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.543390989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.543431997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.544641018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.544733047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.544744015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.544770002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.545222998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.545262098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.545304060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.545315027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.545351028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.546129942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.546246052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.546257019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.546286106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.547040939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.547081947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.547157049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.547168016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.547208071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.548068047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.548139095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.548149109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.548176050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.548880100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.548923969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.548970938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.548979044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.549021006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.549920082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.549928904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.549941063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.549963951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.550760031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.550798893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.550826073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.550836086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.550873995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.551688910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.551769018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.551779032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.551804066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.552628994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.552661896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.552700043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.552710056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.552746058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.553565979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.553628922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.553642988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.553668022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.554486036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.554526091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.554548979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.554558992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.554594994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.555425882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.555489063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.555497885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.555532932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.556340933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.556384087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.556405067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.556415081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.556447029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.557296038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.557359934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.557369947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.557394028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.558195114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.558233023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.558263063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.558273077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.558315992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.559122086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.559190035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.559200048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.559223890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.560410976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.560467005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.560898066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.560916901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.560926914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.560950994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.561486006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.561522961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.561546087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.561556101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.561592102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.562237024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.562313080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.562323093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.562355995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.563152075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.563195944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.563220024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.563230991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.563263893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.564097881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.564162970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.564173937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.564203024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.564987898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.565027952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.565102100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.565112114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.565152884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.566052914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.566143990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.566157103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.566189051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.566898108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.566937923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.566962957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.566975117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.567014933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.567776918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.567866087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.567874908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.567899942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.568708897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.568753004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.568783998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.568795919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.568835974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.569667101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.569734097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.569744110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.569768906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.570637941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.570693970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.570700884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.570710897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.570748091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.571455956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.618663073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.637290001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.731300116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.731348991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.731359959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.731389046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.731724024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.731771946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.731791973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.731803894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.731837034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.732650042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.732702971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.732712030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.732737064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.733666897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.733699083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.733706951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.733716011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.733753920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.734464884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.734548092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.734558105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.734592915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.735413074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.735450983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.735479116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.735488892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.735528946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.736336946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.736423969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.736434937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.736468077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.737282991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.737319946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.737341881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.737351894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.737389088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.738212109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.738280058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.738291979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.738317966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.739156008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.739195108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.739221096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.739233017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.739269972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.740144014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.740201950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.740214109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.740240097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.741055965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.741096973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.741120100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.741132021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.741169930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.741938114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.741985083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.742000103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.742023945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.742841005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.742881060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.742902994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.742913961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.742952108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.743814945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.743833065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.743844986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.743869066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.744718075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.744760990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.744780064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.744791985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.744823933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.745649099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.745702028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.745712042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.745745897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.746553898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.746594906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.746619940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.746630907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.746669054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.747509003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.747582912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.747595072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.747622013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.748436928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.748477936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.748502016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.748512030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.748534918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.749366045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.749411106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.749420881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.749443054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.750281096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.750323057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.750343084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.750355005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.750382900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.751214981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.751234055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.751247883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.751271009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.752146959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.752187014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.752437115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.752500057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.752510071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.752536058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.753396034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.753433943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.753458977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.753469944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.753494978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.754339933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.754393101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.754403114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.754429102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.755245924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.755280972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.755341053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.755351067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.755381107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.756165028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.756222010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.756233931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.756261110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.757107019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.757142067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.757175922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.757185936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.757226944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.758053064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.758100033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.758111954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.758136034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.758956909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.759004116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.759023905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.759036064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.759078026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.759879112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.759947062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.759958982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.759985924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.760795116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.760833979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.760927916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.760938883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.760988951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.761773109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.761827946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.761838913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.761863947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.762676001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.762715101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.762733936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.762743950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.762779951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.763581038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.806149960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.847744942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.923384905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.923427105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.923438072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.923468113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.923768044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.923810959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.923842907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.923854113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.923897982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.924715996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.924761057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.924803019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.924870968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.925647974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.925693035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.925714016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.925724983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.925767899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.926671982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.926763058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.926774025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.926812887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.927495003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.927535057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.927570105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.927582026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.927622080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.928431034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.928510904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.928523064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.928548098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.929358006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.929398060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.929419041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.929430008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.929471016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.930280924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.930352926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.930365086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.930391073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.931179047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.931221008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.931267977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.931278944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.931320906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.932131052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.932207108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.932219982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.932245016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.933062077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.933109045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.933132887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.933144093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.933183908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.934045076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.934083939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.934093952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.934130907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.934923887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.934967041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.934990883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.935002089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.935038090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.935861111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.935928106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.935940027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.935967922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.936791897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.936835051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.936856031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.936866045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.936903954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.937716961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.937808990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.937820911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.937844038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.938644886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.938694954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.938716888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.938729048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.938755989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.939553976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.939650059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.939666986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.939702988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.940479040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.940529108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.940570116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.940582037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.940617085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.941416025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.941495895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.941507101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.941539049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.942342043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.942404032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.942425013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.942437887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.942464113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.943265915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.943356037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.943367958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.943402052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.944252014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.944315910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.944330931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.944343090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.944375038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.945132971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.945439100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.945481062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.945516109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.945527077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.945569992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.946362019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.946450949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.946460962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.946494102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.947381020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.947412014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.947424889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.947443962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.947478056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.948231936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.948323011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.948332071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.948358059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.949156046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.949210882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.949238062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.949248075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.949281931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.950090885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.950191021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.950201035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.950227022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.951011896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.951080084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.951097965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.951108932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.951153994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.951947927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.952035904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.952045918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.952069044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.952868938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.952917099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.952951908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.952961922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.953005075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.953828096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.953906059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.953917027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.953943014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.954765081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.954821110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.954830885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.954859018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:36.954902887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:36.955616951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.009310007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.115845919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.115883112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.115889072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.116036892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.116056919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.116069078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.116070986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.116110086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.116790056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.116873980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.116883993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.116915941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.117693901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.117739916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.117750883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.117762089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.117803097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.118623018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.118694067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.118705034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.118741989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.119573116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.119605064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.119616985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.119630098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.119654894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.120474100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.120557070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.120567083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.120609045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.121448040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.121496916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.121514082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.121524096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.121589899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.122395992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.122482061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.122492075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.122525930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.123266935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.123316050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.123347044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.123359919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.123399019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.124192953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.124286890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.124296904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.124325037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.125134945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.125194073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.125211954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.125221968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.125261068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.126082897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.126156092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.126164913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.126195908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.126988888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.127036095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.127067089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.127077103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.127113104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.127903938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.127958059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.127969980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.128005981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.128813982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.128856897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.128891945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.128902912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.128937006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.129887104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.129905939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.129916906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.129947901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.130764008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.130809069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.130841017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.130851984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.130887032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.131647110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.131696939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.131705999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.131731987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.132544994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.132594109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.132618904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.132630110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.132664919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.133472919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.133558035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.133567095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.133596897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.134449959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.134504080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.134521008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.134531975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.134562016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.135380030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.135612011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.135621071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.135663986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.136301994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.136348963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.136390924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.136400938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.136440992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.137197971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.137510061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.137556076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.137584925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.137595892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.137634993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.138467073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.138509035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.138520002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.138555050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.139352083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.139400005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.139422894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.139436007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.139467001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.140330076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.140352011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.140362978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.140398026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.141220093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.141266108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.141294003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.141305923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.141340971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.142151117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.142220974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.142239094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.142277956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.143102884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.143143892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.143176079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.143188000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.143228054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.144053936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.144133091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.144144058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.144186020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.145037889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.145049095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.145061016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.145078897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.145104885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.145942926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.145993948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.146004915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.146042109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.146811008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.146857977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.146905899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.146918058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.146955967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.147669077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.196795940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.307667971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.307813883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.307822943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.307853937 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.308006048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.308065891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.308094978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.308104992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.308136940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.309031010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.309125900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.309135914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.309159040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.309885025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.309973955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.310029030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.310045958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.310098886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.310936928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.311045885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.311054945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.311085939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.311713934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.311762094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.311784029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.311794996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.311856031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.312674046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.312717915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.312727928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.312762022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.313612938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.313633919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.313657045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.313725948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.313772917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.314500093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.314555883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.314564943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.314594984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.315426111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.315471888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.315479040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.315490007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.315526962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.316348076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.316401958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.316411018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.316451073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.317295074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.317337990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.317344904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.317354918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.317389011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.318221092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.318310976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.318320990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.318360090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.319142103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.319185972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.319212914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.319222927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.319258928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.320060015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.320137024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.320147991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.320183039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.320995092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.321038961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.321053982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.321064949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.321096897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.321928978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.321990013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.322000027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.322040081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.322839975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.322884083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.322921038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.322931051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.322969913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.323829889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.323848009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.323858976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.323884964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.324733973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.324776888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.324805021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.324815035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.324848890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.325643063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.325719118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.325727940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.325757027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.326585054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.326630116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.326639891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.326649904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.326684952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.327485085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.327562094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.327572107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.327608109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.328438044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.328499079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.328505993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.328515053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.328552961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.329369068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.329653025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.329699039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.329716921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.329726934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.329762936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.330590963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.330667973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.330678940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.330713034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.331521988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.331564903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.331592083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.331600904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.331636906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.332453012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.332515955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.332528114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.332557917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.333368063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.333410978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.333447933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.333457947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.333511114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.334343910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.334362030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.334372044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.334408998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.335249901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.335293055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.335324049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.335334063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.335366964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.336159945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.336235046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.336244106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.336275101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.337090969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.337136030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.337166071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.337174892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.337210894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.338041067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.338109016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.338123083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.338150024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.338968039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.339015961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.339027882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.339035034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.339071035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.339868069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.384277105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.499609947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.499665022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.499675989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.499716043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.500025034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.500071049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.500077963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.500091076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.500128984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.500977993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.501055956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.501065016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.501101971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.501883984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.501930952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.501948118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.501959085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.501992941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.502811909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.502885103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.502895117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.502933979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.503734112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.503781080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.503796101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.503806114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.503840923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.504678011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.504744053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.504754066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.504781961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.505601883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.505645990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.505767107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.505776882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.505815029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.506546974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.506582975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.506592989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.506618023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.507460117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.507502079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.507535934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.507550955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.507587910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.508377075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.508444071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.508455038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.508483887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.509432077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.509474993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.509567022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.509577036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.509609938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.510277033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.510323048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.510332108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.510370016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.511189938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.511226892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.511240959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.511255026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.511292934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.512142897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.512161016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.512197018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.512197971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.513062954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.513103962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.513134956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.513145924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.513179064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.513981104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.514051914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.514062881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.514096975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.514904976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.514946938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.514975071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.514985085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.515022993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.515857935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.515901089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.515911102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.515947104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.516758919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.516798019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.516828060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.516839027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.516872883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.517704010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.517759085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.517769098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.517803907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.518668890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.518713951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.518733978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.518745899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.518776894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.519596100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.519658089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.519668102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.519695044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.520492077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.520539999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.520550013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.520559072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.520596981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.521428108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.521720886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.521761894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.521785975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.521795988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.521826982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.522659063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.522718906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.522728920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.522766113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.523565054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.523606062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.523641109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.523650885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.523689032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.524513006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.524530888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.524540901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.524575949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.525451899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.525496006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.525521994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.525537014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.525574923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.526340008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.526420116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.526429892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.526469946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.527282000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.527332067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.527359962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.527370930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.527410030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.528233051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.528279066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.528290033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.528321981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.529133081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.529175997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.529200077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.529210091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.529241085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.530106068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.530159950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.530169964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.530204058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.531003952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.531049967 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.531056881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.531074047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.531112909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.531869888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.571774960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.691683054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.691737890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.691749096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.691798925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.692120075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.692166090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.692323923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.692617893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.692656994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.692709923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.693223000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.693260908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.693278074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.693289042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.693320990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.694214106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.694262028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.694303036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.694391966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.695060015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.695101976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.695138931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.695151091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.695187092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.695988894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.696033001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.696043015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.696075916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.696914911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.696960926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.696965933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.696975946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.697026968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.697829962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.697895050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.697905064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.697937965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.698765039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.698801994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.698833942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.698844910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.698885918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.699696064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.699768066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.699775934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.699820995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.700618029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.700661898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.700679064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.700690031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.700731039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.701551914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.701605082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.701615095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.701649904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.702481985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.702528954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.702558041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.702568054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.702603102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.703419924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.703495026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.703506947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.703531027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.704344988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.704392910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.704418898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.704430103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.704461098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.705257893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.705336094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.705346107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.705379009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.706233025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.706280947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.706296921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.706306934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.706335068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.707144022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.707237959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.707247972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.707273960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.708081961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.708129883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.708177090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.708187103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.708224058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.708976984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.709043026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.709058046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.709079981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.709916115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.709963083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.709988117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.709996939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.710067987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.710827112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.710908890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.710918903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.710954905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.711776972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.711822033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.711853981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.711863995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.711904049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.712697029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.712771893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.712784052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.712817907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.713634014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.713676929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.713968039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.714046001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.714056969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.714095116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.714853048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.714899063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.714935064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.714945078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.714979887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.715801001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.715868950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.715878963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.715909004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.716726065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.716768980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.716773987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.716778994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.716811895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.717668056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.717765093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.717773914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.717806101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.718621969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.718645096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.718656063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.718672991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.718794107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.719515085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.719593048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.719604015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.719645977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.720468044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.720509052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.720510960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.720520020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.720576048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.721379995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.721455097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.721467018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.721503973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.722317934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.722371101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.722390890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.722405910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.722450018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.723226070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.723298073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.723308086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.723344088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.883939981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.883959055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.883968115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.884007931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.884342909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.884390116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.884418964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.884429932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.884466887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.885284901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.885376930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.885387897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.885425091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.886179924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.886223078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.886250973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.886260986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.886297941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.887131929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.887212038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.887231112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.887257099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.888056040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.888099909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.888163090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.888173103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.888207912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.889003992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.889045000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.889055014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.889090061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.889908075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.889949083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.890002012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.890012980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.890053988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.890868902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.890944004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.890954018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.890989065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.891766071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.891808987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.891840935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.891851902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.891889095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.892673969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.892781973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.892791986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.892832994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.893831968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.893877029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.893934965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.893944979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.893985033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.894568920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.894645929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.894656897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.894694090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.895503044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.895559072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.895571947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.895581961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.895617962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.896389008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.896490097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.896501064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.896539927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.897370100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.897411108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.897458076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.897468090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.897510052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.898436069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.898561001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.898570061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.898595095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.899185896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.899228096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.899290085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.899300098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.899342060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.900129080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.900211096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.900222063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.900257111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.901072979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.901118040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.901125908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.901137114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.901173115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.902046919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.902147055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.902156115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.902187109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.902923107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.902967930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.902991056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.903006077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.903049946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.903847933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.903968096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.903978109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.904014111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.904772997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.904817104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.904843092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.904851913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.904887915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.905683041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.906030893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.906076908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.906107903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.906117916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.906150103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.906935930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.907037973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.907047987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.907098055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.907862902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.907911062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.907943010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.907953978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.907990932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.908828020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.908881903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.908893108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.908929110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.909723997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.909768105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.909801960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.909811974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.909846067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.910659075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.910732985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.910742998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.910770893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.911607981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.911653042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.911684990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.911694050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.911729097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.912519932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.912645102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.912655115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.912689924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.913472891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.913516998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.913537979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.913547993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.913588047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.914370060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.914477110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.914486885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.914514065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.915293932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.915333986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.915361881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.915373087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.915406942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:37.916172028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:37.962429047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.076114893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.076165915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.076176882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.076234102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.076534033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.076579094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.076598883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.076607943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.076644897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.077475071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.077543974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.077553034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.077590942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.078392029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.078435898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.078459024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.078469992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.078516006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.079366922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.079421043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.079430103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.079468012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.080255032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.080298901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.080307007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.080316067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.080358028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.081176996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.081248045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.081263065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.081296921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.082211018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.082257032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.082262039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.082272053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.082310915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.083101034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.083163023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.083173037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.083209038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.083957911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.084001064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.084028959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.084038973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.084079981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.084901094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.084960938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.084969997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.085004091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.085972071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.086018085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.086035967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.086045980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.086078882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.086749077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.086817026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.086826086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.086882114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.087680101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.087726116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.087738037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.087749004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.087781906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.088754892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.088784933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.088794947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.088820934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.089549065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.089593887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.089595079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.089605093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.089644909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.090460062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.090528011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.090537071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.090574026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.091432095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.091475010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.091506958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.091520071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.091557980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.092322111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.092413902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.092425108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.092458963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.093229055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.093272924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.093339920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.093348026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.093385935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.094183922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.094263077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.094273090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.094300032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.095099926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.095144987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.095170021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.095180035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.095218897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.096148014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.096225977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.096235991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.096276045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.096966982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.097012043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.097038984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.097053051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.097091913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.097903967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.098189116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.098236084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.098268032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.098282099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.098318100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.099126101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.099206924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.099217892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.099253893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.100070953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.100126028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.100126028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.100136995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.100171089 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.100986004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.101070881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.101079941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.101119995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.101937056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.101980925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.101989985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.102000952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.102034092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.102852106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.102912903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.102922916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.102962017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.103779078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.103822947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.103883982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.103893995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.103929996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.104760885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.104855061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.104895115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.105015993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.105650902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.105703115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.105761051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.105770111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.105808973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.106581926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.106643915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.106658936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.106684923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.107495070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.107537031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.107563972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.107573986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.107613087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.108371973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.149925947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.268316031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.268327951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.268338919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.268389940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.268666983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.268714905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.268724918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.268775940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.268840075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.269599915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.269675016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.269690990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.269733906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.270539999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.270587921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.270621061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.270629883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.270670891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.271514893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.271573067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.271583080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.271606922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.272419930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.272466898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.272475004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.272484064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.272517920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.273309946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.273376942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.273386955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.273406029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.274259090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.274306059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.274322033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.274331093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.274363995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.275187969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.275248051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.275258064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.275284052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.276109934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.276158094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.276174068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.276185036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.276226044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.277024984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.277098894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.277110100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.277138948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.277951956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.278000116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.278032064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.278043985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.278075933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.278908968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.278980970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.278990030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.279016972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.279874086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.279917002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.279936075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.279947042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.279978991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.280745029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.280824900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.280833960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.280869007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.281681061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.281725883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.281796932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.281807899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.281848907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.282602072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.282663107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.282676935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.282705069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.283541918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.283586979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.283615112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.283624887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.283672094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.284497023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.284564018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.284574986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.284607887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.285420895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.285466909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.285543919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.285553932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.285593987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.286349058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.286413908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.286423922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.286447048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.287271976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.287301064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.287311077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.287327051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.287348032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.288187027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.288249016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.288259983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.288279057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.289102077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.289143085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.289215088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.289227962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.289264917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.290070057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.290379047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.290417910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.290442944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.290452957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.290492058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.291269064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.291358948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.291368961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.291398048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.292224884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.292270899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.292294979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.292304993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.292340040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.293133020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.293212891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.293224096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.293255091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.294092894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.294123888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.294137955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.294145107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.294186115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.294995070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.295068026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.295078039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.295103073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.295945883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.295994043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.296009064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.296017885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.296046019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.296855927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.296938896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.296950102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.296983004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.297801018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.297844887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.297911882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.297926903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.297967911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.298789024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.298856974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.298871040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.298899889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.299662113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.299717903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.299724102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.299727917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.299771070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.300566912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.353247881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.461833954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.461848021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.461915970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.461961031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.472608089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.472776890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.581255913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.581419945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.581476927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.592215061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.592328072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.592380047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.700874090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.700885057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.700895071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.701029062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.701365948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.701412916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.701438904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.701450109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.701486111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.702172995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.702235937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.702245951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.702280998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.703119040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.703138113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.703149080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.703165054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.703195095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.704051018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.704094887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.704104900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.704138994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.704993010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.705033064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.705059052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.705069065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.705102921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.705899954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.705979109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.705987930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.706017971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.706824064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.706871986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.706877947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.706888914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.706924915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.707860947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.707870960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.707880974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.707906961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.708679914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.708722115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.708801031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.708813906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.708857059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.709650993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.709661961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.709675074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.709702015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.710537910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.710583925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.710587025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.710598946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.710632086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.711461067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.711553097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.711579084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.711595058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.712404013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.712441921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.712467909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.712479115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.712517023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.713339090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.713371038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.713382006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.713418961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.714266062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.714315891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.714346886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.714889050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.714899063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.714936972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.715018034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.715061903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.715807915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.715879917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.715889931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.715924025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.716806889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.716816902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.716828108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.716855049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.716871023 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.717655897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.717704058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.717714071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.717741966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.718599081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.718638897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.718657017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.718667984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.718712091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.719521046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.719558001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.719568014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.719599009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.720426083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.720469952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.720494986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.720505953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.720539093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.721395016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.721447945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.721457958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.721493959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.722286940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.722332001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.722361088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.722372055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.722404957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.723273039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.723309994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.723323107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.723351955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.724153996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.724198103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.724222898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.724232912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.724275112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.725106955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.725148916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.725158930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.725187063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.726031065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.726083040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.726088047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.726098061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.726142883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.727019072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.727029085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.727039099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.727080107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.727869034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.727910042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.727936983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.727946997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.727988958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.728827953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.728904009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.728914976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.728940010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.729768991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.729814053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.729831934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.729842901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.729877949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.730648041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.730977058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.731017113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.731024027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.731034040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.731070995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.731929064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.731962919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.731973886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.732014894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.732851982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.732897997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.732916117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.732925892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.732960939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.733813047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.733860016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.733870029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.733897924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.734699965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.734741926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.734767914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.734778881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.734817982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.735636950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.735697031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.735707045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.735734940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.736630917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.736658096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.736668110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.736674070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.736709118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.737519979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.737567902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.737580061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.737613916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.738471031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.738482952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.738497019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.738514900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.738544941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.739360094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.739432096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.739444017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.739481926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.740263939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.740314960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.740339994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.740351915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.740387917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.741179943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.741265059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.741276026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.741307974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.742180109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.742229939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.742243052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.742247105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.742290020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.743052959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.743133068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.743144035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.743174076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.743966103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.744012117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.744040966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.744052887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.744091034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.744925022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.744981050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.744992971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.745023012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.745832920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.745879889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.745902061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.745913982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.745945930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.746783972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.747117996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.747143030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.747153997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.747162104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.747196913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.748069048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.748089075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.748100042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.748136044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.748964071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.749000072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.749023914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.749034882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.749073982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.749891043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.749939919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.749952078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.749977112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.750787020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.750830889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.750857115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.750866890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.750904083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.751744986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.751804113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.751817942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.751844883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.752671003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.752705097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.752720118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.752731085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.752752066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.753736019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.753746986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.753756046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.753781080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.754523993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.754561901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.754576921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.754586935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.754621029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.755465984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.755537033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.755548000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.755583048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.756382942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.756428003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.756449938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.756459951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.756493092 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.757384062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.757394075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.757404089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.757428885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.758249044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.758297920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.758307934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.758318901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.758352995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.759169102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.759222984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.759232044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.759284973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.760119915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.760155916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.760164022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.760170937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.760211945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.761037111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.761090040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.761100054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.761132956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.761950016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.761998892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.762006998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.762010098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.762043953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.762892008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.763190985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.763232946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.763240099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.806155920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.844937086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.845004082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.845016003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.845051050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.845458984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.845468998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.845479965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.845506907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.845546961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.846350908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.846425056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.846435070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.846467018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.847282887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.847331047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.847357988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.847368956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.847410917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.848190069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.848223925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.848233938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.848265886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.849179983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.849220991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.849224091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.849231005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.849272013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.850054979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.850111008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.850120068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.850153923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.850991964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.851031065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.851032972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.851041079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.851089001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.851914883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.851964951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.851974010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.852010012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.852839947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.852881908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.852902889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.852912903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.852956057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.853806019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.853848934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.853859901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.853885889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.854749918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.854760885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.854770899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.854799032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.854821920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.855638981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.855691910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.855701923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.855736017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.856601000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.856645107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.856646061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.856654882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.856693983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.857502937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.857559919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.857570887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.857600927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.858445883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.858489990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.858498096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.858508110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.858541965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.859419107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.859431028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.859440088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.859467030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.860296011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.860313892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.860323906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.860340118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.860362053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.861243010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.861260891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.861270905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.861310005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.862148046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.862195015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.862200022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.862210989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.862247944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.863071918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.863130093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.863141060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.863181114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.863996983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.864041090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.864061117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.864070892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.864104986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.864953995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.864972115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.864983082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.865019083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.865833998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.865878105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.866157055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.866209030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.866219044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.866256952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.867083073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.867127895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.867151976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.867161989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.867198944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.868118048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.868129015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.868139029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.868165016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.868997097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.869007111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.869016886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.869050026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.869079113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.869934082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.869952917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.869965076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.869991064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.870809078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.870851040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.870853901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.870861053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.870902061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.871877909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.871933937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.871944904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.871982098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.872840881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.872889042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.872898102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.872908115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.872941017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.873600006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.873660088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.873670101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.873697042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.874533892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.874578953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.874609947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.874620914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.874651909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.875483990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.875503063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.875513077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.875552893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.876368999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.876415014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.876442909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.876454115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.876490116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:38.877301931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:38.931194067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.037734032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.037745953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.037756920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.037904978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.037983894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.038028002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.038175106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.038233042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.038244009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.038275957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.039057016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.039098024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.039127111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.039139032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.039179087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.039989948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.040060997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.040071011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.040095091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.040843010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.040879011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.040895939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.040906906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.040944099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.041698933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.041749954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.041759968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.041785002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.042566061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.042604923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.042633057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.042646885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.042687893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.043452024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.043517113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.043525934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.043557882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.044367075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.044413090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.044421911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.044425011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.044456959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.045228004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.045268059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.045280933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.045308113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.046122074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.046139956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.046149015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.046164036 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.046191931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.046977043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.047034025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.047044039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.047069073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.047900915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.047910929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.047921896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.047930002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.047955990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.048753023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.048770905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.048780918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.048813105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.049623013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.049659014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.049685955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.049695015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.049735069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.050493956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.050571918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.050581932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.050611019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.051358938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.051398993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.051425934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.051435947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.051470995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.052264929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.052311897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.052321911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.052350998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.053131104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.053169012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.053200960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.053210974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.053245068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.054018974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.054065943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.054075003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.054100037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.054970980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.054980040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.054989100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.055008888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.055021048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.055780888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.055859089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.055867910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.055892944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.056655884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.056698084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.056947947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.056988955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.056999922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.057018995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.057838917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.057881117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.057940960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.057952881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.057986975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.058705091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.058774948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.058784008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.058809996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.059609890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.059648037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.059650898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.059665918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.059701920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.060458899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.060511112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.060522079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.060545921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.061389923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.061399937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.061410904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.061431885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.061458111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.062232018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.062290907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.062300920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.062330961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.063136101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.063153982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.063163996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.063172102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.063199997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.063993931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.064050913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.064059973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.064083099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.064892054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.064923048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.064929962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.064933062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.064970016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.065763950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.065823078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.065834999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.065859079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.066646099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.066684008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.066690922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.066701889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.066741943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.067559004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.067569017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.067578077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.067606926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.118733883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.242779970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.242790937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.242799997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.242959976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.243146896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.243195057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.243251085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.243261099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.243294001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.244004965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.244069099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.244079113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.244105101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.244889021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.244930983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.244956970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.244966984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.245006084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.245801926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.245856047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.245866060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.245894909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.246681929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.246723890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.246761084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.246772051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.246810913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.247509003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.247608900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.247617960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.247649908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.248411894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.248459101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.248485088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.248523951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.248555899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.249281883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.249372959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.249385118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.249408960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.250193119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.250232935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.250236034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.250247002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.250283957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.251060963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.251116991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.251127958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.251151085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.251935959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.251975060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.251993895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.252003908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.252042055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.252914906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.252923965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.252934933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.252960920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.253726006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.253763914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.253829002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.253839016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.253874063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.254642963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.254692078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.254700899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.254728079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.255450010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.255489111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.255518913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.255528927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.255568027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.256310940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.256406069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.256416082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.256443977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.257194042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.257234097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.257262945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.257273912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.257311106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.258100986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.258184910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.258194923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.258222103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.258989096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.259028912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.259057045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.259067059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.259097099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.259876013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.259912014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.259922981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.259946108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.260730028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.260766983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.260792971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.260802984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.260834932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.261615038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.261696100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.261707067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.261732101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.262505054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.262545109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.262568951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.262578964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.262614965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.263448954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.263483047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.263492107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.263520002 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.264254093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.264293909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.264373064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.264384031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.264415979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.265131950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.265207052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.265217066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.265239954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.266005993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.266046047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.266072989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.266083956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.266124010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.266892910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.267195940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.267230034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.267245054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.267255068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.267291069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.268084049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.268152952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.268162012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.268188000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.268948078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.268987894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.269037962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.269049883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.269087076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.269821882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.269886971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.269896030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.269922972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.270745993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.270786047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.270802975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.270812988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.270843983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.271624088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.271687031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.271696091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.271718979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.272491932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.272530079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.272548914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.272558928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.272593021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.273323059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.308619022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.434690952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.434811115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.434819937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.434849977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.434945107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.434956074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.434983969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.435725927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.435765028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.435792923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.435802937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.435843945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.436614990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.436686993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.436697960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.436728001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.437489033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.437545061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.437553883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.437594891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.438409090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.438456059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.438467026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.438493013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.439241886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.439284086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.439317942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.439330101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.439364910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.440104008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.440174103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.440184116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.440212011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.441008091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.441046953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.441090107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.441101074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.441131115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.441885948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.441972971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.441983938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.442009926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.442759037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.442796946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.442847013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.442857027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.442892075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.443628073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.443705082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.443716049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.443744898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.444578886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.444588900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.444600105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.444618940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.444641113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.445415020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.445508003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.445519924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.445544004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.446274042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.446330070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.446356058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.446367025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.446404934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.447107077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.447222948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.447232962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.447257996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.448039055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.448079109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.448116064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.448127031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.448159933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.448935032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.448978901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.448992014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.449012041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.449817896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.449858904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.449872017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.449882030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.449918985 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.450671911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.450731039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.450742006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.450768948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.451550007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.451585054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.451611042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.451622963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.451647043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.452481985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.452524900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.452534914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.452559948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.453308105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.453347921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.453373909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.453383923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.453419924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.454202890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.454277039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.454287052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.454309940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.455064058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.455105066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.455131054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.455141068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.455173969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.455996990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.456063032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.456073046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.456095934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.456923962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.456933975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.456943989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.456964016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.456974030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.457742929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.457825899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.457834959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.457859993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.458642960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.458682060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.458880901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.458957911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.458969116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.458986998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.459821939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.459857941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.459883928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.459893942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.459940910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.460674047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.460726023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.460735083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.460762024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.461594105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.461604118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.461620092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.461631060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.461657047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.462425947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.462498903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.462512970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.462536097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.463282108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.463329077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.463360071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.463370085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.463402987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.464194059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.464277029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.464287043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.464308977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.465039968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.465078115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.465137005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.509289026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.626986980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.627027988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.627038956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.627072096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.627352953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.627398014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.627430916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.627440929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.627471924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.628248930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.628372908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.628418922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.628784895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.628879070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.628890038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.628921032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.629656076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.629695892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.629724026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.629734039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.629777908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.630374908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.630455017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.630466938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.630495071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.631270885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.631316900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.631345034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.631355047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.631392956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.632136106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.632210016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.632224083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.632246017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.633007050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.633048058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.633078098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.633088112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.633130074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.633882046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.633975983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.633986950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.634011030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.634779930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.634819984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.634857893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.634867907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.634907007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.635657072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.635730028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.635740995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.635768890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.636512041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.636545897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.636576891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.636683941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.636727095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.637461901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.637521982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.637531042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.637554884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.638317108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.638356924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.638382912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.638490915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.638540983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.639220953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.639250040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.639260054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.639288902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.640069008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.640106916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.640158892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.640170097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.640208960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.640897989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.640991926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.641000986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.641024113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.641804934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.641853094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.641879082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.641890049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.641937971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.642719984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.642834902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.642851114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.642877102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.643580914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.643618107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.643645048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.643656015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.643692017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.644483089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.644526005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.644536018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.644557953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.645347118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.645389080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.645420074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.645430088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.645469904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.646193981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.646280050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.646291971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.646313906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.647093058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.647138119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.647164106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.647175074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.647212982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.647964001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.648036003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.648046017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.648076057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.648849964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.648889065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.648922920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.648935080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.648976088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.649692059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.649807930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.649817944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.649847984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.650582075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.650646925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.650888920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.650973082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.650984049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.651015043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.651788950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.651832104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.651860952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.651870966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.651902914 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.652662039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.652756929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.652765989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.652791977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.653532028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.653568983 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.653619051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.653634071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.653667927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.654421091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.654501915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.654515982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.654541016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.655297995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.655342102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.655360937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.655370951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.655396938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.656215906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.656286955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.656297922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.656327009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.657063007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.657103062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.657113075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.696787119 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.819102049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.819192886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.819202900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.819238901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.819415092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.819456100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.819484949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.819495916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.819533110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.820331097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.820389032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.820399046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.820421934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.821171045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.821213007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.821273088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.821291924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.821335077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.822052002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.822139025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.822149038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.822175026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.822910070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.822947979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.822990894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.823002100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.823044062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.823906898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.823918104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.823929071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.823951960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.824740887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.824778080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.824805975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.824816942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.824852943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.825544119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.825648069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.825656891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.825680017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.826457977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.826497078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.826543093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.826554060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.826591015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.827361107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.827405930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.827415943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.827439070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.828203917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.828242064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.828294992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.828310013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.828361988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.829092026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.829174995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.829184055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.829220057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.830002069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.830023050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.830034018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.830049992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.830071926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.830841064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.830946922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.830957890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.830981970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.831722021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.831762075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.831815958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.831825972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.831867933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.832653046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.832731009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.832766056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.832794905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.833509922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.833548069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.833573103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.833585024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.833621979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.834372044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.834465027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.834475994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.834501028 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.835256100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.835310936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.835338116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.835346937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.835388899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.836136103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.836211920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.836221933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.836250067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.837032080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.837071896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.837109089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.837120056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.837163925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.837898016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.838006973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.838016987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.838044882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.838831902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.838872910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.838885069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.838890076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.838927031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.839658976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.839735985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.839745998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.839770079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.840533018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.840578079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.840617895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.840627909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.840672970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.841423035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.841515064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.841525078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.841546059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.842291117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.842334986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.842361927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.842371941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.842415094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.843170881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.843468904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.843508959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.843533039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.843543053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.843589067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.844371080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.844450951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.844463110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.844496965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.845217943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.845259905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.845314980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.845324039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.845369101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.846086979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.846191883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.846201897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.846229076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.847168922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.847239971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.847270012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.847281933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.847330093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.847879887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.847955942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.847965956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.847987890 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.848737001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.848774910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.848850965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.848860979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.848905087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:39.849611998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:39.899926901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.011318922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.011367083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.011378050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.011423111 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.011672020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.011717081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.011920929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.012007952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.012017965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.012049913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.012761116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.012805939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.012825012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.012835979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.012871027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.013617039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.013690948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.013700962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.013736963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.014533043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.014580965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.014591932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.014606953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.014628887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.015379906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.015486002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.015495062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.015537024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.016273975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.016323090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.016349077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.016359091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.016393900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.017163992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.017282963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.017292976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.017326117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.018028021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.018074989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.018101931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.018111944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.018143892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.018889904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.018979073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.018990993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.019025087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.019793034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.019839048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.019876957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.019887924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.019931078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.020653963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.020747900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.020760059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.020793915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.021542072 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.021585941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.021648884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.021660089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.021693945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.022516966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.022623062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.022634029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.022670031 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.023338079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.023375034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.023386002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.023399115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.023428917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.024178028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.024266958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.024276018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.024318933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.025038004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.025077105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.025156975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.025167942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.025203943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.026036024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.026046991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.026056051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.026097059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.026844025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.026885986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.026894093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.026902914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.026941061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.027724028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.027802944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.027812958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.027834892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.028609037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.028661013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.028681993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.028692961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.028731108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.029493093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.029587030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.029599905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.029622078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.030344009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.030380964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.030433893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.030443907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.030484915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.031232119 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.031322956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.031332970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.031358957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.032123089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.032164097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.032202005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.032217979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.032254934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.032989979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.033076048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.033086061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.033109903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.033860922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.033901930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.033942938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.033952951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.033987999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.034790993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.035096884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.035132885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.035146952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.035157919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.035195112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.036077976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.036142111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.036153078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.036175966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.036818027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.036859989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.036890984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.036901951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.036952972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.037693024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.037779093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.037790060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.037817001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.038583994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.038624048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.038700104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.038711071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.038742065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.039464951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.039527893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.039539099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.039565086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.040421009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.040467978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.040482044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.040493011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.040534019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.041205883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.041287899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.041300058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.041327953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.087477922 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.203633070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.203717947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.203727961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.203779936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.203928947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.203974962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.204046965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.204171896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.204216957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.204814911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.204907894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.204919100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.204956055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.205692053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.205739021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.205775976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.205787897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.205821991 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.206614971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.206693888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.206705093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.206738949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.207492113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.207537889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.207577944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.207588911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.207632065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.208373070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.208452940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.208467960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.208497047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.209285975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.209321022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.209331989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.209345102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.209372997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.210108995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.210186958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.210196018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.210251093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.211132050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.211180925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.211200953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.211211920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.211251974 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.211862087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.211941004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.211955070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.211980104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.212758064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.212806940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.212833881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.212846041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.212882996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.213731050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.213799000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.213809013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.213865995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.214512110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.214597940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.214607954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.214648008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.215405941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.215502024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.215512037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.215548038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.216339111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.216371059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.216381073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.216381073 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.216414928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.217163086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.217242002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.217252970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.217283010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.218050957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.218091965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.218105078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.218113899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.218147993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.218907118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.219012022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.219022036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.219057083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.219786882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.219832897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.219867945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.219878912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.219930887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.220658064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.220742941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.220752954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.220787048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.221590996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.221636057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.221652985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.221666098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.221704006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.222475052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.222554922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.222599030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.222681046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.223354101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.223393917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.223409891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.223421097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.223457098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.224199057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.224276066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.224286079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.224320889 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.225081921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.225125074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.225152016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.225162029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.225195885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.225955963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.226046085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.226057053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.226092100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.226820946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.226870060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.227121115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.227205038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.227216005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.227243900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.228012085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.228075027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.228085041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.228127956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.228900909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.228969097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.228979111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.229015112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.229813099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.229846954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.229856968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.229875088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.229891062 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.230635881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.230730057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.230740070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.230763912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.231528997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.231574059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.231600046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.231611013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.231642962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.232464075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.232525110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.232534885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.232563019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.233287096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.233325005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.233366966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.233381987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.233424902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.234088898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.274921894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.395596981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.395678997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.395689964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.395734072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.395983934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.396028996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.396095037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.396109104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.396152020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.396845102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.396929979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.396940947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.396967888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.397793055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.397838116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.397838116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.397847891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.397886038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.398624897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.398713112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.398724079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.398760080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.399512053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.399558067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.399590969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.399604082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.399638891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.400396109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.400473118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.400484085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.400521994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.401241064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.401293039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.401316881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.401331902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.401376963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.402132034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.402228117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.402236938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.402272940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.403039932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.403089046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.403111935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.403121948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.403165102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.403897047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.403965950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.403976917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.404027939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.404772997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.404825926 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.404861927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.404871941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.404915094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.405674934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.405755043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.405764103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.405801058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.406531096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.406584978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.406609058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.406620026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.406660080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.407402039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.407490969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.407500029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.407536030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.408303976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.408380985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.408390999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.408421993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.408431053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.409173965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.409254074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.409264088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.409303904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.410051107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.410109997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.410126925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.410135984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.410181046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.410917997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.411026001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.411036015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.411073923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.411817074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.411907911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.411917925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.411983013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.412693977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.412770987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.412786007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.412820101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.413609982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.413660049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.413677931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.413687944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.413727045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.414454937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.414536953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.414547920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.414582968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.415355921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.415409088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.415462017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.415472031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.415540934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.416241884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.416346073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.416359901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.416389942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.417109013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.417155981 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.417186022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.417196035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.417256117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.418030977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.418049097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.418060064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.418096066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.418870926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.418920040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.419169903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.419245005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.419255018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.419301987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.420053005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.420141935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.420150995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.420186043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.420207977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.420912981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.421036005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.421046019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.421088934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.421793938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.421883106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.421891928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.421926975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.421941996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.422656059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.422750950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.422761917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.422801971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.423573971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.423638105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.423649073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.423683882 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.423700094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.424428940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.424525976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.424544096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.424578905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.425560951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.425635099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.425643921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.425684929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.426165104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.478045940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.587810040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.587867022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.587877035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.587920904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.588063955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.588110924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.588177919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.588587046 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.588634014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.588665009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.588675976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.588706017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.589464903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.589534044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.589544058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.589570999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.590193987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.590229034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.590240955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.590254068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.590281010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.591042042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.591113091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.591121912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.591156960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.591969967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.592020035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.592041969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.592051983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.592082977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.592813015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.592878103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.592886925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.592926025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.593688011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.593733072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.593760967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.593771935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.593807936 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.594553947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.594650984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.594661951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.594696999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.595499992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.595550060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.595572948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.595583916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.595624924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.596340895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.596404076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.596415043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.596450090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.597223997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.597275019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.597276926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.597287893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.597321033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.598090887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.598157883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.598166943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.598200083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.598992109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.599037886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.599066019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.599076986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.599116087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.599896908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.599966049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.600008965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.600039005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.600773096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.600806952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.600816011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.600816965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.600850105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.601658106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.601887941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.601897955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.601922035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.602490902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.602531910 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.602555037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.602567911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.602605104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.603384972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.603437901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.603449106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.603483915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.604258060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.604305029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.604331017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.604340076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.604372025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.605144978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.605175018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.605221033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.605278015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.606077909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.606121063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.606137037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.606148005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.606183052 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.606906891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.606961012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.607004881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.607060909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.607825994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.607836962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.607867956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.607934952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.607980013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.608659983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.608743906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.608753920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.608787060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.609575033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.609617949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.609622955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.609630108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.609664917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.610480070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.610493898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.610503912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.610529900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.611294031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.611336946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.611346960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.611363888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.611391068 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.612164974 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.612234116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.612243891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.612294912 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.613046885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.613096952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.613132000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.613142014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.613183022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.613940954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.614005089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.614015102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.614051104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.614810944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.614852905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.614887953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.614900112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.614937067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.615736961 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.616019964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.616063118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.616102934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.616112947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.616144896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.616887093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.616946936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.616956949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.616983891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.617789984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.617834091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.617921114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.665543079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.780076027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.780268908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.780278921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.780344009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.780483007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.780529022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.781864882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.781877995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.781888008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.781898022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.781908989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.781927109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.781966925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.782372952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.782659054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.782707930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.782985926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.783029079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.783174038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.783279896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.783328056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.783325911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.783967018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.784086943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.784096956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.784137011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.784924984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.785010099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.785053015 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.785341024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.785734892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.785837889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.785849094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.785868883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.785887003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.786613941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.786703110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.786712885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.786747932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.787518978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.787564993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.787566900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.787667990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.787713051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.788367987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.788467884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.788511992 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.788585901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.789268017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.789315939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.789316893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.789328098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.789366961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.790129900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.790292978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.790332079 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.790843964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.791009903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.791052103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.791078091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.791089058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.791127920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.791862011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.791932106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.791970968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.792041063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.792767048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.792808056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.792823076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.792834044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.792870998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.793648958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.793732882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.793742895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.793780088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.794492960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.794538021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.794576883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.794588089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.794624090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.795420885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.795521975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.795531988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.795568943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.796281099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.796327114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.796366930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.796379089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.796421051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.797202110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.797262907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.797271967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.797307968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.798068047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.798114061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.798127890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.798137903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.798171997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.798892975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.798975945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.798986912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.799015045 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.799776077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.799818039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.799856901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.799866915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.799906969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.800705910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.800724030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.800734997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.800771952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.801539898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.801585913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.801623106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.801632881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.801667929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.802439928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.802542925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.802553892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.802582979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.803339005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.803385019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.803432941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.803442955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.803477049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.804176092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.804260015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.804270983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.804307938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.805123091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.805157900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.805166960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.805169106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.805207014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.805963993 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.806025982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.806036949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.806071043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.806806087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.806904078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.806914091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.806953907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.807697058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.808028936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.808119059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.808120012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.808130026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.808177948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.809034109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.809129953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.809139967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.809174061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.809755087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.809809923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.809818983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.809915066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.809963942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.810610056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.853064060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.972508907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.972531080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.972543001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.972609997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.972635031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.972677946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.972755909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.972769022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.972805977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.973535061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.973624945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.973637104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.973685026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.974440098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.974488020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.974512100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.974591017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.974636078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.975339890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.975425959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.975478888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.975496054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.976244926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.976351976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.976362944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.976393938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.976418018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.977070093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.977163076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.977174044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.977206945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.977953911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.978023052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.978034973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.978063107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.978082895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.978840113 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.978895903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.978907108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.978949070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.979682922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.979773998 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.979787111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.979799986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.979839087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.980628967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.980691910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.980703115 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.980731964 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.981468916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.981513977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.981547117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.981558084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.981601000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.982376099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.982494116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.982505083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.982543945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.983254910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.983326912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.983339071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.983392954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.984138966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.984232903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.984242916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.984275103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.984991074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.985034943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.985053062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.985064030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.985109091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.985862017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.985919952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.985929966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.985970020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.986732960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.986820936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.986833096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.986865997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.986882925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.987622023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.987716913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.987730026 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.987762928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.988487959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.988560915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.988573074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.988600016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.988636017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.989389896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.989483118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.989494085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.989531040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.990380049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.990400076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.990411043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.990453005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.991125107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.991213083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.991225004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.991257906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.992058992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.992139101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.992150068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.992182970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.992214918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.993016005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.993051052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.993093014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.993145943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.993846893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.993869066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.993880033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.993911982 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.994757891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.994837999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.994848013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.994889975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.995620966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.995666981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.995667934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.995677948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.995726109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.996454954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.996488094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.996499062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.996526003 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.997308969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.997364044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.997380018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.997390032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.997426987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.998210907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.998313904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.998323917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.998364925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.999183893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.999227047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:40.999258041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.999340057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:40.999385118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.000108957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.000122070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.000133991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.000159979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.000879049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.000922918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.001277924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.001346111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.001357079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.001385927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.002058029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.002103090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.002119064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.002130032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.002157927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.002883911 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.056159973 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.164402962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.164450884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.164462090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.164514065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.164714098 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.164758921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.164895058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.164954901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.165010929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.165066957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.165780067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.165834904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.165841103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.165971041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.166013956 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.166656971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.166718006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.166728973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.166764975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.167530060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.167574883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.167599916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.167613029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.167653084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.168426037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.168521881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.168533087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.168561935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.169297934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.169342995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.169357061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.169368982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.169401884 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.170176029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.170264959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.170274973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.170303106 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.171060085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.171106100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.171120882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.171130896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.171165943 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.171941996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.172008991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.172019958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.172058105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.172887087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.172933102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.172955036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.172966957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.173001051 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.173713923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.173746109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.173757076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.173784018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.174711943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.174724102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.174736977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.174760103 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.174784899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.175456047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.175523043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.175533056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.175565004 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.176348925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.176389933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.176403999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.176414013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.176445961 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.177232027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.177289963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.177299976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.177328110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.178108931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.178154945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.178173065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.178184032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.178219080 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.178981066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.178998947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.179029942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.179188013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.179851055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.179893017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.179932117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.179944038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.179975033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.180777073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.180821896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.180833101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.180864096 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.181617022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.181665897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.181696892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.181713104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.181747913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.182496071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.182544947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.182554960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.182590008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.183384895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.183420897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.183453083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.183464050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.183492899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.184257030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.184334040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.184345007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.184381962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.185168028 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.185209990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.185219049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.185230017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.185259104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.185992002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.186080933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.186094999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.186130047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.186928988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.186973095 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.186995029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.187005043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.187038898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.187833071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.187874079 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.187884092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.187920094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.188649893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.188694954 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.188724995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.188735008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.188770056 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.189547062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.189618111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.189630032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.189666033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.190411091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.190453053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.190480947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.190490007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.190522909 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.191303968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.191359043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.191369057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.191415071 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.192214012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.192260027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.192504883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.192579031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.192589045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.192620993 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.193358898 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.193403959 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.193428040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.193439007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.193474054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.194263935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.194305897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.194319010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.194343090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.243685007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.363296032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.363394976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.363406897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.363461018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.363722086 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.363780022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.363812923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.363823891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.363862038 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.364630938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.364718914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.364729881 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.364764929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.365503073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.365552902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.365580082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.365590096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.365624905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.366359949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.366429090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.366472960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.366511106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.367243052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.367307901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.367332935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.367343903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.367379904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.368141890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.368218899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.368230104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.368268013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.369019032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.369064093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.369091988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.369102955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.369143009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.369901896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.369980097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.369990110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.370016098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.370785952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.370831966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.370857954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.370867968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.370902061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.371655941 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.371752977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.371762991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.371804953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.372570992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.372612000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.372642994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.372654915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.372690916 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.373442888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.373559952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.373570919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.373608112 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.374313116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.374357939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.374388933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.374399900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.374434948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.375180960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.375269890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.375281096 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.375315905 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.376063108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.376110077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.376142025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.376152992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.376188040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.376971960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.377010107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.377021074 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.377049923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.377827883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.377887011 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.377906084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.377917051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.377952099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.378689051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.378798962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.378809929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.378844976 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.379580975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.379625082 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.379662991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.379672050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.379704952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.380477905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.380546093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.380556107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.380588055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.381356955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.381397963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.381434917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.381450891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.381480932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.382324934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.382390976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.382400990 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.382436037 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.383105040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.383152008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.383409023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.383466959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.383479118 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.383514881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.384282112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.384324074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.384378910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.384392977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.384439945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.385159969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.385232925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.385242939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.385283947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.386034966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.386085033 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.386094093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.386104107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.386136055 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.386909962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.387022018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.387032986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.387063026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.387804031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.387846947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.387880087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.387890100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.387919903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.388706923 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.388777971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.388787031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.388818026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.389563084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.389606953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.389636040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.389647007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.389681101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.390430927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.390512943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.390522957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.390548944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.391339064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.391380072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.391412020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.391422987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.391454935 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.392196894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.392275095 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.392286062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.392326117 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.393085957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.393130064 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.393157959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.393168926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.393202066 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.393906116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.446818113 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.555449963 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.555527925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.555573940 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.555600882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.555721045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.555763960 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.555927038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.556051970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.556094885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.556130886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.556821108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.556869984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.556895971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.556906939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.556952953 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.557703972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.557756901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.557766914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.557791948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.558561087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.558600903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.558626890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.558640003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.558693886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.559441090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.559536934 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.559546947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.559582949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.560326099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.560368061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.560374022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.560384035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.560417891 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.561193943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.561266899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.561276913 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.561315060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.562104940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.562140942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.562149048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.562165022 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.562195063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.562958002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.563045025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.563055038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.563092947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.563875914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.563924074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.563951969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.563961983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.563996077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.564758062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.564821005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.564831018 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.564858913 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.565623999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.565664053 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.565690994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.565701962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.565742970 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.566488981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.566572905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.566581964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.566615105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.567383051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.567429066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.567434072 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.567440033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.567496061 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.568247080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.568331003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.568342924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.568401098 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.569139957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.569185019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.569205999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.569216967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.569257975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.570020914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.570096970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.570107937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.570153952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.570878029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.570929050 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.570945978 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.570955038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.570990086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.571803093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.571860075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.571871042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.571901083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.572668076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.572732925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.572742939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.572753906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.572791100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.573549032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.573625088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.573635101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.573668957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.574390888 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.574439049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.574472904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.574484110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.574527979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.575278044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.575608969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.575661898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.575673103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.575685024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.575728893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.576452017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.576566935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.576577902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.576644897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.577408075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.577456951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.577466011 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.577476025 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.577559948 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.578239918 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.578300953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.578310013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.578385115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.579108953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.579173088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.579200983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.579210997 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.579268932 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.579987049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.580051899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.580060959 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.580126047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.580858946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.580926895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.580943108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.580952883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.581021070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.581772089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.581846952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.581856012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.581907034 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.582657099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.582720041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.582746983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.582756996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.582860947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.583538055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.583578110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.583589077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.583668947 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.584408998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.584465981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.584475040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.584476948 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.584559917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.585262060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.585316896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.585328102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.585400105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.747792006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.747847080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.747858047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.747946024 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.748164892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.748229027 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.748236895 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.748239994 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.748325109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.749018908 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.749098063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.749109030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.749171019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.749973059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.750042915 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.750068903 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.750078917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.750171900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.750821114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.750880003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.750890017 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.750955105 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.751672029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.751744986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.751755953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.751765966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.751835108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.752542973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.752640009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.752650023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.752711058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.753418922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.753485918 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.753501892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.753514051 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.753623962 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.754331112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.754429102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.754440069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.754504919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.755191088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.755261898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.755295992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.755306005 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.755388021 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.756072044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.756160975 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.756170988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.756236076 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.757014036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.757050037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.757061958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.757107019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.757162094 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.757844925 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.757930040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.757939100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.758009911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.758724928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.758800030 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.758806944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.758810043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.758898020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.759617090 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.759694099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.759705067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.759768963 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.760462999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.760531902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.760560989 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.760571003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.760637999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.761351109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.761430979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.761440992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.761506081 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.762222052 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.762283087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.762310982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.762321949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.762391090 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.763123035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.763202906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.763214111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.763283968 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.764010906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.764070988 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.764074087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.764081001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.764170885 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.764884949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.764976025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.764986038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.765054941 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.765774012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.765835047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.765846968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.765856981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.765942097 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.766661882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.766721964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.766731977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.766757965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.767555952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.767623901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.767803907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.767909050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.767923117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.767946005 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.768681049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.768723965 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.768764019 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.768774986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.768820047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.769547939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.769670010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.769680977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.769711018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.770445108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.770495892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.770533085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.770545006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.770585060 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.771342039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.771395922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.771404982 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.771434069 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.772228956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.772274017 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.772329092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.772339106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.772377014 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.773113012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.773191929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.773202896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.773231030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.774010897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.774049997 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.774080992 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.774094105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.774138927 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.774893045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.774982929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.774992943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.775026083 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.775759935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.775805950 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.775834084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.775846958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.775887012 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.776664972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.776731968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.776742935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.776776075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.777585983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.777618885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.777628899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.777643919 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.777671099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.778328896 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.821806908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.947294950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.947388887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.947401047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.947482109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.947638035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.947709084 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.947726965 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.947740078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.947807074 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.948523998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.948585033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.948595047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.948631048 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.949383020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.949451923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.949479103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.949489117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.949563026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.950287104 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.950347900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.950356960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.950422049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.951150894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.951227903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.951236010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.951246977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.951316118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.952039957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.952116013 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.952126980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.952171087 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.952910900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.952975988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.953000069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.953011036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.953069925 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.953794003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.953872919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.953882933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.953947067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.954662085 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.954725027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.954734087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.954744101 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.954809904 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.955550909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.955645084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.955653906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.955710888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.956439972 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.956480980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.956517935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.956531048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.956567049 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.957381964 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.957392931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.957402945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.957429886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.958209991 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.958250046 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.958276987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.958287954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.958326101 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.959069967 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.959172010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.959182024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.959207058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.959959984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.960004091 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.960032940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.960042953 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.960078955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.960829973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.960915089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.960926056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.960968018 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.961718082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.961761951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.961795092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.961806059 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.961849928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.962601900 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.962696075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.962708950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.962733030 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.963480949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.963525057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.963596106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.963607073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.963649035 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.964358091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.964442968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.964453936 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.964476109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.965230942 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.965316057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.965327024 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.965344906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.965379000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.966141939 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.966202021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.966212034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.966240883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.967025042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.967078924 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.967309952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.967415094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.967427015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.967444897 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.968172073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.968214989 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.968229055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.968240976 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.968283892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.969048977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.969125986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.969136000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.969157934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.969952106 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.969990969 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.970017910 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.970029116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.970062971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.970818996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.970876932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.970887899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.970913887 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.971690893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.971739054 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.971770048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.971779108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.971821070 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.972568035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.972646952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.972657919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.972681999 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.973462105 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.973507881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.973562002 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.973572969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.973607063 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.974307060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.974392891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.974404097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.974438906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.975212097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.975255013 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.975291014 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.975301981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.975337029 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.976082087 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.976166010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.976176977 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.976267099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.976960897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.977009058 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.977047920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.977058887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:41.977108955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:41.977845907 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.024930000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.139550924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.139576912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.139589071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.139678001 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.139861107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.139905930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.139977932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.140419006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.140458107 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.140486956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.140501022 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.140538931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.141289949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.141352892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.141370058 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.141390085 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.142230034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.142270088 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.142330885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.142343044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.142390966 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.143057108 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.143130064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.143141985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.143172979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.143909931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.143951893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.143996954 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.144007921 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.144045115 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.144817114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.144859076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.144870996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.144895077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.145705938 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.145726919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.145736933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.145747900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.145776987 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.146603107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.146636009 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.146647930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.146672010 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.147473097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.147515059 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.147532940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.147545099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.147583008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.148344040 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.148360968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.148397923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.148483038 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.149216890 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.149256945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.149275064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.149286032 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.149324894 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.150105000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.150157928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.150170088 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.150194883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.150963068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.151001930 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.151029110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.151038885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.151076078 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.151845932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.151932001 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.151942015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.151962996 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.152720928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.152779102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.152802944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.152812958 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.152844906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.153604031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.153656006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.153667927 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.153692007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.154473066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.154511929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.154540062 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.154551029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.154587984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.155359983 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.155426979 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.155436039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.155476093 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.156229973 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.156270027 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.156330109 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.156341076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.156374931 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.157143116 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.157195091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.157208920 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.157236099 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.158020020 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.158055067 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.158082962 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.158094883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.158128977 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.158889055 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.159310102 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.159346104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.159369946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.159384966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.159415007 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.160068035 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.160135984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.160146952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.160168886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.160939932 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.160979986 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.161004066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.161015034 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.161041975 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.161815882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.161870956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.161880970 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.161906958 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.162733078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.162774086 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.162781000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.162796021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.162833929 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.163585901 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.163691998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.163701057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.163723946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.164464951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.164500952 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.164513111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.164530039 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.164566040 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.165368080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.165426016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.165436029 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.165460110 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.166274071 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.166290045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.166301012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.166321039 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.166338921 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.167119980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.167213917 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.167223930 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.167247057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.167989016 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.168034077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.168060064 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.168068886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.168102026 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.168868065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.168936968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.168946981 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.168970108 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.169738054 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.169778109 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.169806957 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.212426901 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.227866888 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.331948996 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.332017899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.332027912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.332092047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.332293987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.332335949 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.332364082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.332376003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.332407951 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.333123922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.333201885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.333211899 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.333237886 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.333998919 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.334043980 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.334080935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.334093094 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.334127903 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.334902048 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.334969044 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.334979057 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.335007906 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.335778952 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.335815907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.335912943 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.335922956 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.335948944 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.336671114 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.336752892 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.336762905 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.336786032 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.337546110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.337590933 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.337619066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.337630987 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.337666988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.338411093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.338500023 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.338512897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.338540077 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.339282036 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.339333057 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.339374065 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.339385986 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.339432955 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.340295076 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.340385914 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.340398073 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.340428114 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.341054916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.341094971 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.341182947 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.341195107 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.341242075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.341924906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.342005968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.342019081 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.342056990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.342871904 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.342914104 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.342941999 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.343009949 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.343056917 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.343736887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.343787909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.343800068 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.343827009 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.344573021 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.344613075 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.344650984 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.344664097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.344715118 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.345447063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.345532894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.345546007 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.345571041 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.346340895 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.346379042 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.346412897 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.346425056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.346467972 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.347218037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.347249031 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.347266912 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.347297907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.348113060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.348157883 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.348175049 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.348190069 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.348239899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.348949909 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.348995924 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.349009037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.349035978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.351385117 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351398945 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351413012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351423025 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351430893 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.351434946 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351444960 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351450920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.351491928 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.351613998 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351650000 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.351907015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351964951 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351974010 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.351999044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.352797985 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.352845907 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.352876902 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.352890015 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.352926016 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.353658915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.353748083 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.353758097 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.353781939 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.354546070 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.354583979 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.354612112 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.354621887 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.354661942 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.355457067 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.355503082 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.355514050 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.355535984 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.356333971 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.356368065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.356395006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.356404066 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.356451988 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.357198000 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.357291937 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.357309103 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.357327938 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.358073950 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.358115911 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.358144045 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.358155012 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.358198881 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.358978033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.359031916 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.359042883 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.359064102 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.359891891 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.359932899 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.359957933 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.359976053 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.360013008 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.360749006 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.360896111 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.360907078 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.360930920 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.361618042 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.361675978 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.361677885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.361689091 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.361723900 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.362565041 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.415549994 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.523953915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.523964882 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.524019957 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.524045944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.524120092 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.524131060 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.524161100 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.524880886 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.524931908 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.524966955 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.524976969 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.525027990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.525768995 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.525835037 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.525846004 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.525892019 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.526659966 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.526700020 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.526727915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.526737928 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.526768923 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.527534008 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.527609110 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.527618885 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.527646065 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.528456926 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.528497934 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.528523922 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.528534889 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.528573990 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.529290915 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.529372931 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.529382944 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.529418945 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.530183077 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.530226946 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.530258894 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.530270100 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.530299902 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.531059980 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.531140089 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.531151056 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.531174898 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.531949043 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.531985044 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.532046080 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.532057047 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.532085896 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.532820940 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.532882929 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.532932043 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.532947063 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.533727884 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.533768892 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.533804893 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.533816099 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.533848047 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.534586906 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.534666061 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.534676075 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.534706116 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.535501003 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.535573006 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.535593033 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.535602093 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.535634995 CET	49742	80	192.168.2.4	95.168.168.24
Dec 11, 2024 00:54:42.536333084 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.536422968 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.536433935 CET	80	49742	95.168.168.24	192.168.2.4
Dec 11, 2024 00:54:42.536457062 CET	49742	80	192.168.2.4	95.168.168.24

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 11, 2024 00:53:47.510417938 CET	192.168.2.4	1.1.1.1	0x9d61	Standard query (0)	dcr0eadbm64ph.cloudfront.net	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:00.483490944 CET	192.168.2.4	1.1.1.1	0xe29c	Standard query (0)	d1e9165hyidvf5.cloudfront.net	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:06.952157021 CET	192.168.2.4	1.1.1.1	0xdfc8	Standard query (0)	static.download.it	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:23.263897896 CET	192.168.2.4	1.1.1.1	0xba4b	Standard query (0)	dl.jalecdn.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:09.488162994 CET	192.168.2.4	1.1.1.1	0x33c6	Standard query (0)	d1e9165hyidvf5.cloudfront.net	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.215811968 CET	192.168.2.4	1.1.1.1	0x6269	Standard query (0)	analytics.apis.mcafee.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:29.968606949 CET	192.168.2.4	1.1.1.1	0x7376	Standard query (0)	localweatherfree.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:31.187305927 CET	192.168.2.4	1.1.1.1	0x6c11	Standard query (0)	sadownload.mcafee.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:40.672142029 CET	192.168.2.4	8.8.8.8	0x35ff	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:40.672554970 CET	192.168.2.4	1.1.1.1	0x182	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:44.427661896 CET	192.168.2.4	1.1.1.1	0x3803	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:44.427866936 CET	192.168.2.4	1.1.1.1	0x850e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 11, 2024 00:55:54.232245922 CET	192.168.2.4	1.1.1.1	0xb955	Standard query (0)	sadownload.mcafee.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:56:04.225337029 CET	192.168.2.4	1.1.1.1	0x4565	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:56:05.857997894 CET	192.168.2.4	1.1.1.1	0x4339	Standard query (0)	api.openweathermap.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 11, 2024 00:53:47.895040035 CET	1.1.1.1	192.168.2.4	0x9d61	No error (0)	dcr0eadbm64ph.cloudfront.net		18.165.213.23	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:53:47.895040035 CET	1.1.1.1	192.168.2.4	0x9d61	No error (0)	dcr0eadbm64ph.cloudfront.net		18.165.213.82	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:53:47.895040035 CET	1.1.1.1	192.168.2.4	0x9d61	No error (0)	dcr0eadbm64ph.cloudfront.net		18.165.213.147	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:53:47.895040035 CET	1.1.1.1	192.168.2.4	0x9d61	No error (0)	dcr0eadbm64ph.cloudfront.net		18.165.213.118	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:01.078706980 CET	1.1.1.1	192.168.2.4	0xe29c	No error (0)	d1e9165hyidvf5.cloudfront.net		65.9.108.35	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:01.078706980 CET	1.1.1.1	192.168.2.4	0xe29c	No error (0)	d1e9165hyidvf5.cloudfront.net		65.9.108.206	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:01.078706980 CET	1.1.1.1	192.168.2.4	0xe29c	No error (0)	d1e9165hyidvf5.cloudfront.net		65.9.108.41	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:01.078706980 CET	1.1.1.1	192.168.2.4	0xe29c	No error (0)	d1e9165hyidvf5.cloudfront.net		65.9.108.138	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:07.099770069 CET	1.1.1.1	192.168.2.4	0xdfc8	No error (0)	static.download.it		172.67.26.92	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:07.099770069 CET	1.1.1.1	192.168.2.4	0xdfc8	No error (0)	static.download.it		104.22.57.224	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:07.099770069 CET	1.1.1.1	192.168.2.4	0xdfc8	No error (0)	static.download.it		104.22.56.224	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:54:23.588476896 CET	1.1.1.1	192.168.2.4	0xba4b	No error (0)	dl.jalecdn.com		95.168.168.24	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:09.700299978 CET	1.1.1.1	192.168.2.4	0x33c6	No error (0)	d1e9165hyidvf5.cloudfront.net		18.161.108.175	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:09.700299978 CET	1.1.1.1	192.168.2.4	0x33c6	No error (0)	d1e9165hyidvf5.cloudfront.net		18.161.108.114	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:09.700299978 CET	1.1.1.1	192.168.2.4	0x33c6	No error (0)	d1e9165hyidvf5.cloudfront.net		18.161.108.63	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:09.700299978 CET	1.1.1.1	192.168.2.4	0x33c6	No error (0)	d1e9165hyidvf5.cloudfront.net		18.161.108.141	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	analytics.apis.mcafee.com	mosaic-nova.apis.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		54.200.239.173	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		54.188.145.168	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		35.80.123.228	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		52.36.198.144	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		44.234.203.229	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		52.40.75.238	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		35.162.223.47	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:26.423446894 CET	1.1.1.1	192.168.2.4	0x6269	No error (0)	mosaic-nova.apis.mcafee.com		44.235.4.242	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:30.209650993 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	localweatherfree.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:30.209650993 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	localweatherfree.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:30.209650993 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	localweatherfree.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:30.209650993 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	localweatherfree.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:30.209650993 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	localweatherfree.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:30.209650993 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	localweatherfree.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:30.209650993 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	localweatherfree.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:31.326994896 CET	1.1.1.1	192.168.2.4	0x6c11	No error (0)	sadownload.mcafee.com	sadownload-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 00:55:31.326994896 CET	1.1.1.1	192.168.2.4	0x6c11	No error (0)	sadownload-r53.awsconsumer.mcafee.com	sadownload.mcafee.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 00:55:40.808412075 CET	8.8.8.8	192.168.2.4	0x35ff	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:40.810489893 CET	1.1.1.1	192.168.2.4	0x182	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:44.564115047 CET	1.1.1.1	192.168.2.4	0x3803	No error (0)	www.google.com		216.58.208.228	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:55:44.564529896 CET	1.1.1.1	192.168.2.4	0x850e	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 11, 2024 00:55:54.454880953 CET	1.1.1.1	192.168.2.4	0xb955	No error (0)	sadownload.mcafee.com	sadownload-r53.awsconsumer.mcafee.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 00:55:54.454880953 CET	1.1.1.1	192.168.2.4	0xb955	No error (0)	sadownload-r53.awsconsumer.mcafee.com	sadownload.mcafee.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 00:56:04.365272999 CET	1.1.1.1	192.168.2.4	0x4565	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false
Dec 11, 2024 00:56:05.995414019 CET	1.1.1.1	192.168.2.4	0x4339	No error (0)	api.openweathermap.org	eu-api.openweathermap.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 11, 2024 00:56:05.995414019 CET	1.1.1.1	192.168.2.4	0x4339	No error (0)	eu-api.openweathermap.org		141.95.99.79	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	18.165.213.23	80	7436	C:\Windows\SysWOW64\wget.exe

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 00:53:48.022377968 CET	220	OUT	GET /IDCVt99WXiQU.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko Accept: / Accept-Encoding: identity Host: dcr0eadbm64ph.cloudfront.net Connection: Keep-Alive
Dec 11, 2024 00:53:49.845242977 CET	1236	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 2513624 Connection: keep-alive Access-Control-Allow-Origin: * Cache-Control: private, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0 Content-Disposition: attachment; filename="internet-explorer-7_8xx5-B1.exe"; filename*=UTF-8''internet-explorer-7_8xx5-B1.exe Content-Transfer-Encoding: binary Date: Tue, 10 Dec 2024 23:53:49 GMT Expires: Mon, 26 Jul 1997 05:00:00 GMT Pragma: public X-Cache: Miss from cloudfront Via: 1.1 b93a2a063e3f94fe345bc08072aed022.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-P1 X-Amz-Cf-Id: 1tCu0CCCym5EWfeHYW9S8qR4HHO5bMcr6tyLs_0uPNrDk2biL-dAxA== Age: 0 Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 18 f2 ec 63 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 52 0b 00 00 5e 01 00 00 00 00 00 ec 5e 0b 00 00 10 00 00 00 70 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 06 00 00 00 06 00 01 00 00 00 00 00 00 80 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win32$7PELcR^^p@Cg&@@@ p/&+`"T0.text9: `.itext
Dec 11, 2024 00:53:49.845285892 CET	1236	IN	Data Raw: 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 Data Ascii: P> `.data7p8V@.bssm.idata @.didata0@.edata@@@.tls
Dec 11, 2024 00:53:49.845300913 CET	1236	IN	Data Raw: 00 00 04 13 40 00 0c 0a 4f 6c 65 56 61 72 69 61 6e 74 02 00 00 00 18 13 40 00 13 06 54 43 6c 61 73 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 Data Ascii: @OleVariant@TClass@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right\|K&op_Inequality@@@Left@
Dec 11, 2024 00:53:49.845453024 CET	1236	IN	Data Raw: f4 ff f3 1a 40 00 43 00 f4 ff 2e 1b 40 00 43 00 f4 ff 74 1b 40 00 43 00 f4 ff b1 1b 40 00 42 00 f4 ff eb 1b 40 00 42 00 f4 ff 25 1c 40 00 42 00 f4 ff 6b 1c 40 00 43 00 f4 ff a9 1c 40 00 43 00 f4 ff da 1c 40 00 43 00 f4 ff 0d 1d 40 00 43 00 f4 ff Data Ascii: @C.@Ct@C@B@B%@Bk@C@C@C@CA@Jt@J@J@J-@J^@J@J@J@K2@J^@MTObject&\@Create@Self$\@Free@
Dec 11, 2024 00:53:49.845463991 CET	896	IN	Data Raw: 00 02 00 31 00 18 7c 4b 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 54 61 62 6c 65 03 00 18 15 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 33 00 ac 5e 40 00 08 55 6e 69 74 4e 61 6d 65 03 00 b8 12 40 00 08 00 02 00 00 00 00 00 00 Data Ascii: 1\|KGetInterfaceTable@Self3^@UnitName@Self@@4\|KUnitScope@Self@@3]@Equals@@Self@Obj+]@GetHashCode@@Se
Dec 11, 2024 00:53:49.845475912 CET	1236	IN	Data Raw: 54 43 75 73 74 6f 6d 41 74 74 72 69 62 75 74 65 08 20 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 a8 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 20 40 00 00 00 00 00 a8 20 40 00 00 00 00 00 ae 20 40 00 08 00 00 00 Data Ascii: TCustomAttribute @@System @ @ @ @@]@]@`@`@,`@0`@4`@(`@\@\@\@WeakAttribute @WeakAttribute @ @System@!@\!@@!@F!@@]@
Dec 11, 2024 00:53:49.845488071 CET	1236	IN	Data Raw: 57 61 69 74 51 75 65 75 65 02 00 f0 23 40 00 18 00 00 00 00 0a 46 51 75 65 75 65 4c 6f 63 6b 02 00 02 00 09 00 09 18 7c 4b 00 0c 53 65 74 53 70 69 6e 43 6f 75 6e 74 00 00 00 00 00 00 02 0a 88 1f 40 00 07 41 4f 62 6a 65 63 74 02 00 00 9c 10 40 00 Data Ascii: WaitQueue#@FQueueLock\|KSetSpinCount@AObject@ASpinCount\|KEnter@AObjecte@Enter@@AObject@Timeouthh@Exit@AObjectk@TryEnter@@
Dec 11, 2024 00:53:49.845499039 CET	1236	IN	Data Raw: 00 00 d4 29 40 00 14 08 50 56 61 72 69 61 6e 74 f0 12 40 00 02 00 e8 29 40 00 14 08 50 50 6f 69 6e 74 65 72 00 11 40 00 02 00 fc 29 40 00 04 09 54 44 61 74 65 54 69 6d 65 01 02 00 00 00 10 2a 40 00 04 05 54 44 61 74 65 01 02 00 00 00 20 2a 40 00 Data Ascii: )@PVariant@)@PPointer@)@TDateTime@TDate @TVarArrayBound@ElementCount@LowBoundt@TVarArrayBoundArray@@PVarArray@*@TVarArr
Dec 11, 2024 00:53:49.845904112 CET	1236	IN	Data Raw: 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e 74 65 72 66 61 63 65 07 74 6b 49 6e 74 36 34 0a 74 6b 44 79 6e 41 72 72 61 79 09 74 6b 55 53 74 72 69 6e 67 0a 74 6b 43 6c 61 73 73 52 65 66 09 74 6b 50 6f 69 6e 74 Data Ascii: rianttkArraytkRecordtkInterfacetkInt64tkDynArraytkUStringtkClassReftkPointertkProceduretkMRecordSystem/@TVarRec@VInteger@VBoolean0@VChar)@VExtended4)@VString
Dec 11, 2024 00:53:49.845916033 CET	1236	IN	Data Raw: 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d Data Ascii: entifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec@aExtended80\|KExponent@\|KFraction@\|
Dec 11, 2024 00:53:49.966141939 CET	1236	IN	Data Raw: 8b c0 ff 25 90 23 4c 00 8b c0 ff 25 40 24 4c 00 00 00 41 6e 20 75 6e 65 78 70 65 63 74 65 64 20 6d 65 6d 6f 72 79 20 6c 65 61 6b 20 68 61 73 20 6f 63 63 75 72 72 65 64 2e 20 00 00 00 00 54 68 65 20 75 6e 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c Data Ascii: %#L%@$LAn unexpected memory leak has occurred. The unexpected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory Leak

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	95.168.168.24	80	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 00:54:23.710481882 CET	120	OUT	GET /US/internet-explorer-7.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.2.2 Host: dl.jalecdn.com
Dec 11, 2024 00:54:24.954541922 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 10 Dec 2024 23:54:24 GMT Content-Type: application/octet-stream Content-Length: 29662072 Last-Modified: Thu, 14 Nov 2019 13:25:07 GMT Connection: keep-alive ETag: "5dcd55b3-1c49b78" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 0f bd 8e f5 4b dc e0 a6 4b dc e0 a6 4b dc e0 a6 c8 d4 bd a6 44 dc e0 a6 4b dc e1 a6 27 dc e0 a6 c5 d4 bf a6 5f dc e0 a6 c8 d4 be a6 4a dc e0 a6 c8 d4 ba a6 4a dc e0 a6 52 69 63 68 4b dc e0 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e5 80 c1 42 00 00 00 00 00 00 00 00 e0 00 0f 0d 0b 01 07 0a 00 7a 00 00 00 1c 01 00 00 00 00 00 45 5a 00 00 00 20 00 00 00 a0 00 00 00 00 00 01 00 20 00 00 00 02 00 00 05 00 02 00 05 00 02 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 04 00 00 67 99 c5 01 02 00 00 84 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 8f [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$KKKDK'_JJRichKPELBzEZ g vx%! .texty z `.data~@.rsrc@@
Dec 11, 2024 00:54:24.954585075 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 97 00 00 56 97 00 00 3c 97 00 00 90 97 00 00 ac 97 00 00 c2 97 00 00 d4 97 00 00 ec 97 00 00 08 98 00 00 1e 98 00 Data Ascii: \|V<.fv.:B\v2HZd\|
Dec 11, 2024 00:54:24.954596996 CET	1236	IN	Data Raw: 00 00 00 2e 25 30 33 75 00 00 00 2e 73 79 73 00 00 00 00 44 65 63 72 79 70 74 46 69 6c 65 41 00 00 00 00 72 75 6e 00 63 6f 6d 6d 61 6e 64 00 64 65 6c 65 74 65 00 00 76 65 72 69 66 79 00 00 63 6f 70 79 00 00 00 00 5c 2e 2e 5c 00 00 00 00 64 65 6c Data Ascii: .%03u.sysDecryptFileAruncommanddeleteverifycopy\..\deltastemp\ext%02x%sramdiskharddisk_sfx_manifest_cdtag.1_SFX_CAB_EXE_PARAMETERS_SFX_CAB_EXE_PACKAGE_SFX_CAB_EXE_PATHUnhandledExceptionFi
Dec 11, 2024 00:54:24.954809904 CET	1236	IN	Data Raw: 68 38 22 00 01 57 ff d6 85 c0 89 45 88 74 64 53 68 24 22 00 01 57 ff d6 8b d8 85 db 74 54 68 08 22 00 01 57 ff d6 85 c0 89 45 98 74 45 8d 45 94 50 6a 00 ff d3 85 c0 75 39 83 7d 94 13 75 33 50 ff 55 8c 8b f0 85 f6 74 29 8d 45 80 50 8d 45 84 50 8d Data Ascii: h8"WEtdSh$"WtTh"WEtEEPju9}u3PUt)EPEPEPEPPVUuEEVU[W,!^_E]4U((S]VWd"}fEEE?:\P]@ HHtHt\t3Sj_N3VVjVjhEP]
Dec 11, 2024 00:54:24.954821110 CET	1236	IN	Data Raw: 0a 88 0e 46 40 8a 08 84 c9 75 ec 33 c0 c6 06 00 40 5e c2 04 00 33 c9 6a 08 8b c1 5a a8 01 74 09 d1 e8 35 20 83 b8 ed eb 02 d1 e8 4a 75 ee 89 04 8d a0 a1 00 01 41 81 f9 00 01 00 00 72 d9 c3 8b 54 24 0c 85 d2 8b 44 24 04 8b 4c 24 08 74 1a 56 57 0f Data Ascii: F@u3@^3jZt5 JuArT$D$L$tVW133AJu_^Ul$(S3ShjSjhu\|Ep< hAVW=L!SM\|QVxQP9u\|fxMZu@SSuhH!
Dec 11, 2024 00:54:24.954843998 CET	1236	IN	Data Raw: 74 24 0c e8 1f ff ff ff a1 24 ad 00 01 33 db 43 83 f8 ff 74 0a 50 ff d6 83 0d 24 ad 00 01 ff 5e 8b c3 5b c2 04 00 55 8b ec 83 ec 10 8b 45 08 99 89 45 f4 8b 45 0c 56 33 f6 2b c6 c7 45 f0 01 00 00 00 89 55 f8 74 08 48 75 65 21 75 fc eb 07 c7 45 fc Data Ascii: t$$3CtP$^[UEEEV3+EUtHue!uEEPj(j!}h"A;}Ett0PuEVPju!u\|!3@!3^UQV39utSEPj(j!}h"5VVVuVu!\|
Dec 11, 2024 00:54:24.954859972 CET	1236	IN	Data Raw: fd ff ff 50 53 6a 13 e8 46 fb ff ff 85 c0 75 11 68 1c 24 00 01 e8 c5 fa ff ff 33 c0 e9 a1 01 00 00 68 0c 24 00 01 ff 15 24 21 00 01 3b c3 89 85 b4 fd ff ff 74 12 68 f0 23 00 01 50 ff 15 28 21 00 01 89 85 b8 fd ff ff 53 ff 35 04 ac 00 01 ff 15 94 Data Ascii: PSjFuh$3h$$!;th#P(!S5 u3F1W=<!9tu\|ulupSuxSulupSSS ;=[t!=tuh5 u3FPh#hP
Dec 11, 2024 00:54:24.955092907 CET	1236	IN	Data Raw: ff ff 89 bd e4 fd ff ff ff 15 5c 21 00 01 3b c3 74 25 8d 8d f8 fe ff ff 51 50 ff 15 60 21 00 01 85 c0 74 13 8d 85 f8 fe ff ff 50 53 6a 0c 6a 6c 56 ff 15 6c 21 00 01 53 53 6a 28 56 ff 15 70 21 00 01 8b c7 5f e9 97 00 00 00 8d 85 f8 fe ff ff 50 68 Data Ascii: \!;t%QP`!tPSjjlVl!SSj(Vp!_Phjjlul!PP\hPh 5\\|!P3Sjup!5l!PSjjguh`Sjjluju!3@M^[ S
Dec 11, 2024 00:54:24.955226898 CET	1224	IN	Data Raw: d3 83 c4 0c 85 c0 75 1a 8a 45 03 3c 20 74 04 84 c0 75 57 33 c0 40 a3 94 a1 00 01 a3 c0 b0 01 01 eb 48 8a 47 03 eb e4 6a 07 68 88 24 00 01 56 ff d3 83 c4 0c 85 c0 75 32 8a 47 09 3c 20 74 04 84 c0 75 27 c7 05 c0 b0 01 01 01 00 00 00 eb 1b 6a 09 68 Data Ascii: uE< tuW3@HGjh$Vu2G< tu'jh\|$VuL$G\|$_^][VjYt$FD$0^D$SVt$3W+@uj.V!YYtRh$W!YYu@3C3
Dec 11, 2024 00:54:24.955240965 CET	1236	IN	Data Raw: 01 fe ff ff 68 e8 24 00 01 ff b5 cc 07 00 00 e8 b9 16 00 00 3b c3 89 45 84 bf 00 ab 00 01 0f 84 9c 01 00 00 8b 35 b8 20 00 01 68 e8 03 00 00 8d 85 cc 00 00 00 50 53 ff 75 84 89 5d 88 e8 84 15 00 00 85 c0 0f 84 58 01 00 00 39 1d 94 a1 00 01 75 18 Data Ascii: h$;E5 hPSu]X9uPSjjh5l!PPh`hPju.PPh`h$P!YYSSPPh
Dec 11, 2024 00:54:25.074131012 CET	1236	IN	Data Raw: 22 00 01 74 67 68 e8 03 00 00 8d 8d cc 00 00 00 51 50 e8 a3 11 00 00 85 c0 74 51 8d 85 cc 00 00 00 6a 3d 50 ff 15 90 21 00 01 3b c3 59 59 a3 5c ad 00 01 0f 84 c2 00 00 00 eb 05 80 f9 20 7f 0c 40 a3 5c ad 00 01 8a 08 3a cb 75 ef 50 89 3d ec aa 00 Data Ascii: "tghQPtQj=P!;YY\ @\:uP=Z\`h$V;tzhQjP]tbPPPh`P\j\P!;YYtP

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.4	49948	208.95.112.1	80

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 00:56:04.525286913 CET	272	OUT	GET /json/ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Host: ip-api.com Connection: Keep-Alive
Dec 11, 2024 00:56:05.632586002 CET	483	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:56:05 GMT Content-Type: application/json; charset=utf-8 Content-Length: 306 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 7d Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.175"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.4	49954	141.95.99.79	80

Timestamp	Bytes transferred	Direction	Data
Dec 11, 2024 00:56:06.115502119 CET	155	OUT	GET /data/2.5/weather?zip=10123,us&units=imperial&appid=70297443c6fd8391e3fc4b7b0d344ae5 HTTP/1.1 Host: api.openweathermap.org Connection: Keep-Alive
Dec 11, 2024 00:56:07.390495062 CET	835	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 10 Dec 2024 23:56:07 GMT Content-Type: application/json; charset=utf-8 Content-Length: 495 Connection: keep-alive X-Cache-Key: /data/2.5/weather?units=imperial&zip=10123,us Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST Data Raw: 7b 22 63 6f 6f 72 64 22 3a 7b 22 6c 6f 6e 22 3a 2d 37 33 2e 39 39 30 35 2c 22 6c 61 74 22 3a 34 30 2e 37 35 31 35 7d 2c 22 77 65 61 74 68 65 72 22 3a 5b 7b 22 69 64 22 3a 37 30 31 2c 22 6d 61 69 6e 22 3a 22 4d 69 73 74 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 6d 69 73 74 22 2c 22 69 63 6f 6e 22 3a 22 35 30 6e 22 7d 5d 2c 22 62 61 73 65 22 3a 22 73 74 61 74 69 6f 6e 73 22 2c 22 6d 61 69 6e 22 3a 7b 22 74 65 6d 70 22 3a 34 37 2e 33 32 2c 22 66 65 65 6c 73 5f 6c 69 6b 65 22 3a 34 32 2e 35 38 2c 22 74 65 6d 70 5f 6d 69 6e 22 3a 34 34 2e 34 39 2c 22 74 65 6d 70 5f 6d 61 78 22 3a 34 39 2e 39 38 2c 22 70 72 65 73 73 75 72 65 22 3a 31 30 31 37 2c 22 68 75 6d 69 64 69 74 79 22 3a 39 34 2c 22 73 65 61 5f 6c 65 76 65 6c 22 3a 31 30 31 37 2c 22 67 72 6e 64 5f 6c 65 76 65 6c 22 3a 31 30 31 35 7d 2c 22 76 69 73 69 62 69 6c 69 74 79 22 3a 36 34 33 37 2c 22 77 69 6e 64 22 3a 7b 22 73 70 65 65 64 22 3a 31 30 2e 33 36 2c 22 64 65 67 22 3a 33 30 7d 2c 22 63 6c 6f 75 64 73 22 3a 7b 22 61 6c 6c 22 3a 31 30 30 [TRUNCATED] Data Ascii: {"coord":{"lon":-73.9905,"lat":40.7515},"weather":[{"id":701,"main":"Mist","description":"mist","icon":"50n"}],"base":"stations","main":{"temp":47.32,"feels_like":42.58,"temp_min":44.49,"temp_max":49.98,"pressure":1017,"humidity":94,"sea_level":1017,"grnd_level":1015},"visibility":6437,"wind":{"speed":10.36,"deg":30},"clouds":{"all":100},"dt":1733874967,"sys":{"type":2,"id":2083229,"country":"US","sunrise":1733832582,"sunset":1733866113},"timezone":-18000,"id":0,"name":"New York","cod":200}

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	65.9.108.35	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:54:02 UTC	233	OUT	POST /o HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 146 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:54:02 UTC	146	OUT	Data Raw: 7b 22 70 72 76 22 3a 20 22 30 2e 31 22 2c 22 70 6c 76 22 3a 20 22 32 2e 34 30 2e 30 2e 38 38 36 36 22 2c 22 6c 22 3a 20 22 65 6e 22 2c 22 61 22 3a 20 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 22 2c 22 69 22 3a 20 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 22 2c 22 73 22 3a 20 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5f 5a 42 22 2c 22 75 22 3a 20 22 38 78 78 35 2d 42 31 22 2c 22 6f 22 3a 20 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 22 7d Data Ascii: {"prv": "0.1","plv": "2.40.0.8866","l": "en","a": "IMDownloader","i": "IMDownloader","s": "IMDownloader_ZB","u": "8xx5-B1","o": "10.0.19045.2006"}
2024-12-10 23:54:04 UTC	488	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 9308 Connection: close Server: awselb/2.0 Date: Tue, 10 Dec 2024 23:54:03 GMT cache-control: no-cache x-true-request-id: 2d08b547-d8cd-4f38-80bf-b173b55ef552 x-robots-tag: none expires: Thu, 01 Jan 1970 00:00:00 GMT X-Cache: Miss from cloudfront Via: 1.1 5482351e8bcb93be701264b475dd3018.cloudfront.net (CloudFront) X-Amz-Cf-Pop: TLV50-C2 X-Amz-Cf-Id: wI5IWMc-8NZZSVFFCFBvEKssAdeXZOpz3ljjk8kaF8TeLShDzXhF5g==
2024-12-10 23:54:04 UTC	7896	IN	Data Raw: 7b 22 76 22 3a 22 30 2e 31 22 2c 22 6c 22 3a 22 55 53 22 2c 22 69 22 3a 7b 22 63 75 22 3a 22 68 74 74 70 3a 2f 2f 64 6c 2e 6a 61 6c 65 63 64 6e 2e 63 6f 6d 2f 55 53 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 65 72 2d 37 2e 65 78 65 22 2c 22 63 74 22 3a 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 37 22 2c 22 63 70 22 3a 22 68 74 74 70 73 3a 2f 2f 63 61 73 73 69 6e 69 6c 61 62 73 2e 63 6f 6d 2f 70 72 69 76 61 63 79 2d 70 6f 6c 69 63 79 2f 22 2c 22 63 74 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 61 73 73 69 6e 69 6c 61 62 73 2e 63 6f 6d 2f 70 72 69 76 61 63 79 2d 70 6f 6c 69 63 79 2f 22 2c 22 63 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 64 6f 77 6e 6c 6f 61 64 2e 69 74 2f 67 65 6e 2f 69 6e 74 65 72 6e 65 74 2d 65 78 70 6c 6f 72 Data Ascii: {"v":"0.1","l":"US","i":{"cu":"http://dl.jalecdn.com/US/internet-explorer-7.exe","ct":"Internet Explorer 7","cp":"https://cassinilabs.com/privacy-policy/","ctu":"https://cassinilabs.com/privacy-policy/","cl":"https://static.download.it/gen/internet-explor
2024-12-10 23:54:04 UTC	1412	IN	Data Raw: 45 44 33 46 38 33 2d 34 42 44 43 2d 34 63 34 34 2d 38 45 43 36 2d 36 41 38 33 30 31 43 37 34 31 33 41 7d 22 2c 22 4d 63 41 66 65 65 5c 5c 53 69 74 65 41 64 76 69 73 6f 72 22 2c 22 4d 63 41 66 65 65 5c 5c 57 65 62 41 64 76 69 73 6f 72 22 2c 22 4d 69 63 72 6f 73 6f 66 74 5c 5c 57 69 6e 64 6f 77 73 5c 5c 43 75 72 72 65 6e 74 56 65 72 73 69 6f 6e 5c 5c 55 6e 69 6e 73 74 61 6c 6c 5c 5c 4d 63 41 66 65 65 20 53 65 63 75 72 69 74 79 20 53 63 61 6e 22 5d 2c 22 72 76 64 22 3a 5b 22 48 4b 4c 4d 5c 5c 53 59 53 54 45 4d 5c 5c 43 75 72 72 65 6e 74 43 6f 6e 74 72 6f 6c 53 65 74 5c 5c 43 6f 6e 74 72 6f 6c 5c 5c 53 65 73 73 69 6f 6e 20 4d 61 6e 61 67 65 72 5c 5c 45 6e 76 69 72 6f 6e 6d 65 6e 74 5c 5c 50 52 4f 43 45 53 53 4f 52 5f 41 52 43 48 49 54 45 43 54 55 52 45 5c 5c Data Ascii: ED3F83-4BDC-4c44-8EC6-6A8301C7413A}","McAfee\\SiteAdvisor","McAfee\\WebAdvisor","Microsoft\\Windows\\CurrentVersion\\Uninstall\\McAfee Security Scan"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	65.9.108.35	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:54:05 UTC	326	OUT	POST /zbd HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / Authorization: Signature=2aba9acf582fdedfe6ed78f4f17b63558785b889affa71089930eba82621fbf0 User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 299 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:54:05 UTC	299	OUT	Data Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 31 30 31 38 35 35 30 33 5c 22 2c 5c 22 33 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 34 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 35 5c 22 3a 5c 22 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 4e 4f 43 48 78 4e 65 77 33 30 4d 61 79 32 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 66 6f 72 75 6d 65 72 2d 65 6e 5c 22 2c 5c 22 36 5c 22 3a 5c 22 31 5c 22 2c 5c 22 37 5c 22 3a 5c 22 32 2e Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241210185503\",\"3\":\"IMDownloader\",\"4\":\"IMDownloader\",\"5\":\"\",\"18\":\"\",\"19\":\"NOCHxNew30May2\",\"21\":\"forumer-en\",\"6\":\"1\",\"7\":\"2.
2024-12-10 23:54:06 UTC	427	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 15 Connection: close Date: Tue, 10 Dec 2024 23:54:06 GMT Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE Access-Control-Allow-Origin: * X-Cache: Miss from cloudfront Via: 1.1 2a994b8edf93bc10a85b87c61c9f0846.cloudfront.net (CloudFront) X-Amz-Cf-Pop: TLV50-C2 X-Amz-Cf-Id: wOMf7b_l2xcUYggJtWiDDDh3vlhNH2aDMDq-4dXTvrO0Tos1Q05hKQ==
2024-12-10 23:54:06 UTC	15	IN	Data Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d Data Ascii: {"Status":"OK"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49735	172.67.26.92	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:54:08 UTC	133	OUT	GET /gen/internet-explorer-7-100x100.png HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.2.2 Host: static.download.it
2024-12-10 23:54:08 UTC	774	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:54:08 GMT Content-Type: image/png Content-Length: 16730 Connection: close Access-Control-Allow-Origin: * Cache-Control: max-age=63072000 Cf-Bgj: imgq:85,h2pri Cf-Polished: origSize=18237 ETag: "473d-623751c335827" Expires: Thu, 19 Nov 2026 17:02:27 GMT Last-Modified: Wed, 02 Oct 2024 02:22:31 GMT Vary: Accept CF-Cache-Status: HIT Age: 22352 Accept-Ranges: bytes Set-Cookie: __cf_bm=SH_Qpgb3EXJblt5xl8Q0P.mLEAMJOU1Rl.av4Yei1do-1733874848-1.0.1.1-lJ.qRh6vUVsdeUTXaT_QdB1FziqgGHJEd4Gwy6g9dIgNW9PAiH8_iPZJFUgWdx7ZCC2DjibF8_z8xs23fVo..g; path=/; expires=Wed, 11-Dec-24 00:24:08 GMT; domain=.download.it; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8f01288bbb8b9e02-EWR alt-svc: h3=":443"; ma=86400
2024-12-10 23:54:08 UTC	595	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 64 00 00 00 64 08 06 00 00 00 70 e2 95 54 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 40 e5 49 44 41 54 78 da ec 9a 09 94 5c d7 59 e7 7f df 7d 4b 2d 5d ad de 25 75 6b 97 25 79 8d 2d ef 96 1c 61 c7 9b 8c e3 d8 09 4e 08 61 cb 61 60 32 13 92 81 01 02 26 30 61 60 48 02 87 3d c3 19 06 b0 c9 30 93 40 02 21 24 24 c6 89 b1 63 62 3b b6 e3 45 b6 6c c9 96 ac d5 da 5a ea bd ab ba bb aa de 72 ef 37 af 5e 95 5b d8 e7 c0 90 44 59 98 93 4f fa 9d ff 55 a9 8f 4e f5 fb f5 ff de 7a 55 12 3d f0 66 be 3b ff aa 11 44 c8 59 22 74 46 33 98 3a be 41 bc 20 f4 ba 96 ae 2e 0a 26 a4 29 25 Data Ascii: PNGIHDRddpTgAMAa cHRMz&u0`:pQ<@IDATx\Y}K-]%uk%y-aNaa`2&0a`H=0@!$$cb;ElZr7^[DYOUNzU=f;DY"tF3:A .&)%
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 88 48 53 b3 90 48 30 9e 4a 61 34 35 de 5e 27 b2 47 54 0f 23 fe 44 cd 2e 99 b7 96 ac 32 35 29 b2 50 f0 7d e9 05 6f a3 60 b7 fa b6 79 b5 71 e9 06 4f d3 77 55 92 6a f7 55 93 5f f8 dd fb 82 5f 3c f4 5d 21 e1 32 c9 b3 d4 0b b5 63 30 b9 b7 1b 2f 5c 43 65 f8 4a c4 dd a4 cd b9 0b 99 1f 1b 76 d5 b1 6e ad 4e 8a 2e cc 61 e3 24 4d 9c 3f 99 48 78 30 0e 8b 4f 27 04 4f 24 78 7b 53 f5 26 63 8a d5 29 6f d5 02 60 79 cd c4 43 2b a5 3b 3a f5 d5 4a 74 f2 8b e5 78 62 4b 29 99 fe 71 cf c5 db 02 db 7c 7b 25 99 3d b8 55 ff f6 cf a4 72 f6 95 fc 7f 36 92 0d 88 41 b3 54 25 43 16 5f c5 3c f8 3f 47 04 d0 2b cf ee 15 54 c0 5a 48 12 41 5d 37 62 36 11 84 d7 29 6e 3b 8d 99 b3 99 39 36 a4 b3 c7 03 ad 57 d1 b8 a1 ce 69 94 3a 7f 34 72 e1 ce a6 2b fe 43 44 e1 c9 ba 96 46 ab f4 cc 7c ce fb be Data Ascii: HSH0Ja45^'GT#D.25)P}o`yqOwUjU__<]!2c0/\CeJvnN.a$M?Hx0O'O$x{S&c)o`yC+;:JtxbK)q\|{%=Ur6AT%C_<?G+TZHA]7b6)n;96Wi:4r+CDF\|
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 9a cd 08 23 82 31 82 d7 42 0c a2 1e 95 c2 38 fd fe e3 74 9f fc 1c 66 f4 59 68 ce 83 51 f0 3d d4 5a 24 a3 56 ba 98 7d 4b df c7 a9 ca 2d 94 fd 2e ae 5f a7 6c d9 fe 46 26 46 5f 36 2f 3d f3 64 ef 63 0f 7e a9 f7 f9 dd 2f ae 6f cc 8d 5f 19 2e 19 78 ab 1f d5 1e 9a ab 97 ef 95 ee 81 e7 b5 7b 60 8a f1 43 aa 7e 20 f8 85 af 4b 4c 97 6f f3 0c 0a 49 31 b0 52 84 e0 a8 74 ad bb 9c 6f e1 48 d7 79 b7 51 db f1 bf f1 96 ac c0 b9 38 d4 66 6d 8d 8b 16 de a4 36 fe 3e 8d 9b e7 d8 a8 d1 bb 6c 78 b9 d9 72 fd 76 2e fb 9e eb 58 be 72 35 c5 96 04 23 a7 f1 4c 8e f7 0a a6 85 20 c6 c3 53 cb 60 f9 08 cb cd 03 94 8e ff 03 32 7d 0c b0 20 16 d5 14 5c 0c d6 32 d1 bd 9d 17 97 fd 12 d3 c1 a5 98 96 20 97 e0 d4 21 a2 20 82 aa 32 5f 9d 61 cf ce a7 78 f8 0b 9f e7 b9 67 77 d2 b4 cc 87 e5 ee c3 a6 Data Ascii: #1B8tfYhQ=Z$V}K-._lF&F_6/=dc~/o_.x{`C~ KLoI1RtoHyQ8fm6>lxrv.Xr5#L S`2} \2 ! 2_axgw
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 49 52 47 6c 95 c4 b9 0c da 8f 29 94 47 d6 52 1a 18 60 fe e4 71 9a f3 cd 2e 45 cf d1 e6 7c cf c1 8f df 73 e0 d2 9d f7 4d 8e dd f5 71 fc a1 91 57 49 f9 c9 ad 53 02 a8 eb 2e f4 78 71 ed d6 d4 8a d6 dc d0 3d 3f 31 78 ff f8 37 45 88 5f ee 11 67 53 bc b0 dc 1b d5 da 32 d4 d9 75 9e 67 74 cd e6 2d b2 f1 aa 1b 08 4b 95 d6 85 59 dc 96 50 c1 6a 7b 9d 66 99 cb 30 42 a2 45 ba 82 69 ae 1c fc 1c 57 0f fe 1d eb d7 f6 d2 35 78 36 1c 3b 88 1e 7e 16 a1 09 25 1f f1 58 94 91 da 26 cf c4 37 f0 00 3f c3 b4 5d 8e c6 b3 24 49 4c 9a 91 e4 12 22 e2 38 26 4a da 34 33 1a 71 46 94 49 89 33 16 45 d8 bc 11 6d 11 fa 4a e6 22 52 68 6f 63 69 8a 3f b0 8c c2 d0 32 16 46 8f 66 52 1a 45 84 8d 99 94 ca c9 8f dd b3 17 98 32 65 5f a4 ab 7b 51 ca bb af 9a cc d7 5a 0a 7d 8d 13 af 61 4b 3b 4e 25 eb Data Ascii: IRGl)GR`q.E\|sMqWIS.xq=?1x7E_gS2ugt-KYPj{f0BEiW5x6;~%X&7?]$IL"8&J43qFI3EmJ"Rhoci?2FfRE2e_{QZ}aK;N%
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 71 d4 7c ab 73 ba 59 54 31 95 5e fc 81 15 a4 2a 68 06 8e bc 1d a9 58 0c 8e 38 f5 e9 2a 37 79 f3 15 27 78 cb a5 87 58 52 98 61 6a be 48 7f f9 6a 96 ad fa 71 82 e6 29 dc ae 3f 82 d9 5d 1d 19 06 29 f9 a8 2f 60 1b 38 9d e7 af 5f 38 8b 5f 7b fa 46 8e 4d 4d 21 c7 1f d0 e9 c9 23 0b 85 78 61 a6 1c fa 33 5d e5 b0 1a f8 5e 4d 44 62 0b a5 c8 b9 de aa 95 25 69 a9 a7 4f 7b 97 f7 7b 2b ce 2a 84 ab ce c2 ef cb 04 75 de a6 f1 8d e0 75 44 d0 ca c5 66 bc 82 b6 13 45 9d e2 fe 29 1d 51 16 c1 89 c9 9b af a5 2e 64 78 35 32 57 c5 cd c7 2b e6 26 c6 de 31 b1 77 e7 73 c5 62 f1 a5 43 0f dd 23 67 5c 88 88 60 7c 9f f3 ae be 23 38 76 70 e7 15 d6 26 37 01 5d e2 79 f8 7d c3 f9 56 65 55 40 0c 38 c5 59 8b 11 47 94 c9 58 d6 37 cf 8f dd 70 8c eb ce 3f 89 68 4a b5 1e d2 5b 3c 9b e5 23 3f 40 Data Ascii: q\|sYT1^hX87y'xXRajHjq)?])/`8_8_{FMM!#xa3]^MDb%iO{{+*uuDfE)Q.dx52W+&1wsbC#g\`\|#8vp&7]y}VeU@8YGX7p?hJ[<#?@
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 48 d5 2b d1 dd 5d 49 f3 b5 6a 5b c8 bf 8c 53 a5 d5 a4 04 48 1f 78 72 97 1e 9a 8f 27 8a 83 cb 3e 56 32 a5 e7 c3 17 9f 51 44 48 53 25 6a 26 44 b1 25 c9 d6 d6 bd b2 3d 75 de 95 56 4e 1f ea ce b5 53 c9 73 b1 40 08 88 69 13 16 f3 2d 5c 4d d0 62 30 6d 2c 5c 32 b8 fd bd 7d 80 2e bc f4 95 6f ec 0c 29 16 4b 92 ef 91 ea 86 17 e6 26 df 6d ad bd c0 18 cf 18 3f 44 bb 96 e1 ca 03 88 18 7c 2c 37 5f 3c cd bb de 34 4b b9 ec 91 d8 90 b0 e0 51 88 9b ac ae bc 8e a1 35 37 21 a3 8f e0 f6 fe 0d 78 0a 81 8f 78 1e 26 6b 06 a5 12 1a cf e3 1a 27 f8 ec 8e 7e 3e f0 a5 5b 99 18 3b e1 8c 9b fc aa a9 0c dc 05 1c fd e8 47 3f f6 0d ff ff a8 f7 7c e4 53 f2 ef 6f bc 84 87 77 ef ab 79 98 95 52 af 5e 94 8e ac 2b 6a a9 07 1a 8d f6 39 62 17 2f fa 62 3b 84 d7 1e f6 9d 03 de 39 38 4d fb 1c b1 29 Data Ascii: H+]Ij[SHxr'>V2QDHS%j&D%=uVNSs@i-\Mb0m,\2}.o)K&m?D\|,7_<4KQ57!xx&k'~>[;G?\|SowyR^+j9b/b;98M)
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 1b 27 71 68 96 f0 f1 c7 ae c1 13 ad ed 00 1a 7e 29 4f 1d 10 08 58 06 57 15 d8 08 29 52 16 42 40 06 90 81 33 55 24 04 b8 80 97 ce 67 b9 01 70 52 74 06 c4 6b 8a 07 60 8f 98 d8 92 15 44 eb a0 55 59 e6 b1 0d bb 59 48 3f 98 e8 4a 46 c8 03 2b 49 31 c6 49 b6 d7 7d 1f cb f0 a4 79 2d b5 5a d7 c7 46 8f ad 79 d7 9f 85 27 ff e6 17 55 30 b2 e5 e5 25 86 53 07 f6 54 8d 56 1b c1 a8 c0 30 6a 15 8d b7 bc b1 84 8b 2e a8 a2 d9 16 f0 f9 98 1d 88 01 95 62 cb b6 6b 11 46 bd d0 8f fd 4f 98 d9 e7 40 d5 1a 10 10 40 3e aa 2a 45 40 73 0a 8d 56 1b 7f bb e7 2a 7c fb f4 2b 00 a9 81 b4 0d e8 26 38 8c 90 af bf 9c 08 34 0c 29 87 ac af a9 f4 80 aa 7d e0 5a 0f 44 b5 82 a8 16 21 a8 84 90 51 60 cd a0 0c 0a 08 01 21 c9 92 44 4e 4b 3c 08 66 09 44 56 83 b5 77 d6 7e 5c 49 6b 20 2f 8d 42 35 15 40 Data Ascii: 'qh~)OXW)RB@3U$gpRtk`DUYYH?JF+I1I}y-ZFy'U0%STV0j.bkFO@@>E@sV\|+&84)}ZD!Q`!DNK<fDVw~\Ik /B5@
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: bf 80 79 ea 01 b3 02 54 ec b5 43 b9 6c 3b aa 00 76 6e 7e 08 e8 5b e3 22 aa b0 02 b0 e8 0c b6 36 5e b2 3d ef f5 d4 49 5a 82 b4 92 48 3a 08 2f 29 70 f0 7d b1 04 21 bd 2c 20 1d 48 f8 9f a3 d0 4b 69 01 f2 05 42 78 40 ac ec 7b f8 e3 8e f9 63 74 ca f2 5c 00 2c d8 98 9e c0 a8 08 00 3e f4 db bf fa a3 a3 2c bd f0 0e 62 d6 b6 1f 04 b4 96 b5 79 95 88 c4 68 18 52 0b b0 17 42 21 04 42 22 8c 8d ac c5 9a 91 1e 98 27 bf 09 6e 4e ba e5 9e c2 fb 8f c0 c6 dd 20 dd c2 7c 5b e0 d3 fb df 88 a7 93 9d 20 e4 ee 8d c9 da 80 4a 01 90 33 49 a5 9a d5 0e eb c8 ab 03 80 ca 6c 3e 42 61 e4 6a 56 a2 80 25 5a 3a 19 74 25 e2 16 ae 2f 0b 08 72 e8 44 bd 6c fb cb 0e 84 18 e4 9c ad 1b 2c 14 50 06 46 29 f0 12 b4 b6 b0 fd 5c c1 14 e0 2c 07 93 2a 50 48 14 30 05 74 06 46 06 c3 29 60 32 b0 4e 2d a0 Data Ascii: yTCl;vn~["6^=IZH:/)p}!, HKiBx@{ct\,>,byhRB!B"'nN \|[ J3Il>BajV%Z:t%/rDl,PF)\,*PH0tF)`2N-
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 67 a0 36 80 52 39 d2 0f fd c0 69 87 10 05 8c f3 1d f0 db 0f 04 f0 ad e7 ce c5 5d 0b 57 03 a5 14 86 7d 79 5b 2b 4f 88 76 d9 77 c9 26 82 4e 4b 22 4b c6 8a c2 21 6f be 14 e6 e1 5b 6b 22 6d ef 2e 48 1b b7 84 30 41 06 f2 9f a4 25 a1 4e 89 3d af 20 31 0a 9d ff 32 2a b5 1b 78 dd b6 9c c3 c8 b0 73 c8 24 6c 76 9d 3b 27 ef 88 61 2b 95 9d aa 65 b2 39 4a ee 9f 49 81 b4 8f b2 b4 61 36 9e 5b ad 88 55 46 c6 e8 a2 ab a3 52 18 cc 6e 98 98 38 f1 e0 77 6f 7d 64 72 72 2a 18 19 19 5e 99 87 70 f6 9b e4 17 96 84 cc e6 1c 80 b6 b2 71 96 a7 bb ec 49 8e 90 01 16 d1 66 cc cf 94 cd d4 31 a7 6b 82 97 13 41 ab 1d 04 9c 9a ab e1 d3 07 6e 44 16 f4 01 1c c3 cf 94 b9 07 c9 0b 80 fc 3c 47 d5 12 e2 56 f8 85 7e 92 49 80 69 09 0c 1e df 0e 33 71 01 99 e7 1e d8 4e 95 fe 8b fb d6 cd 3f 59 ef 19 Data Ascii: g6R9i]W}y[+Ovw&NK"K!o[k"m.H0A%N= 12xs$lv;'a+e9JIa6[UFRn8wo}drr^pqIf1kAnD<GV~Ii3qN?Y
2024-12-10 23:54:08 UTC	1369	IN	Data Raw: 6d 08 86 d7 88 e6 2d 1f 3b 27 db ff e8 bf 31 8d 33 af d6 8b 23 f7 8a 99 53 f7 7d ff 95 ef 78 96 6b 03 0d c9 50 7f f4 2b 6f 31 6b 47 86 f1 81 8f 7d 91 1a 71 1c 1c be ee 1d 35 4a 1a db 39 6e 5c 6b e2 d6 cf a1 77 f0 c2 e8 cd ef ad ca 7f f1 4e 18 1d 40 20 05 a4 df ff 51 48 b0 80 61 06 19 6b 09 fd ad 53 37 39 9d c6 ab 82 96 2c 01 f2 26 48 35 ac 0f 81 4e 01 56 47 82 c1 f1 6f 0c dd f0 ef 4e 4d 7e e6 7d 2f b6 e9 53 d7 00 b1 19 a0 9a d5 0e 86 58 f5 b3 1a 86 4b 64 f4 5a c4 ed 8a 3e 33 0b 43 1a 24 68 79 9c 05 18 79 0c 7c ed d1 3e 3c 73 26 04 fa 16 81 78 01 88 aa de ee 4a 9f 83 98 e5 70 d7 91 12 da bc 43 48 4b 88 37 cf 64 21 97 b0 fc f1 4b 82 94 02 46 10 94 21 98 0b af 41 b8 69 27 c5 77 7f 79 28 be f7 6b d7 a8 c9 a3 97 aa c6 ec 2f e8 a0 74 8a c3 ca 94 a0 60 fa 1f 6e Data Ascii: m-;'13#S}xkP+o1kG}q5J9n\kwN@ QHakS79,&H5NVGoNM~}/SXKdZ>3C$hyy\|><s&xJpCHK7d!KF!Ai'wy(k/t`n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49738	65.9.108.35	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:54:10 UTC	139	OUT	GET /f/WebAdvisor/images/943/EN.png HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.2.2 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:54:11 UTC	511	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 48743 Connection: close Last-Modified: Wed, 23 Nov 2022 15:50:00 GMT x-amz-version-id: RW9gnZViDqHn6sjOaRWUaFg5F2z0vnXM Accept-Ranges: bytes Server: AmazonS3 Date: Tue, 10 Dec 2024 08:07:00 GMT ETag: "4cfff8dc30d353cd3d215fd3a5dbac24" X-Cache: Hit from cloudfront Via: 1.1 90cdff7228f895ed6ae34a9448571062.cloudfront.net (CloudFront) X-Amz-Cf-Pop: TLV50-C2 X-Amz-Cf-Id: W1uWnaEbnqbjQGFgRT6IPERQ9iTbND8XGZ8tSsXugz1Tw8DVhqqqCw== Age: 56832
2024-12-10 23:54:11 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 bc 00 00 01 68 08 06 00 00 00 b5 fd 28 e7 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 bd fc 49 44 41 54 78 01 ec bd bf b3 65 49 75 e7 bb ab 1b 01 c6 28 d4 0a 59 33 31 11 7d 71 c0 19 05 8d 60 14 a1 e7 74 e1 cf 04 8d 5a 83 c4 38 74 3b 78 33 c0 5f 40 e1 8c 33 06 30 de 7b 0e 45 84 22 80 26 1a 35 a1 67 8d 43 e1 bc 89 90 40 0d 92 25 9c 3e 72 84 35 a1 ea d0 18 42 02 ea ed 4f d5 fe dc 5e b5 2a f7 af 73 f6 b9 f7 dc 7b d6 37 e2 dc 7b ce fe 91 b9 72 e5 ca 95 2b 57 ae cc ec ba 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 42 a1 50 28 14 0a 85 Data Ascii: PNGIHDRh(pHYssRGBgAMAaIDATxeIu(Y31}q`tZ8t;x3_@30{E"&5gC@%>r5BO^*s{7{r+WBP(BP(BP(BP(BP(BP(
2024-12-10 23:54:11 UTC	16384	IN	Data Raw: 1a d0 99 67 8f c1 12 4f 58 f6 be 39 68 58 0b 63 f9 e0 27 65 a0 2c d4 c9 b1 3a 2b 68 cc 86 4a 5e 70 17 81 82 86 3f f2 d8 f0 93 35 de 42 43 2a 90 95 58 b7 f0 f0 10 c3 61 97 62 47 a5 a9 15 43 b9 1b 16 6f ea 09 33 56 3a 7a 4a 33 62 a7 e5 54 2e 1f d2 d1 20 3b 14 ce 0c 44 be f0 c9 5e fe 16 6d c8 08 1f bd 44 a6 97 eb 57 2f 53 34 26 5a 7c 1b 83 ed db b8 58 3a e8 8b 34 dd 1e d3 3b 74 5b 3f a1 c1 ab 71 eb ec 91 53 ca fb b4 b7 16 5a 3a c0 f6 1d eb 20 ea 96 31 9d 74 4c 64 9e 5a 0f c8 3b 3c 71 6a 3d eb 42 64 c9 36 a1 17 50 e4 c5 81 fb 22 4e d9 8b 39 4f ac 6d 88 fc e3 2c c5 58 7a d6 c9 98 51 bc af 2e c9 7c b5 ad 8c b5 bf 18 22 16 d3 88 7d 80 b3 30 71 cb c6 56 5f e9 7a 0d f5 3f f5 13 3d df 6b 60 de b1 fd ef 42 dc fb 6d 47 19 bc 85 49 d0 a0 6d b8 ae e0 9d f2 da d8 70 a3 Data Ascii: gOX9hXc'e,:+hJ^p?5BC*XabGCo3V:zJ3bT. ;D^mDW/S4&Z\|X:4;t[?qSZ: 1tLdZ;<qj=Bd6P"N9Om,XzQ.\|"}0qV_z?=k`BmGImp
2024-12-10 23:54:11 UTC	15975	IN	Data Raw: 82 48 e3 75 e8 3d 3c bb 1e 45 1e 77 77 f0 70 06 ee b1 8d 58 36 6e 6f 7a 3b 41 de 3c 88 e6 aa 8e ca 8e a8 be a0 30 85 f2 f0 9e 11 f2 34 8d e7 cd 3b 0d c5 27 4f 41 31 ad cc a8 d9 53 89 e2 7d 94 0b 1e 8c 38 5d 17 a7 a1 9d d2 32 7d 3c 00 ad 6b 00 3a 3c 89 86 ff f9 74 27 68 8e 74 7a 5c 22 ef 79 ac 68 6b fa 8a e7 72 5a 4e f3 8e 29 47 9e b7 4c 9e 30 93 a7 c9 a0 db 67 f8 1d cb 4d ba 91 d6 a5 47 f9 52 96 98 66 9c 4e 6b f1 7a ec 88 52 ca 47 fe 31 bd 58 06 00 fd f2 9b 67 48 7b 8c 1f f2 6b 2a bd 4c 5f e6 49 9c aa 35 bd 31 1e 22 1f 7c a7 7c ad 29 4f 4f dd ca e5 8f a1 2c 4e af 46 7e 45 7e b6 a6 83 a7 a6 88 f7 69 3b 11 96 23 e7 01 2f 6c 5f 99 67 f2 2d f2 28 4f 87 47 c8 57 e4 cd 3a ca 21 0d 71 da 59 9a 2d 4b e6 65 ab ae 0d 45 60 3b ba b1 a9 f7 39 f9 8f 21 0d f2 55 9a e5 Data Ascii: Hu=<EwwpX6noz;A<04;'OA1S}8]2}<k:<t'htz\"yhkrZN)GL0gMGRfNkzRG1XgH{k*L_I51"\|\|)OO,NF~E~i;#/l_g-(OGW:!qY-KeE`;9!U

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	65.9.108.35	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:54:13 UTC	140	OUT	GET /f/WeatherZero/images/969/EN.png HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.2.2 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:54:13 UTC	511	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 30586 Connection: close Date: Tue, 10 Dec 2024 04:28:14 GMT Last-Modified: Thu, 08 Dec 2022 12:37:43 GMT ETag: "9ac6287111cb2b272561781786c46cdd" x-amz-version-id: MVrTExmvEQAJj6fAGLSH_gwH63ab4qxc Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 5cb640bbbaa55dec4a9f2ef093c54cf4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: TLV50-C2 X-Amz-Cf-Id: _5-aqNVE0nRxmilQi9kyWM_-WcVS1JGKPwrqhRpy7zFNBHmHEU4NRA== Age: 69959
2024-12-10 23:54:13 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 bc 00 00 01 68 08 06 00 00 00 b5 fd 28 e7 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 77 0f 49 44 41 54 78 01 ed bd 09 9c 5d 57 75 e6 bb 35 db 12 e0 12 24 a4 b1 8d 55 02 e7 e1 e9 21 89 04 92 74 9a 48 22 84 90 a1 23 39 09 79 49 27 d8 12 83 33 30 48 02 cc 0c 92 18 02 06 82 24 27 61 36 1a 92 ce 44 82 a4 4e 77 42 9a 04 c9 34 09 74 42 9e 24 9e b1 8d 27 95 07 08 84 07 92 30 c8 b2 64 bb 7a 7d 57 f7 2b 2f 2d ed 33 dc aa 5b 75 ef 3d f5 fd 7f bf 53 f7 0c 7b 58 7b ed 69 9d 7d f6 de 95 92 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 Data Ascii: PNGIHDRh(pHYssRGBgAMAawIDATx]Wu5$U!tH"#9yI'30H$'a6DNwB4tB$'0dz}W+/-3[u=S{X{i}B!B!B!B!B!B!B!B
2024-12-10 23:54:14 UTC	14202	IN	Data Raw: a8 0a af 4c 87 55 3a f0 e1 73 2a 0d 75 58 54 d7 72 e1 45 99 58 ce bd df 32 19 73 94 e5 75 ce 6d 2c c7 b9 34 4e a4 1c e5 ee 8d a7 7e 7a ff b9 f4 c4 76 aa ca 7d 8e b2 f4 d6 4d 1f 46 cd 30 1a 76 b8 c6 3f 8b 89 d3 a9 62 9d 8f e9 88 71 95 95 e9 a8 87 f1 a4 b9 6e 5d a7 ee 59 86 ea e8 bb ac cf 61 18 55 7d 56 a7 65 88 f3 52 73 ff b4 a4 4e bd a9 7b 8f f2 e5 d2 97 cb 47 52 96 77 45 6d 45 a4 93 36 8e e1 e4 ea 0d d3 e0 75 1c db 39 9e 4f 37 76 ed da 85 be 7b ca ed 4f 19 bc a2 ef 18 69 2f 80 19 c9 ec a6 40 68 f0 c6 b9 68 42 88 c1 84 06 00 16 82 e1 53 b8 16 f9 f4 0f c8 1b 7c fe c7 d4 01 bc 88 d4 79 11 10 a2 88 5e 19 bc 9a c3 2b 84 10 a2 e7 60 54 97 3b 7f c8 d8 ed 2f 30 c0 00 63 17 03 0c 32 76 c5 a0 a2 5d 1a 44 df 81 06 75 74 b4 7c 8a 4f 9d cf 9d 42 88 c1 01 9f c9 61 e8 Data Ascii: LU:s*uXTrEX2sum,4N~zv}MF0v?bqn]YaU}VeRsN{GRwEmE6u9O7v{Oi/@hhBS\|y^+`T;/0c2v]Dut\|OBa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49790	18.161.108.175	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:11 UTC	142	OUT	GET /f/WebAdvisor/files/1489/saBSI.zip HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.2.2 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:55:11 UTC	628	IN	HTTP/1.1 200 OK Content-Type: application/x-zip-compressed Content-Length: 527389 Connection: close Date: Tue, 10 Dec 2024 04:28:31 GMT Last-Modified: Tue, 26 Mar 2024 13:11:30 GMT ETag: "f68008b70822bd28c82d13a289deb418" x-amz-server-side-encryption: AES256 x-amz-meta-cb-modifiedtime: Tue, 26 Mar 2024 13:10:42 GMT x-amz-version-id: 7sn0EuMWH3aYiKrbA4lOPgyoNDAU9iIf Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 830a57eccbd3fe5dbe1beff515179f28.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MRS52-P4 X-Amz-Cf-Id: cs0sPBRo8o14bgn7_VYA89WPcyuYPcuiNtYt66UsFLh8UNtQmjcZ8g== Age: 70001
2024-12-10 23:55:11 UTC	15756	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 9b 5c 7a 58 1c 99 c3 c5 a9 0b 08 00 80 11 12 00 09 00 00 00 73 61 42 53 49 2e 65 78 65 e4 5a 7f 70 54 d7 75 be 2b 69 a5 d5 8f 65 57 20 63 d9 c8 f1 da 26 8e 9a c1 92 6c a1 09 13 8b c9 82 59 5b 06 01 8b 2d 40 60 01 c2 08 f1 90 65 90 b1 b0 e5 16 3b 72 05 54 ab 95 1c 4d 4a 33 b4 61 dc 5d ad dc 68 3a 9a 56 46 3f d8 75 15 b3 c4 54 12 1d 1c 2b ad 9a 28 29 d3 ca 89 3b f3 1c d4 76 93 12 5b 76 15 d4 f3 9d fb f6 bd dd d5 92 e0 bf b3 03 f7 5d 9d f7 9d ef 9e 73 ee bd e7 fe d8 dd bc bb 5b a4 0a 21 d2 e8 ff c2 82 10 41 21 3f 4e f1 fb 3f 25 26 21 96 dc fb ce 12 31 94 f9 fe 7d 41 53 e5 fb f7 55 29 87 5f 74 34 1d 3b 7a e8 d8 fe e7 1d 07 f6 1f 39 72 b4 d9 f1 ec 41 c7 b1 e3 47 1c 87 8f 38 36 6c 7d da f1 fc d1 ba 83 45 56 6b d6 4a 8d e3 11 db 87 Data Ascii: PK\zXsaBSI.exeZpTu+ieW c&lY[-@`e;rTMJ3a]h:VF?uT+();v[v]s[!A!?N?%&!1}ASU)_t4;z9rAG86l}EVkJ
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: 83 97 5c 58 2e 66 8c 45 c6 51 c0 f7 d4 54 79 c9 5a f8 fb 4b c5 9f 95 97 ac 2b 17 bc 64 e4 29 6a 58 3f 3b d3 59 0f ab 33 7d c6 fe 9a 87 e2 23 5e b2 a9 5c 7e 3e 49 69 4f c7 86 c9 f2 92 01 48 3f d4 a7 d6 17 83 7b e9 f9 89 eb 87 ca c5 fd d5 5e ae dc 5f 2a 2f d9 b0 01 45 19 74 ae eb 4b e9 13 f4 3f e9 11 2f d9 23 fb bf 57 89 37 b6 e1 62 78 c9 30 ef ff 3d da fe 27 5e 32 5a 6e f2 92 bb ca 05 2f e9 8a b0 99 65 37 8c 9f dc a3 f0 92 c3 7d 3c 3e c1 4b 0e 95 8b 19 79 b8 5c fc fd a7 c8 d4 78 c9 01 f8 2a b5 04 2a 78 c9 ff ee c3 23 fe 68 b9 c9 4b 5e 28 9f 88 97 4c 44 b0 53 09 bd b7 76 73 3d 93 97 cc a5 f8 89 97 cc f2 88 fe ca f6 28 fd a5 f2 92 be 8d 4c 6a 0c 52 cb 77 a7 b4 e1 c5 f0 92 fd 65 e0 25 31 bf 2d 9b db 57 66 f2 92 38 33 bd bc 24 b5 69 7a 5e f2 0a fa bd 86 97 c4 Data Ascii: \X.fEQTyZK+d)jX?;Y3}#^\~>IiOH?{^_/EtK?/#W7bx0='^2Zn/e7}<>Ky\x*x#hK^(LDSvs=(LjRwe%1-Wf83$iz^
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: e8 07 27 13 b8 12 39 3f 83 9e 6b 07 d6 90 9f 46 a5 10 7e f3 65 5d 48 7c 6c ba 5a e8 63 c7 f1 9e 91 82 de c2 b1 32 d0 56 b8 f0 03 2a 51 1e b8 06 88 32 0b 88 72 5f b3 42 94 d1 39 70 df d3 df c2 bf ac e4 cb b0 bc 82 f9 32 1e 6e 50 9d be 8e c5 97 77 31 2b ed 15 3f 3d e7 9b fd cb e7 a2 0d ea 5a fc 6b a0 c5 09 6c 3a 1e 56 0d a7 a1 e3 d8 e0 9b 97 6f 50 69 cf f7 6d fa c7 1c da a6 37 b5 2e fa 77 c0 26 34 75 d3 77 be d1 7d ae b6 f7 e3 6f d3 de 78 c5 5f 4f 31 13 3f b4 f6 a3 2b 68 2d dc de eb 57 82 cf 21 87 ef f9 ed 38 7c 2f ef 51 87 8f ff ee 37 34 aa b4 77 f0 5b b7 d7 ca da bb 27 dc 9e ef ca da a3 ff 0e 3e 31 11 03 34 f5 f1 37 35 15 d3 5e c2 c6 7f a3 3d 4c 7b 00 ed 15 7c ef b2 ed b1 50 1d 16 57 5d 44 ba d0 36 5b 0d 9a bb 78 af a7 38 b4 52 20 ef ba e8 29 94 1d cf 93 Data Ascii: '9?kF~e]H\|lZc2V*Q2r_B9p2nPw1+?=Zkl:VoPim7.w&4uw}ox_O1?+h-W!8\|/Q74w['>1475^=L{\|PW]D6[x8R )
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: 95 a5 cb 7a 87 3f c6 69 de 05 af e9 20 14 43 bf 81 09 6e 10 7e 0c c4 8f fe df c4 47 ad 17 cf 84 db 97 47 7b b5 2f 54 61 c2 57 65 8e fa a8 7e 35 1b 2c 45 55 48 96 dd b3 2d b3 4e 81 78 05 07 4f ed 40 1b e3 49 b8 c3 df 49 55 f3 a8 95 20 2b b0 dc b7 c5 ec e9 0d b8 4a a4 ab 77 cc ef 6a cd ab 7a 9d ba c0 11 bc 45 5b 8b cd 69 bd a9 e1 bf f9 97 e7 51 57 3c 57 ad f0 ad 87 7f 76 1e b5 90 44 f9 1a cd 0e da cd ab 8e 50 57 f8 33 59 4a b7 b0 73 75 54 7b f0 42 6d 98 b1 9c 85 87 67 dc 25 c1 c1 2b 0e 0b 63 99 82 9e d8 da 46 12 05 6c c0 27 9e 21 35 5d 1a 8f ba f5 09 f6 6e d7 34 fc 3d f8 3e 3e 54 ce a2 7f 68 f4 de de 4f 70 20 f6 82 e0 fb b5 f4 93 18 8c b6 e2 22 2e e9 bc 67 bf bf 66 b9 c3 35 6b d5 ab df 53 b3 5e be 68 6a 16 be d2 15 35 0b 8b b4 c0 f3 52 c4 f3 ea 88 f6 96 ae Data Ascii: z?i Cn~GG{/TaWe~5,EUH-NxO@IIU +JwjzE[iQW<WvDPW3YJsuT{Bmg%+cFl'!5]n4=>>ThOp ".gf5kS^hj5R
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: 76 97 21 67 31 d2 2d e1 75 83 6f b1 45 f2 a4 d1 6c df 73 09 59 83 89 ae 28 bc 0c f9 c5 d2 51 de 34 02 d3 1c df 62 bb e4 b9 42 00 b8 b4 1f 80 88 be 45 c5 a3 21 e0 48 ed f1 b0 31 40 39 2c ee 62 0b a2 7b bc 18 7c a3 fd 3a f0 a8 a6 7e f4 d3 55 89 6b 5a e8 68 bc 5e b0 f3 8a ca 3b 70 71 02 dd 17 c3 ab 52 83 8d cf 83 87 f0 00 93 58 7e 2a e1 6b 96 8a 85 36 98 98 0a 8b e6 57 49 51 fe 90 b4 9e 96 14 36 5e dc ec 58 ed 4d 92 ec 7f 0d 75 4c c1 14 6d 6a 92 5a 60 d7 dc b6 62 4d e1 01 85 d3 ca 6b 40 e9 c2 65 d7 80 d2 2d d6 5c bf a1 35 d7 38 44 36 da 09 2c 50 50 84 3f 55 c1 80 69 3c dd 26 8b a7 29 e2 27 35 8e 7e d2 c4 dd 78 13 fd 64 8b bb 89 e2 27 5f fc e0 16 8d a4 ba 33 03 05 b9 0e 87 b1 b0 ab 16 58 9a ad a6 0a 61 18 fd 65 8c 21 1a 70 cf 0a 2c 59 7b 2b f8 1f c6 f4 13 17 Data Ascii: v!g1-uoElsY(Q4bBE!H1@9,b{\|:~UkZh^;pqRX~*k6WIQ6^XMuLmjZ`bMk@e-\58D6,PP?Ui<&)'5~xd'_3Xae!p,Y{+
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: 1e 71 cc 5a 1f 0b b3 a3 dd 24 f4 61 47 5b f7 58 c8 8e b6 70 77 49 b0 b2 01 2a 47 f0 a5 69 f1 2c 5e 6f 81 5c b8 bd d5 94 2a a0 05 ed b5 21 0b da 9e 6e 34 26 d2 1a de b6 87 d5 5c 16 29 06 0f e8 54 8d 81 c6 f6 5e 82 aa 7a 38 7c 09 2a e1 b4 59 60 c7 a7 a2 27 de 9c 90 23 7e f5 af 5f 7a 9a f5 4c f8 fe 47 f7 00 fb 1f 12 69 21 f2 12 98 08 6c b9 40 13 01 be 0a 8b b1 a8 d5 61 20 ab f9 a0 cf 29 00 c6 85 4d 01 68 0a f3 b3 0e 3e 05 38 2c 84 a6 00 d5 7c 92 8d 25 fd bc 03 a7 00 75 17 f8 14 e0 59 41 9d 02 6c c6 ac 87 9f e5 53 80 ee f3 9c a5 8b f0 2e f3 8d 8f d3 6a 32 fe aa 7e a9 ce e3 f7 66 f8 fe 09 66 ba 67 1c ca 1f 3d 86 ed 1c a7 4f 01 e8 7b dc 22 2c 04 2b 54 03 1a 16 a3 0c 72 22 30 85 ad 28 83 9c a1 2d 17 a7 b6 fc bc 61 a2 49 20 af 32 a4 53 60 2b fa 9a 05 10 c2 1e f5 Data Ascii: qZ$aG[XpwIGi,^o\!n4&\)T^z8\|*Y`'#~_zLGi!l@a )Mh>8,\|%uYAlS.j2~ffg=O{",+Tr"0(-aI 2S`+
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: 48 84 fe 39 2c a4 28 08 fd 73 58 4a 59 3e bb 66 b6 db 25 df 8c 05 e9 5f d9 b1 be 51 be 19 b3 96 b5 74 2d 14 68 c0 c8 c5 2e 7e fc cb c7 e7 77 22 df 00 42 52 ca 8c 96 be 47 d8 b8 41 1b fc b0 13 c3 26 7f 71 23 ab 87 1f 84 d6 68 a8 ef 17 cc 9e 03 d7 8e b8 53 ac 06 5a 97 8f f2 df 56 04 86 4c c4 c6 ec 6d de 71 9b aa 67 19 c4 86 5f 42 21 5f 8b d6 de 06 3b 9d e2 47 23 63 17 9d 30 87 a9 61 c4 9d 8b b4 be 80 16 de 97 76 f3 40 cc 2e 85 59 34 d2 27 f3 41 96 78 71 88 59 ba 62 ba 7d 40 5d a1 a8 99 31 ac bc 89 24 2b 46 27 72 19 a3 1d 89 a0 f1 36 93 dc 94 31 8c d9 16 4d ac 1e ae 96 f1 0f c0 23 d3 cc 04 6b 41 f0 68 78 20 84 ed 20 68 cb f2 d0 2e 81 7e d8 79 1e a4 60 92 4e 16 e8 75 fb 41 38 80 f9 80 7e c2 08 b8 c9 7e da 11 3c 1f ea 2b 80 c2 e4 e9 93 17 78 30 bc 9b 08 3b 2d Data Ascii: H9,(sXJY>f%_Qt-h.~w"BRGA&q#hSZVLmqg_B!_;G#c0av@.Y4'AxqYb}@]1$+F'r61M#kAhx h.~y`NuA8~~<+x0;-
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: 2a 84 ee f4 61 0d 36 f4 61 d0 22 79 e2 91 ae 8c cc 23 fa b0 b0 e9 58 91 05 15 76 1d 80 f2 cc 73 1c be 74 40 77 97 91 c1 56 69 54 29 95 f0 99 d9 06 f8 64 98 c3 20 1f f2 46 b2 91 58 75 eb c0 40 49 7b 5c a8 6d 72 e6 40 ff f9 02 fb e2 f6 ac 84 54 ba 72 1c ff 13 56 b8 3f d0 de 35 cf 5e 26 20 03 cc 15 2b 61 5d d2 65 68 b6 cb 05 8a 6d 85 62 5e bc 82 10 4a 05 41 6f 08 d7 f5 39 16 ab 9b 9b 41 7d fb 7b a2 af df aa 7f 5d 77 51 fc 0c da 87 c6 65 49 13 72 69 8d 9e 59 83 3a d9 ee e3 28 a6 76 f6 e0 55 93 4b 49 12 1a 91 8e f3 c2 82 3c f6 47 4b 16 76 58 b2 b0 46 0f 9d 06 29 58 98 20 05 2b bd b5 85 6c aa f8 ca 6b 5e 82 ce 9f 22 46 60 d7 b5 50 f8 01 68 d6 6f c9 05 81 26 df e1 f5 b6 a9 5e a3 97 a0 f7 70 31 da 7c 8d eb d3 18 f0 64 ef e4 c7 1b c7 0a 9b a3 58 1e 6e 2e 16 5f 71 Data Ascii: *a6a"y#Xvst@wViT)d FXu@I{\mr@TrV?5^& +a]ehmb^JAo9A}{]wQeIriY:(vUKI<GKvXF)X +lk^"F`Pho&^p1\|dXn._q
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: e0 22 8c 55 3a f4 dd 80 92 61 ef b1 47 d3 76 2a ed 31 71 8a 17 04 c0 6b de fc 20 00 33 f3 d6 53 45 41 6f ed 7d b5 d6 07 5e 33 4f fa db 5c c9 1b 57 51 67 4b 62 45 63 ad 8a 82 a3 97 94 34 2d ae f9 0d 66 80 ca df 07 2a 7f de f9 4c 5a 88 0e 6c 4b 6c e5 6f 01 84 7d 0a 15 c9 57 13 9e 8e ef 25 b5 41 c7 96 ed 83 d2 46 a4 a7 1f 5d 1d f8 17 19 8a 3e f4 f2 ea 77 f1 30 77 8f d8 14 0e a8 de 07 73 dd b5 60 02 8f 33 f3 64 40 1e ba b4 da ef 0d b4 01 00 73 07 96 e2 77 a1 04 b0 3e c8 07 9b 70 ac b9 e3 04 11 62 81 97 07 ce f5 61 9c 05 b3 98 7f b0 65 00 6c be 97 37 bf 21 38 d6 d3 b7 64 31 2e a8 7b fa 45 3b 6c 7e 32 3c 18 6e 9d 02 1f 17 c5 60 3c 4d d7 5e e7 a7 bb af ef 5b af c6 f9 a7 f0 8c ed 05 f6 b3 02 ab 6a 2e 71 76 93 46 f6 74 8c e5 27 e9 46 be 19 db 86 aa 36 1c 90 71 8e Data Ascii: "U:aGv1qk 3SEAo}^3O\WQgKbEc4-fLZlKlo}W%AF]>w0ws`3d@sw>pbael7!8d1.{E;l~2<n`<M^[j.qvFt'F6q
2024-12-10 23:55:12 UTC	16384	IN	Data Raw: a9 7f 40 b4 a2 34 02 bd b2 07 64 73 03 4c 91 78 ce e8 89 d8 b1 ea 49 2d 42 18 ce 0c 60 d9 e5 39 21 ff b1 6d f8 a0 ff 86 d9 c1 23 83 79 da 80 60 94 99 56 cd 5b 3c 5d aa 47 c9 f5 08 f3 d9 ce 6c 5e b5 58 60 5a 20 b0 52 39 71 16 48 0f 91 d1 c0 e8 1b 33 f1 4c a4 5d d6 93 ba 86 5c d3 40 cb 5c f4 8b f1 da b3 03 14 30 7c 3c b7 46 8e 67 fa 60 ee d4 f0 9a 25 8e 67 ab 5c 12 f0 3e 05 68 bb d3 0a a3 b9 68 08 31 a0 3f 6a d3 d0 f7 fe f9 ea e8 55 99 4d c0 5b d2 88 07 86 91 dd f3 db 66 ca ce cd 6c 78 24 f0 92 5e a7 b7 35 2f fa 81 71 ec 80 b3 58 01 04 1e 70 50 0b 3b ca e9 f0 35 b9 47 13 00 3c 10 9f bc e9 ab 56 9a d3 ef 78 d1 24 54 e2 8d 6f 05 fa 2d b6 94 67 85 d0 c9 84 0c ba 76 11 3f f7 e8 91 3d 47 54 29 a0 cc 34 d3 1b 74 88 c7 00 2c 5f dc ea d9 5f 38 9e 3f 26 e0 43 b0 e6 Data Ascii: @4dsLxI-B`9!m#y`V[<]Gl^X`Z R9qH3L]\@\0\|<Fg`%g\>hh1?jUM[flx$^5/qXpP;5G<Vx$To-gv?=GT)4t,__8?&C

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49801	18.161.108.175	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:14 UTC	144	OUT	GET /f/WeatherZero/files/969/WZSetup.zip HTTP/1.1 Connection: Keep-Alive User-Agent: Inno Setup 6.2.2 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:55:15 UTC	519	IN	HTTP/1.1 200 OK Content-Type: application/zip Content-Length: 6227973 Connection: close Last-Modified: Thu, 08 Dec 2022 09:14:29 GMT x-amz-version-id: s20fxiZKNPOZhn5cscxnL4vQWeKpCNmb Accept-Ranges: bytes Server: AmazonS3 Date: Tue, 10 Dec 2024 21:06:02 GMT ETag: "7cc0288a2a8bbe014f9e344f3068c8f1" X-Cache: Hit from cloudfront Via: 1.1 733ea595c2dc45be54d2c763076c592e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MRS52-P4 X-Amz-Cf-Id: -NdxNBUTyaB-MtqsrgpnM9maYwIh2-RIHuGbAtS7b7-rFLK-Vt6f8A== Age: 10153
2024-12-10 23:55:15 UTC	15865	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 76 86 87 55 c9 02 ed f5 8d 07 5f 00 10 8b 5f 00 0b 00 00 00 57 5a 53 65 74 75 70 2e 65 78 65 ec bd 7d 78 54 d5 b9 37 bc e7 2b 19 92 09 7b 02 89 46 f9 0a 12 14 0d 52 34 60 89 43 74 02 d9 21 58 06 26 0c 99 81 0a 08 42 70 18 23 a1 c9 de 88 96 e8 84 9d d1 6c 36 63 39 ad 7a 6c 6b 2d 88 3d b5 2d e7 d4 9e 5a a5 ad 8d 19 b0 49 50 d4 f0 51 88 42 6b d4 54 f7 38 51 a3 a4 61 80 98 fd fc ee b5 67 00 cf 79 ce 7b 9e eb b9 de f7 ba de 3f 4e 70 cd 5e 9f f7 5a eb 5e f7 e7 5a 6b 6f 3d df de c5 59 38 8e b3 22 e8 3a c7 ed e7 8c 3f 37 f7 df ff 75 21 8c 9e f4 87 d1 dc 8b a3 de 9c bc df b4 e8 cd c9 cb 82 1b 1b 0b 37 37 d4 df d3 b0 f6 be c2 75 6b 37 6d aa 17 0b ef ae 2d 6c 90 36 15 6e dc 54 58 b1 c4 57 78 5f fd fa da 19 39 39 59 45 29 18 ff 7a d3 f5 Data Ascii: PKvU__WZSetup.exe}xT7+{FR4`Ct!X&Bp#l6c9zlk-=-ZIPQBkT8Qagy{?Np^Z^Zko=Y8":?7u!77uk7m-l6nTXWx_99YE)z
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: e2 72 2b 5d 29 f2 74 79 15 fc 76 2b 6c 32 da 6e 1a 4c 5a 51 74 66 64 a3 75 3c 77 14 89 bc e7 c1 8d 10 4c bb 49 14 d5 26 b9 fd d3 8e ce e3 ca d6 1f 9f c7 fd c6 fe 50 5e d9 b4 13 f3 b8 26 eb 48 2c 31 aa ac 95 a2 e6 df 64 f2 6d 87 14 bb dc 6e 2d 7b 1e 19 db 8e 47 85 e4 ab d4 c6 1b 9c 76 0a fe f3 f4 e7 e8 f2 38 d2 c1 95 2d 88 8d a7 1f 7a 5d 38 68 bc 92 10 a6 8f bf 4c 5c 11 b2 2d 3f f3 2b f6 81 22 d6 68 26 35 2a a4 46 3d 54 ff e9 16 76 63 68 62 90 e0 6a 1e 34 19 b1 d1 30 77 13 f0 d6 4a e7 ee 99 ec 99 bb 87 fa 51 2a f3 f6 14 b2 67 81 7c 2d 17 9f 0b 85 a1 be d1 99 41 9b ee 40 e6 b1 fb da 8b df 89 5f 67 e7 52 8b 42 9f 5c f9 af 16 a5 90 2d 4a c9 29 e3 f3 3e ab da 5d 07 95 4a 2b df 12 27 23 32 6b 39 7b b7 df 00 a2 91 37 2c 1c 27 8f 92 ae c9 aa 8f 11 15 a8 35 dd ae Data Ascii: r+])tyv+l2nLZQtfdu<wLI&P^&H,1dmn-{Gv8-z]8hL\-?+"h&5F=Tvchbj40wJQg\|-A@_gRB\-J)>]J+'#2k9{7,'5
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: f6 4b 9c d4 5c e7 2f 71 9d 63 3f c7 7e 9e fb ec 77 5a 9e a5 3b 7d f6 22 96 8f 9a 8e eb d2 79 2c 2d 07 17 f5 45 ee 33 5c d4 ec 67 ce 9d 3b 75 e6 0c 1d cf a5 b3 64 69 69 bf 1a 35 ed 57 6a 21 b0 cb 8b 06 fe 17 fe 0f 86 91 e4 a0 e6 65 cb 47 18 be ac 67 b8 92 ef 3d d4 6d 05 d5 a1 03 42 a2 8d 77 26 99 f4 2d b2 0f bb 59 3e 2d b7 dc 61 16 2d bc a3 71 c2 69 e8 9c de ba 72 26 41 9f d8 23 d2 b9 71 5e 9a fb af 25 bf 69 a0 92 f1 09 f0 34 e8 b8 d1 f6 7a d5 4f 3c 1f 8e b7 70 dd d7 89 3e c7 fc 9a 21 3f 07 54 ee af df ec d9 15 11 79 ed c7 d5 9b e6 d5 d4 f2 98 5d 53 37 6d 52 9b f2 7c e7 12 58 11 2c 74 b4 ad e2 7e b3 53 a4 48 cb f0 5c 73 4c 79 de 21 0a d5 c7 9b 3f 6c 50 1a 80 e9 43 1b 87 80 5e 76 bc b2 6a db 81 9d 72 30 b8 ea 82 d1 8d 76 b5 77 fb e7 a6 67 18 77 18 ff 68 3a Data Ascii: K\/qc?~wZ;}"y,-E3\g;udii5Wj!eGg=mBw&-Y>-a-qir&A#q^%i4zO<p>!?Ty]S7mR\|X,t~SH\sLy!?lPC^vjr0vwgwh:
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: 6d cd 07 77 fd 7f 5a da 35 9f 1c d8 5e 34 4e 8d 4a 2c 36 14 4f db d5 71 db aa 1b 34 dc c2 a7 14 e6 7d fd 8e 0f fd d0 e7 02 92 a4 6d 3a 17 7e 32 22 e2 ab 1b da f4 da 53 43 d9 5a f2 5b 1c f5 43 c6 db 42 ff 28 b8 27 42 93 94 c6 2e 16 6f c8 c4 5c cd 9e 71 86 2b b7 43 cb 4d 6f ea 40 c9 39 15 f1 c0 2b 16 8e ad b0 d7 8e 38 e8 98 37 74 de 21 59 54 0f f2 6e b3 8d 2d d8 89 05 b7 51 5b 5c 9b 23 b8 fe f0 8c 8b ff e6 f7 45 6d 7c a5 e1 1f 1a 8c f0 ce 77 66 38 4c 07 54 6a 4b 80 73 75 9e 60 70 25 7a c1 56 ea cb e3 2f cd 1f b8 7e 09 fd 6e c7 e6 fa 85 f7 36 04 3d 31 15 fd 0d fa fe c6 7c 7d 87 eb 43 b6 1c 27 34 f4 ae fa 2d 6f 00 bc 89 1b d3 87 9b 10 ef c1 7b 93 ae dc e6 a2 c4 20 b1 44 69 a2 99 ab 43 06 00 10 f5 c1 22 6e 4a df 97 9f 10 a7 40 59 cb 9d 38 68 fa 38 c7 5b 68 b5 Data Ascii: mwZ5^4NJ,6Oq4}m:~2"SCZ[CB('B.o\q+CMo@9+87t!YTn-Q[\#Em\|wf8LTjKsu`p%zV/~n6=1\|}C'4-o{ DiC"nJ@Y8h8[h
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: 01 24 1a a7 ee 08 d2 40 18 f9 00 4c 7c cc 2e cc 74 68 e5 d2 f2 15 b4 31 9a fc 16 ce e7 f6 25 c9 32 73 0d e3 3c 7e 33 77 a9 4b 9a 44 e4 b0 0a b4 21 f5 19 b2 b4 e8 54 ad 78 9a e7 2a 86 ca 3c 8e d7 29 55 08 99 d1 09 60 f3 d8 66 05 99 d2 71 9a 01 fd 34 fb 27 ac 42 eb 98 04 95 32 a6 df 86 3d b5 bc a4 85 89 54 8e 5f 8e 79 36 e7 bb af 69 9a a7 bf 2d 5e 75 c3 f5 df 11 5f f8 e5 2d 9e 1b 6c c8 c9 df bd 18 b4 07 8e 6c a2 6a 64 14 fa 5d 3b 2d 8d d6 bf 4b d3 5b 7c a2 5f b5 bb de f9 89 79 27 4c 1c 1a 67 46 18 c4 6c df d8 e2 bd 6f 04 18 bf e5 98 8c 40 a9 7c 99 1e ff 10 00 f3 21 3a e6 47 aa af f2 a1 44 70 54 79 da 20 29 a2 cf 09 a0 8f f0 cf 28 88 03 52 c4 dd f0 de 5c 18 73 48 72 b1 79 7f f3 bc 95 81 9d ad 9f fa c0 b4 23 6b 8f dd 23 7d f1 f9 20 4d ef 19 bc 38 bb 55 6d b2 Data Ascii: $@L\|.th1%2s<~3wKD!Tx*<)U`fq4'B2=T_y6i-^u_-lljd];-K[\|_y'LgFlo@\|!:GDpTy )(R\sHry#k#} M8Um
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: 93 f2 c6 9d 54 23 5e 70 13 8c bc 29 b1 a9 f2 7a 94 2b 68 c9 99 c2 81 df dc 74 a6 ee d2 f3 e4 6f 1f 6d ce 06 e6 f3 57 9c 77 cf cf ae 74 e1 84 f4 05 67 47 2b ba a8 71 5f fe 52 aa 16 5e 56 de 2d 56 1f 5d 03 37 d2 10 ac 04 1d 9b 9d 02 6a 6c ef 79 35 1b f1 b5 a5 96 97 1b 66 65 b0 6a 96 44 08 97 06 4e a2 1e 93 99 d5 fd 94 5c 50 47 eb db 06 93 01 42 63 ca 64 d6 9d a4 e7 00 16 d5 46 4f 7e ab 4b 0f 95 01 1c 42 5b 8d a8 c6 c0 1f ba 8d 29 a3 7f 3f d3 27 8d 07 b8 a8 4e 88 bb 34 8f 65 3b 3f 13 a4 de 79 7a 52 a5 69 42 74 cd 74 5e 7b fa c6 ea 0b 3d 1d ee 4b 9f 93 ae 4c bc 32 ee b6 a7 3c 60 d5 99 19 8e fa 22 6f 21 bd 5e bc e8 0f 71 d1 17 c8 12 0e 7b c2 91 9d 74 a0 14 51 19 c6 60 a4 2d 1b 85 e9 e2 78 5d 75 06 08 f9 e3 3d 08 78 90 48 cd f8 72 c5 72 da 14 ab de 95 23 08 6b Data Ascii: T#^p)z+htomWwtgG+q_R^V-V]7jly5fejDN\PGBcdFO~KB[)?'N4e;?yzRiBtt^{=KL2<`"o!^q{tQ`-x]u=xHrr#k
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: d4 0c 8f e1 44 36 71 e9 da 81 0d 74 2a 88 69 ba 76 26 5c 61 93 46 c6 c9 15 05 3d ea 65 55 d6 5c 84 b6 8a 1a 0a 45 31 0b 93 05 cc 80 c4 e9 88 1e 3a 15 42 c4 58 5e 2c da 9b 7f 08 37 5d a8 6d 7d f2 04 1b fd 31 bc ff a0 58 4a e1 14 fb 5c 61 e1 6f e1 d1 c4 b6 0b 18 1f 91 57 cb e9 6e 0c eb b8 a7 ba 55 73 7c aa b8 45 b1 d2 b3 f8 2d 6c 91 07 90 be 7f 55 7a 7f 1e 05 e1 2c af a2 39 83 17 d1 2b b3 fd c5 b1 c0 ab 8e 54 2a b2 31 7c 26 9b ac 15 f4 59 e3 28 ba d9 9d 7f 6e 34 d6 a5 7f 00 c3 bf 5b 9e a0 47 31 96 f7 73 66 19 32 1c 89 89 fd c0 b4 4e 19 5a 77 17 31 8b 69 32 53 ff f5 12 9c 41 0e d6 05 a0 ba fb dd fb a5 be af 3d 63 51 52 b7 37 6f 92 f4 ac ed 1e e3 1e 1d 86 dc 4c 68 46 80 59 30 9a 7b 91 3c 81 bb 56 64 2f cd 1f 4b 96 f1 02 3b 7c fa 40 14 d1 d5 d8 70 ce f3 1e 6a Data Ascii: D6qtiv&\aF=eU\E1:BX^,7]m}1XJ\aoWnUs\|E-lUz,9+T1\|&Y(n4[G1sf2NZw1i2SA=cQR7oLhFY0{<Vd/K;\|@pj
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: ba 19 d2 2a 48 53 26 34 fe bc 8e 1c 82 b5 70 95 d0 55 5c 3d 27 5f f1 c4 37 ad 84 28 f1 24 60 26 3f fa da d7 37 19 22 78 82 af ff fa d4 06 db 8c 2d 12 d2 a3 87 9e 98 42 70 dc 17 88 03 b6 11 db aa fb 40 ce fb 11 79 3d 51 b5 47 f3 eb 2c 80 87 a4 b1 b5 9e 1d 2b b3 a2 1f e4 c9 a6 2c ea 8c 83 ed 38 37 74 dd 2e 5c 6b 3d b4 a8 93 77 7f 11 59 3c f5 a7 ca ff 4b ab e1 f9 86 9b 51 02 62 b9 c7 0d 69 00 69 93 ef 93 75 03 7c 5d c2 78 7e 82 01 33 b8 9f f8 2f f7 06 a6 cd 43 ac 1e 4b f1 05 1d be 64 4e c7 98 c7 10 05 64 ca af 5f 6d bc 8e 41 f9 57 dd 59 5f 75 ef cb fc 83 a7 14 fa d1 69 23 ec 96 aa 07 29 7f 1a 2e df 44 7d 84 d1 54 ff e6 9d d2 db 32 6c 5d 73 1b 66 45 00 6c 3e 42 ac 04 9f de e1 9f 69 3c b6 cb 00 ab ba 40 d8 fb 4b 7c c9 8f 6d fa a5 49 c6 39 4b 59 5c 0e 1c 16 e2 Data Ascii: *HS&4pU\='_7($`&?7"x-Bp@y=QG,+,87t.\k=wY<KQbiiu\|]x~3/CKdNd_mAWY_ui#).D}T2l]sfEl>Bi<@K\|mI9KY\
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: f5 e3 70 76 9e 83 bc 7f a2 a0 36 a8 a4 f8 a7 02 ef e1 52 56 7b 70 6c 75 aa a7 be 13 9f ff 16 f6 74 32 d8 2b 92 c1 b3 e7 80 d2 5d 30 e4 a0 18 b8 73 40 31 63 97 ba 94 a7 5e c8 97 c8 08 f2 f9 c7 51 ef 79 99 cc b3 25 f6 59 92 35 f7 c7 12 23 8d fe d5 14 2a 01 81 fa 15 5a 9d 31 ba 13 0d 4f ea 38 4f e2 38 ba 64 17 f2 c1 1c f2 9f a3 92 48 fc 4b 2c c4 1e 84 1e d8 23 c7 ea 16 70 53 11 b8 e1 85 f2 25 99 5b 4c 6b 0f 15 95 32 2e 15 7e 93 b5 fc 26 f9 f7 2c ad 6d dc a3 34 08 15 75 ed 25 75 25 9b bf 50 dc ad 5a 02 94 7d b8 1a e5 25 6f be 73 eb b6 af 1b 83 ff 2a 32 fa 09 4e ad ed da dc 59 95 15 30 06 45 a9 a0 54 24 a9 e3 9b 54 d7 57 88 c9 33 81 5a 93 72 fe 6b 12 03 44 39 92 2f fe e4 ff 32 36 1d 76 ed d4 55 cd ad 5a 1e 26 f4 d5 ec e6 68 0b 9c f4 d0 f2 5d 09 a7 0b 5c 16 30 Data Ascii: pv6RV{plut2+]0s@1c^Qy%Y5#Z1O8O8dHK,#pS%[Lk2.~&,m4u%u%PZ}%os2NY0ET$TW3ZrkD9/26vUZ&h]\0
2024-12-10 23:55:15 UTC	16384	IN	Data Raw: 6a a4 70 b3 a4 89 e1 9e a6 2e fc 1f 95 c1 29 72 66 03 ae 94 bb c1 79 4b 44 6a ce 95 e5 89 23 56 e0 49 2a f6 23 b8 22 09 eb 1b 45 6b 2b 34 eb a2 07 2b 40 67 94 cc ca e4 9a 39 48 d3 2b 2f c8 92 e5 5f f0 63 6d 04 40 1c 21 cf 78 39 53 72 57 0c 93 5c 76 11 74 0f 6e 0e e6 c8 0a c9 68 94 da 45 9a 1a 18 19 7d 6e 3f d0 13 0a 4e 39 fa 71 65 e7 5e 50 08 54 f9 f0 bc 84 23 6a 69 a3 51 20 82 59 56 d6 50 3e 72 1f 31 2e f9 10 02 34 5c 8c 28 17 cf e7 e6 6b 14 75 d3 90 be fe 1b 67 4e 42 a5 71 82 4a 1d 91 40 35 6a 4d e8 2f 2b d8 f8 e2 48 aa e4 25 8d e7 cf f1 b6 51 1c 83 df 0f df d0 47 fc ff cc 3c 29 ec dc b5 53 f2 9b 4e 65 25 84 26 17 cb bf b0 d8 f1 9c 05 ae 18 9a 90 9b 7e a7 04 53 58 62 7d 05 95 d0 fe 28 9a c7 12 b5 c2 f8 80 e6 c1 ca cc 14 03 f4 8b 01 ac 07 67 24 06 f4 df Data Ascii: jp.)rfyKDj#VI*#"Ek+4+@g9H+/_cm@!x9SrW\vtnhE}n?N9qe^PT#jiQ YVP>r1.4\(kugNBqJ@5jM/+H%QG<)SNe%&~SXb}(g$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49830	18.161.108.175	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:27 UTC	326	OUT	POST /zbd HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / Authorization: Signature=2aba9acf582fdedfe6ed78f4f17b63558785b889affa71089930eba82621fbf0 User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 386 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:55:27 UTC	386	OUT	Data Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 31 30 31 38 35 35 30 33 5c 22 2c 5c 22 33 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 34 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 62 41 64 76 69 73 6f 72 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 65 62 41 64 76 69 73 6f 72 5f 56 33 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 4e 4f 43 48 78 4e 65 77 33 30 4d 61 79 32 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 66 6f 72 75 6d 65 72 2d 65 Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241210185503\",\"3\":\"IMDownloader\",\"4\":\"IMDownloader\",\"5\":\"WebAdvisor\",\"18\":\"ZB_WebAdvisor_V3\",\"19\":\"NOCHxNew30May2\",\"21\":\"forumer-e
2024-12-10 23:55:28 UTC	427	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 15 Connection: close Date: Tue, 10 Dec 2024 23:55:28 GMT Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE Access-Control-Allow-Origin: * X-Cache: Miss from cloudfront Via: 1.1 8ddb34cf6930071cc06ac942a8998048.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MRS52-P4 X-Amz-Cf-Id: bbjrWhLepDjvSzA13mFrmGcIHBuznli05JlctXXLJyZ2WQOqLaX9uQ==
2024-12-10 23:55:28 UTC	15	IN	Data Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d Data Ascii: {"Status":"OK"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49833	54.200.239.173	443	5960	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:28 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 311 Host: analytics.apis.mcafee.com
2024-12-10 23:55:28 UTC	311	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 35 39 38 35 37 32 37 37 2d 35 33 31 32 2d 34 35 41 43 2d 39 37 46 31 2d 45 42 32 39 33 33 45 42 44 45 33 34 7d 22 2c 22 65 61 22 3a 22 50 72 6f 63 65 73 73 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22 Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{59857277-5312-45AC-97F1-EB2933EBDE34}","ea":"Process","ec":"BootStrapInstaller","el":"Started"
2024-12-10 23:55:28 UTC	95	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:28 GMT Content-Length: 17 Connection: close
2024-12-10 23:55:28 UTC	17	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d Data Ascii: {"message": "ok"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49840	18.161.108.175	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:30 UTC	326	OUT	POST /zbd HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / Authorization: Signature=2aba9acf582fdedfe6ed78f4f17b63558785b889affa71089930eba82621fbf0 User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 374 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:55:30 UTC	374	OUT	Data Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 31 30 31 38 35 35 30 33 5c 22 2c 5c 22 33 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 34 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 35 5c 22 3a 5c 22 57 65 61 74 68 65 72 5a 65 72 6f 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5a 42 5f 57 5a 5f 56 31 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 4e 4f 43 48 78 4e 65 77 33 30 4d 61 79 32 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 66 6f 72 75 6d 65 72 2d 65 6e 5c 22 2c 5c 22 36 Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241210185503\",\"3\":\"IMDownloader\",\"4\":\"IMDownloader\",\"5\":\"WeatherZero\",\"18\":\"ZB_WZ_V1\",\"19\":\"NOCHxNew30May2\",\"21\":\"forumer-en\",\"6
2024-12-10 23:55:31 UTC	427	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 15 Connection: close Date: Tue, 10 Dec 2024 23:55:31 GMT Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE Access-Control-Allow-Origin: * X-Cache: Miss from cloudfront Via: 1.1 9e1ca2a082cf3304834fbd01d8598ce4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MRS52-P4 X-Amz-Cf-Id: uQxj1Mk1JpXm0JN0cleXF70C_xyWhMJmk2VMAzdfgYqKw8X9zV67MQ==
2024-12-10 23:55:31 UTC	15	IN	Data Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d Data Ascii: {"Status":"OK"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49839	54.200.239.173	443	5960	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:30 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 311 Host: analytics.apis.mcafee.com
2024-12-10 23:55:30 UTC	311	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 35 39 38 35 37 32 37 37 2d 35 33 31 32 2d 34 35 41 43 2d 39 37 46 31 2d 45 42 32 39 33 33 45 42 44 45 33 34 7d 22 2c 22 65 61 22 3a 22 49 6e 73 74 61 6c 6c 22 2c 22 65 63 22 3a 22 42 6f 6f 74 53 74 72 61 70 49 6e 73 74 61 6c 6c 65 72 22 2c 22 65 6c 22 3a 22 53 74 61 72 74 65 64 22 Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{59857277-5312-45AC-97F1-EB2933EBDE34}","ea":"Install","ec":"BootStrapInstaller","el":"Started"
2024-12-10 23:55:31 UTC	95	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:30 GMT Content-Length: 17 Connection: close
2024-12-10 23:55:31 UTC	17	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d Data Ascii: {"message": "ok"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49844	104.21.48.1	443	6100	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:31 UTC	208	OUT	POST /forecast HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: NSIS_Inetc (Mozilla) Host: localweatherfree.com Content-Length: 277 Connection: Keep-Alive Cache-Control: no-cache
2024-12-10 23:55:31 UTC	277	OUT	Data Raw: 6c 6f 63 61 74 69 6f 6e 3d 35 68 43 25 32 46 75 34 68 41 76 37 4f 76 50 58 25 32 46 47 53 78 64 48 4e 55 25 32 46 6a 6f 72 63 66 46 50 51 41 53 4f 41 30 6c 36 53 25 32 46 66 41 4d 66 68 33 6f 38 31 71 69 41 43 52 4b 45 4e 73 71 4a 43 42 37 63 76 38 73 58 70 5a 62 71 30 45 68 36 71 58 4b 52 78 68 66 63 62 48 66 37 49 50 56 46 63 53 79 58 49 4e 41 69 76 46 47 44 6e 75 4f 67 49 6f 7a 78 58 6b 4d 42 56 41 6d 64 25 32 46 59 6e 74 6e 56 4d 32 67 35 63 39 74 79 69 7a 34 32 48 77 67 6a 4e 62 43 51 67 73 59 76 43 45 33 58 6c 48 59 76 49 64 33 4d 50 48 75 38 6b 46 57 72 56 63 67 35 45 35 4c 25 32 46 75 6b 51 70 5a 65 47 65 41 43 57 75 46 25 32 46 50 5a 47 64 33 75 32 30 72 41 79 77 32 6a 25 32 46 46 4d 4a 69 67 5a 5a 5a 76 6a 31 4c 49 6a 43 56 4f 57 71 46 75 6e 51 Data Ascii: location=5hC%2Fu4hAv7OvPX%2FGSxdHNU%2FjorcfFPQASOA0l6S%2FfAMfh3o81qiACRKENsqJCB7cv8sXpZbq0Eh6qXKRxhfcbHf7IPVFcSyXINAivFGDnuOgIozxXkMBVAmd%2FYntnVM2g5c9tyiz42HwgjNbCQgsYvCE3XlHYvId3MPHu8kFWrVcg5E5L%2FukQpZeGeACWuF%2FPZGd3u20rAyw2j%2FFMJigZZZvj1LIjCVOWqFunQ
2024-12-10 23:55:32 UTC	802	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlHHfn%2Fvlar2QvquAbXGgtNOg6bHFkSiCdM%2By4u5t3qYLk7u2Yb0wp6dBW66E%2FBr8nsAALlZv2D%2FsBJbenf9Sf5ARC0ktFagg5AMvke1GBO6z4Gq294ppQlDukKcVLqAEf4Gy%2BrKlQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f012a9358675589-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1515&min_rtt=1514&rtt_var=570&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2852&recv_bytes=1121&delivery_rate=1917268&cwnd=226&unsent_bytes=0&cid=194ca2116739e91f&ts=626&x=0"
2024-12-10 23:55:32 UTC	70	IN	Data Raw: 34 30 0d 0a 56 6f 67 63 43 70 73 34 37 57 4f 62 73 70 51 35 67 76 4b 75 59 65 79 75 36 46 78 2f 58 7a 34 4d 78 48 4d 5a 39 75 31 56 34 4b 54 6f 4e 2b 59 62 76 36 38 32 62 6d 58 67 46 49 6e 61 67 47 6c 33 0d 0a Data Ascii: 40VogcCps47WObspQ5gvKuYeyu6Fx/Xz4MxHMZ9u1V4KToN+Ybv682bmXgFInagGl3
2024-12-10 23:55:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49852	18.161.108.175	443	7560	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:34 UTC	326	OUT	POST /zbd HTTP/1.1 Connection: Keep-Alive Content-Type: application/json; Charset=UTF-8 Accept: / Authorization: Signature=2aba9acf582fdedfe6ed78f4f17b63558785b889affa71089930eba82621fbf0 User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 337 Host: d1e9165hyidvf5.cloudfront.net
2024-12-10 23:55:34 UTC	337	OUT	Data Raw: 7b 22 74 61 62 6c 65 22 3a 22 7a 62 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 64 61 74 61 22 3a 22 7b 5c 22 30 5c 22 3a 5c 22 5c 22 2c 5c 22 31 5c 22 3a 5c 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 5c 22 2c 5c 22 32 5c 22 3a 5c 22 32 30 32 34 31 32 31 30 31 38 35 35 30 33 5c 22 2c 5c 22 33 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 34 5c 22 3a 5c 22 49 4d 44 6f 77 6e 6c 6f 61 64 65 72 5c 22 2c 5c 22 35 5c 22 3a 5c 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 37 5c 22 2c 5c 22 31 38 5c 22 3a 5c 22 5c 22 2c 5c 22 31 39 5c 22 3a 5c 22 4e 4f 43 48 78 4e 65 77 33 30 4d 61 79 32 5c 22 2c 5c 22 32 31 5c 22 3a 5c 22 66 6f 72 75 6d 65 72 2d 65 6e 5c 22 2c 5c 22 36 Data Ascii: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241210185503\",\"3\":\"IMDownloader\",\"4\":\"IMDownloader\",\"5\":\"Internet Explorer 7\",\"18\":\"\",\"19\":\"NOCHxNew30May2\",\"21\":\"forumer-en\",\"6
2024-12-10 23:55:35 UTC	427	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 15 Connection: close Date: Tue, 10 Dec 2024 23:55:34 GMT Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE Access-Control-Allow-Origin: * X-Cache: Miss from cloudfront Via: 1.1 9e1ca2a082cf3304834fbd01d8598ce4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MRS52-P4 X-Amz-Cf-Id: YqD2rxEzDkPn5qUsodvlawa_z__HOmXtrQ4cLofMM9XsrhG-LpUzVg==
2024-12-10 23:55:35 UTC	15	IN	Data Raw: 7b 22 53 74 61 74 75 73 22 3a 22 4f 4b 22 7d Data Ascii: {"Status":"OK"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49853	104.21.48.1	443	6100	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:34 UTC	208	OUT	POST /forecast HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: NSIS_Inetc (Mozilla) Host: localweatherfree.com Content-Length: 273 Connection: Keep-Alive Cache-Control: no-cache
2024-12-10 23:55:34 UTC	273	OUT	Data Raw: 6c 6f 63 61 74 69 6f 6e 3d 37 69 78 31 4c 38 25 32 46 37 55 78 78 42 58 67 49 63 47 32 38 46 41 62 51 4f 6e 6f 38 43 67 70 38 6a 36 49 33 5a 68 57 35 57 70 6b 52 35 4c 36 52 6b 25 32 46 7a 56 63 36 6b 25 32 42 46 70 34 25 32 42 6a 54 4e 30 32 4a 25 32 46 55 41 64 47 5a 50 47 37 57 78 65 78 39 61 33 68 49 6e 57 4b 4b 6a 44 6f 43 53 39 67 63 6b 78 72 42 6a 37 4b 42 47 6f 61 36 69 4e 34 46 70 61 39 74 44 39 59 51 46 70 59 56 65 79 38 33 6b 73 4e 63 70 49 74 57 66 65 35 6f 57 54 75 49 31 32 69 32 4f 42 67 77 37 59 6f 75 45 7a 64 4b 6d 58 52 66 4d 62 35 45 49 4c 77 69 6d 50 48 57 69 78 6d 4e 31 42 70 4b 67 63 39 62 39 48 41 70 77 67 44 59 58 58 32 53 59 7a 49 56 59 37 61 32 5a 58 74 38 31 42 34 69 34 31 47 56 77 52 6e 25 32 42 66 75 55 52 54 64 44 64 73 70 54 Data Ascii: location=7ix1L8%2F7UxxBXgIcG28FAbQOno8Cgp8j6I3ZhW5WpkR5L6Rk%2FzVc6k%2BFp4%2BjTN02J%2FUAdGZPG7Wxex9a3hInWKKjDoCS9gckxrBj7KBGoa6iN4Fpa9tD9YQFpYVey83ksNcpItWfe5oWTuI12i2OBgw7YouEzdKmXRfMb5EILwimPHWixmN1BpKgc9b9HApwgDYXX2SYzIVY7a2ZXt81B4i41GVwRn%2BfuURTdDdspT
2024-12-10 23:55:34 UTC	800	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7yCbd6XpjRwxyriYJwaLhqkhYIR%2BYGHqTgQMPHR0%2BoYzGx9VnGsDDXNK7wlUTIBnojOVl9XAuYuLmToiy%2BNDhKAh5RfM8fcTv49XqDFH8CGf3Ex85bbQ4urs%2FS6oOJTPuLRvViUnA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f012aa5cc928c84-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1828&min_rtt=1816&rtt_var=706&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2851&recv_bytes=1117&delivery_rate=1524008&cwnd=175&unsent_bytes=0&cid=a3e9a8264fb295ac&ts=529&x=0"
2024-12-10 23:55:34 UTC	70	IN	Data Raw: 34 30 0d 0a 4b 57 79 65 72 2b 74 54 4a 78 41 45 4b 73 53 36 33 64 32 38 4a 55 33 32 51 65 32 64 50 2f 6f 53 4e 4d 6e 68 2f 71 50 6e 33 6a 62 36 56 6a 43 58 51 59 70 58 71 36 38 56 70 79 2f 6e 41 50 6b 65 0d 0a Data Ascii: 40KWyer+tTJxAEKsS63d28JU32Qe2dP/oSNMnh/qPn3jb6VjCXQYpXq68Vpy/nAPke
2024-12-10 23:55:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49861	104.21.48.1	443	6100	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:37 UTC	208	OUT	POST /forecast HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: NSIS_Inetc (Mozilla) Host: localweatherfree.com Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache
2024-12-10 23:55:37 UTC	267	OUT	Data Raw: 6c 6f 63 61 74 69 6f 6e 3d 5a 74 62 4f 67 41 74 69 4e 46 44 4a 70 78 4a 72 66 66 7a 39 68 32 55 56 4a 75 76 34 36 41 39 72 63 6f 36 61 32 6a 6f 48 34 47 33 4b 76 35 65 34 56 4b 4a 76 36 6a 64 70 52 61 48 59 51 34 75 71 4b 5a 62 7a 47 46 7a 63 70 77 4a 50 70 62 4c 30 43 50 32 53 4a 4d 74 25 32 42 44 48 6a 68 55 66 68 64 46 48 43 7a 59 57 33 45 57 6a 34 71 74 63 6c 4b 44 6e 48 54 31 7a 72 31 76 4d 58 71 35 65 42 62 32 25 32 42 70 34 4d 4f 38 6b 33 43 57 35 74 53 46 4a 65 6b 6f 58 4e 71 57 57 67 54 61 76 6f 63 47 48 67 32 4c 6d 6c 6a 30 76 65 68 76 70 5a 53 61 56 4f 6b 4f 72 34 77 76 51 49 69 70 4c 56 32 6a 4e 37 68 43 31 33 4c 52 64 54 6d 78 46 66 34 45 42 78 41 4e 25 32 46 41 6b 65 66 4d 4d 38 75 4c 66 39 63 51 70 75 41 4e 71 6d 57 71 45 4e 67 36 35 6c 6e Data Ascii: location=ZtbOgAtiNFDJpxJrffz9h2UVJuv46A9rco6a2joH4G3Kv5e4VKJv6jdpRaHYQ4uqKZbzGFzcpwJPpbL0CP2SJMt%2BDHjhUfhdFHCzYW3EWj4qtclKDnHT1zr1vMXq5eBb2%2Bp4MO8k3CW5tSFJekoXNqWWgTavocGHg2Lmlj0vehvpZSaVOkOr4wvQIipLV2jN7hC13LRdTmxFf4EBxAN%2FAkefMM8uLf9cQpuANqmWqENg65ln
2024-12-10 23:55:37 UTC	804	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Flc9L7ClbOfjpvgpvL%2BuiJ2fvSfGhSC1%2BD%2Fh69kK%2Bt87Z3BCQ3cJE4ieZelVLRB6n%2FRMpYeYRaRGA1X93wp8h1OB6Ot405JfvxvUhlSCSlSXMd7koV%2BgoOb4OaWJ4PRLkYSsxtrhFA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f012ab74ceb42c2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1593&min_rtt=1575&rtt_var=627&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=1111&delivery_rate=1697674&cwnd=240&unsent_bytes=0&cid=b673ee6403bef838&ts=522&x=0"
2024-12-10 23:55:37 UTC	70	IN	Data Raw: 34 30 0d 0a 62 56 58 6b 43 70 34 76 79 30 73 64 39 63 54 4a 7a 45 73 53 42 62 7a 67 4d 33 39 63 61 6a 4f 49 75 44 4f 78 71 77 62 56 38 43 51 44 2f 55 43 61 72 67 52 41 54 62 34 46 4b 34 49 56 6d 6f 4e 54 0d 0a Data Ascii: 40bVXkCp4vy0sd9cTJzEsSBbzgM39cajOIuDOxqwbV8CQD/UCargRATb4FK4IVmoNT
2024-12-10 23:55:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49860	54.200.239.173	443	5960	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:37 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 336 Host: analytics.apis.mcafee.com
2024-12-10 23:55:37 UTC	336	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a 22 57 49 4e 22 2c 22 4f 53 5f 50 6c 61 74 66 6f 72 6d 22 3a 22 36 34 22 2c 22 4f 53 5f 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 31 38 38 39 22 2c 22 50 72 6f 64 75 63 74 5f 56 65 72 73 69 6f 6e 22 3a 22 34 2e 31 2e 31 2e 38 36 35 22 2c 22 55 55 49 44 22 3a 22 7b 35 39 38 35 37 32 37 37 2d 35 33 31 32 2d 34 35 41 43 2d 39 37 46 31 2d 45 42 32 39 33 33 45 42 44 45 33 34 7d 22 2c 22 65 61 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 3d 74 72 75 65 22 2c 22 65 63 22 3a 22 49 6e 70 75 74 50 61 72 61 6d 65 74 65 72 73 22 2c 22 65 6c Data Ascii: {"Data":{"Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":"WIN","OS_Platform":"64","OS_Version":"10.0.19041.1889","Product_Version":"4.1.1.865","UUID":"{59857277-5312-45AC-97F1-EB2933EBDE34}","ea":"PaidDistribution=true","ec":"InputParameters","el
2024-12-10 23:55:38 UTC	95	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:38 GMT Content-Length: 17 Connection: close
2024-12-10 23:55:38 UTC	17	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d Data Ascii: {"message": "ok"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49872	104.21.48.1	443	6100	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:42 UTC	208	OUT	POST /forecast HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: NSIS_Inetc (Mozilla) Host: localweatherfree.com Content-Length: 281 Connection: Keep-Alive Cache-Control: no-cache
2024-12-10 23:55:42 UTC	281	OUT	Data Raw: 6c 6f 63 61 74 69 6f 6e 3d 38 6f 44 38 74 5a 66 59 72 68 46 66 52 6c 32 36 6c 7a 65 54 37 79 44 62 72 44 35 7a 66 43 45 4c 55 5a 78 6c 7a 48 4c 42 59 44 52 44 6e 4f 30 78 55 46 25 32 42 73 30 57 67 6f 5a 6b 70 49 32 7a 55 57 39 65 4b 38 4a 43 74 59 6a 48 5a 71 31 6d 6f 57 68 56 55 44 51 6c 62 64 50 48 61 69 79 49 42 67 30 59 32 35 6a 37 4d 49 25 32 46 78 6a 6a 65 73 4a 53 66 76 62 6d 65 53 69 45 51 25 32 42 50 55 6f 55 44 69 73 66 36 48 36 6d 52 63 42 47 7a 6e 46 33 7a 25 32 42 48 4b 6e 48 7a 4e 6f 47 6d 6c 53 50 65 66 71 68 36 58 74 4c 7a 6a 66 38 51 51 62 78 61 36 33 6a 78 76 76 43 6b 47 52 76 68 77 44 6f 59 76 25 32 42 48 30 32 54 64 25 32 42 63 49 49 53 45 58 72 25 32 42 48 25 32 42 5a 79 54 72 25 32 42 45 4e 6f 38 71 75 41 49 44 4a 61 79 43 71 53 68 Data Ascii: location=8oD8tZfYrhFfRl26lzeT7yDbrD5zfCELUZxlzHLBYDRDnO0xUF%2Bs0WgoZkpI2zUW9eK8JCtYjHZq1moWhVUDQlbdPHaiyIBg0Y25j7MI%2FxjjesJSfvbmeSiEQ%2BPUoUDisf6H6mRcBGznF3z%2BHKnHzNoGmlSPefqh6XtLzjf8QQbxa63jxvvCkGRvhwDoYv%2BH02Td%2BcIISEXr%2BH%2BZyTr%2BENo8quAIDJayCqSh
2024-12-10 23:55:42 UTC	802	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nm5mYCZu2vtBYHWDHoHJyMd17BbwG%2Bte7DOSFLAS3qB3NVCtX16v3WzJbuWz0gxZaS8e1BQ8ZCiM3RwvHEsByu03Wgt2N6LB6%2FSWlfx%2Bmze%2BMzqTmjuhUgVqlRuqiOwog5%2BWg6Z6Vw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f012ad62bcb8c84-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1822&min_rtt=1816&rtt_var=693&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2851&recv_bytes=1125&delivery_rate=1564006&cwnd=175&unsent_bytes=0&cid=9a181f47ce00ca63&ts=491&x=0"
2024-12-10 23:55:42 UTC	70	IN	Data Raw: 34 30 0d 0a 6c 54 41 77 42 49 31 68 4f 4e 44 79 45 77 6b 61 54 37 76 78 4b 4b 76 77 31 31 36 53 66 69 6f 59 73 75 64 64 48 6e 6b 74 33 67 43 52 33 74 52 62 34 4f 34 46 46 42 4f 75 52 50 4e 4b 6a 45 6b 46 0d 0a Data Ascii: 40lTAwBI1hONDyEwkaT7vxKKvw116SfioYsuddHnkt3gCR3tRb4O4FFBOuRPNKjEkF
2024-12-10 23:55:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49899	104.21.48.1	443	6100	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:48 UTC	208	OUT	POST /forecast HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: NSIS_Inetc (Mozilla) Host: localweatherfree.com Content-Length: 275 Connection: Keep-Alive Cache-Control: no-cache
2024-12-10 23:55:48 UTC	275	OUT	Data Raw: 6c 6f 63 61 74 69 6f 6e 3d 6d 62 79 49 38 69 72 66 4e 34 71 39 37 73 38 6b 64 34 4d 45 64 31 32 57 49 61 39 63 69 77 4d 77 4e 25 32 46 42 75 25 32 46 69 67 25 32 42 6e 4e 46 50 42 45 32 74 30 4a 56 30 63 71 35 66 69 48 30 67 7a 63 38 33 4e 6e 55 33 55 4d 38 36 42 33 72 69 6b 38 30 68 45 67 41 6e 58 49 65 37 68 62 38 53 4c 25 32 46 71 25 32 42 58 44 72 46 32 33 61 53 51 4b 6c 42 34 6f 4e 6a 32 52 4f 61 48 44 4a 53 48 79 61 6b 7a 4a 52 7a 58 77 45 69 74 59 64 43 68 30 6c 48 55 33 50 71 70 6a 51 68 61 69 79 38 6f 7a 57 32 77 70 56 6e 35 4a 4f 68 43 57 6a 7a 48 79 59 54 78 70 72 50 58 44 75 4b 73 4b 4c 4c 4e 6a 74 6a 74 39 57 4f 66 56 48 4b 31 52 5a 58 67 6e 6e 66 45 30 47 65 74 51 6b 6f 25 32 42 59 79 71 53 6e 67 54 4a 68 55 46 6b 62 45 25 32 46 52 72 6d 73 Data Ascii: location=mbyI8irfN4q97s8kd4MEd12WIa9ciwMwN%2FBu%2Fig%2BnNFPBE2t0JV0cq5fiH0gzc83NnU3UM86B3rik80hEgAnXIe7hb8SL%2Fq%2BXDrF23aSQKlB4oNj2ROaHDJSHyakzJRzXwEitYdCh0lHU3PqpjQhaiy8ozW2wpVn5JOhCWjzHyYTxprPXDuKsKLLNjtjt9WOfVHK1RZXgnnfE0GetQko%2BYyqSngTJhUFkbE%2FRrms
2024-12-10 23:55:49 UTC	808	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OHzYxWUPfIhPtPW6llq1neIRamXX3%2BEQ5%2BnJQE4VDc0aUlW%2BlbZBMy%2BeX8F8N70e8Yd0pv%2FUGMmdoYBMKYaD7Gcz4mPkqN6F7%2BXWdHl5imW9LeKHc1W%2FQlZTGMi4jqbr26R4ldZ1%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f012afe9a338c84-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1780&min_rtt=1771&rtt_var=683&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1119&delivery_rate=1580942&cwnd=175&unsent_bytes=0&cid=ffea6f39196b6630&ts=490&x=0"
2024-12-10 23:55:49 UTC	70	IN	Data Raw: 34 30 0d 0a 32 44 6d 4a 50 6d 36 31 69 49 78 31 5a 6f 45 34 42 37 59 34 50 6c 6d 48 72 73 59 59 39 41 4b 61 2f 66 33 4d 51 62 4a 72 31 4b 66 69 6e 66 38 58 4f 54 38 31 72 56 73 4f 4a 68 7a 2f 34 43 79 73 0d 0a Data Ascii: 402DmJPm61iIx1ZoE4B7Y4PlmHrsYY9AKa/f3MQbJr1Kfinf8XOT81rVsOJhz/4Cys
2024-12-10 23:55:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49915	54.200.239.173	443	5960	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 23:55:53 UTC	232	OUT	PUT /mosaic/2.0/product-web/am/v1/record HTTP/1.1 Connection: Keep-Alive Content-Type: application/json User-Agent: SA X-Api-Key: wtuQtD4DdA8poRbq0pzMh1iysE9YiVlC14kJF9ZI Content-Length: 507 Host: analytics.apis.mcafee.com
2024-12-10 23:55:53 UTC	507	OUT	Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 41 66 66 69 64 22 3a 22 39 31 30 38 38 22 2c 22 43 6f 75 6e 74 72 79 5f 43 6f 64 65 22 3a 22 55 53 22 2c 22 44 69 73 74 72 69 62 75 74 69 6f 6e 5f 53 75 62 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 49 44 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 49 6e 73 74 61 6c 6c 5f 4c 6f 75 64 6e 65 73 73 22 3a 22 53 69 6c 65 6e 74 22 2c 22 49 6e 73 74 61 6c 6c 5f 53 6f 75 72 63 65 22 3a 22 50 61 69 64 44 69 73 74 72 69 62 75 74 69 6f 6e 22 2c 22 49 72 6f 6e 73 6f 75 72 63 65 5f 50 69 78 65 6c 22 3a 22 55 4e 44 45 46 49 4e 45 44 22 2c 22 4d 61 63 68 69 6e 65 5f 49 44 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 4f 53 22 3a Data Ascii: {"Data":{"Affid":"91088","Country_Code":"US","Distribution_SubID":"UNDEFINED","Install_ID":"UNDEFINED","Install_Loudness":"Silent","Install_Source":"PaidDistribution","Ironsource_Pixel":"UNDEFINED","Machine_ID":"9e146be9-c76a-4720-bcdb-53011b87bd06","OS":
2024-12-10 23:55:54 UTC	95	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 23:55:53 GMT Content-Length: 17 Connection: close
2024-12-10 23:55:54 UTC	17	IN	Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 6f 6b 22 7d Data Ascii: {"message": "ok"}

Target ID:	0
Start time:	18:53:46
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe" > cmdline.out 2>&1
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	18:53:46
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	18:53:46
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\wget.exe
Wow64 process (32bit):	true
Commandline:	wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe"
Imagebase:	0x400000
File size:	3'895'184 bytes
MD5 hash:	3DADB6E2ECE9C4B3E1E322E617658B60
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	18:53:54
Start date:	10/12/2024
Path:	C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe"
Imagebase:	0x400000
File size:	2'513'624 bytes
MD5 hash:	4CEF35CB56164E4427C8890CF5CDFD85
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 50%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	18:53:55
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-2R9I2.tmp\internet-explorer-7_8xx5-B1.tmp" /SL5="$2046E,1583588,832512,C:\Users\user\Desktop\download\internet-explorer-7_8xx5-B1.exe"
Imagebase:	0x400000
File size:	3'199'488 bytes
MD5 hash:	02B1D8FF84BCD4EBCB01156636269B99
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	18:55:25
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Imagebase:	0xd0000
File size:	1'184'128 bytes
MD5 hash:	143255618462A577DE27286A272584E1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	18:55:28
Start date:	10/12/2024
Path:	C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod1_extract\WZSetup.exe" /S /tpchannelid=1571 /distid=App123
Imagebase:	0x400000
File size:	6'261'520 bytes
MD5 hash:	3C17F28CC001F6652377D3B5DEEC10F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	18:55:36
Start date:	10/12/2024
Path:	C:\Users\user\Downloads\internet-explorer-7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Downloads\internet-explorer-7.exe"
Imagebase:	0x1000000
File size:	29'662'072 bytes
MD5 hash:	AF5465B7E20FE89266A5B81BA1857BE1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	18:55:37
Start date:	10/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.__/?typ=1
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	18:55:38
Start date:	10/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	18:55:38
Start date:	10/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1908,i,11294617880260353184,3263670613156315574,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Analysis Process: WeatherZeroService.exePID: 6092, Parent PID: 6100

General

Target ID:	16
Start time:	18:55:42
Start date:	10/12/2024
Path:	C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" install
Imagebase:	0x510000
File size:	3'385'616 bytes
MD5 hash:	2B149BA4C21C66D34F19214D5A8D3067
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 3%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	18:55:42
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	18:55:42
Start date:	10/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	18:55:42
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7560 -ip 7560
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	18:55:43
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 1200
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	18:55:43
Start date:	10/12/2024
Path:	C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe" start silent
Imagebase:	0x510000
File size:	3'385'616 bytes
MD5 hash:	2B149BA4C21C66D34F19214D5A8D3067
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	18:55:43
Start date:	10/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	18:55:44
Start date:	10/12/2024
Path:	C:\b99fd08a604e45b5fc9f\update\iesetup.exe
Wow64 process (32bit):	false
Commandline:	c:\b99fd08a604e45b5fc9f\update\iesetup.exe
Imagebase:	0x7ff72b0e0000
File size:	1'107'136 bytes
MD5 hash:	DDAB11B09B0310328B06F089DF750207
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	18:55:44
Start date:	10/12/2024
Path:	C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe"
Imagebase:	0x510000
File size:	3'385'616 bytes
MD5 hash:	2B149BA4C21C66D34F19214D5A8D3067
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	18:55:45
Start date:	10/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	6.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	52

Executed Functions

Function 00105318 Relevance: 69.2, APIs: 12, Strings: 27, Instructions: 928
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001588FA: EnterCriticalSection.KERNEL32(001D742C,?,?,?,000F402B,001D827C,428E8EC3,?,000F1171,?), ref: 00158905
Part of subcall function 001588FA: LeaveCriticalSection.KERNEL32(001D742C,?,?,?,000F402B,001D827C,428E8EC3,?,000F1171,?), ref: 00158942

Part of subcall function 00104A40: _com_issue_error.COMSUPP ref: 00104AD2
Part of subcall function 00104A40: SysFreeString.OLEAUT32(-00000001), ref: 00104AFD

Part of subcall function 001061F0: Concurrency::cancel_current_task.LIBCPMT ref: 001062BF

Part of subcall function 001588B0: EnterCriticalSection.KERNEL32(001D742C,?,?,000F4086,001D827C,001968E0,?), ref: 001588BA
Part of subcall function 001588B0: LeaveCriticalSection.KERNEL32(001D742C,?,?,000F4086,001D827C,001968E0,?), ref: 001588ED
Part of subcall function 001588B0: RtlWakeAllConditionVariable.NTDLL ref: 00158964

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,428E8EC3,?,?), ref: 001057B4
FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 001057C5
LoadResource.KERNEL32(00000000,00000000), ref: 001057D1
LockResource.KERNEL32(00000000), ref: 001057DC
Concurrency::cancel_current_task.LIBCPMT ref: 00106067
Concurrency::cancel_current_task.LIBCPMT ref: 00106085
SysFreeString.OLEAUT32 ref: 0010610F
SysFreeString.OLEAUT32(00000000), ref: 0010615A

Strings

UUID, xrefs: 00105AC8
select EstimatedRunTime from Win32_Battery, xrefs: 001053A7
Version, xrefs: 00105911
Time, xrefs: 0010537F
PowerState, xrefs: 00105578
Failed to convert wuuid to string, xrefs: 00105C17
), xrefs: 00106016
select PCSystemTypeEx from Win32_ComputerSystem, xrefs: 00105486
select PowerState from Win32_ComputerSystem, xrefs: 00105565
orm, xrefs: 00105FDD
IsWow64Process, xrefs: 00105F95
(error), xrefs: 001054DE, 001055BD
kState, xrefs: 0010560D
kernel32, xrefs: 00105F82
NO_REGKEY, xrefs: 00105CDE
root\wmi, xrefs: 0010563B
t, xrefs: 00105C0B
UUID, xrefs: 00105D88, 00105C84
4.1.1.865, xrefs: 0010597A
0.0.0.0, xrefs: 00105816
EstimatedRunTime, xrefs: 001053BA
PCSystemTypeEx, xrefs: 00105499
select PredictFailure from MSStorageDriver_FailurePredictStatus, xrefs: 0010564E
kernel32.dll, xrefs: 001057A8
Root\CIMV2, xrefs: 00105391, 00105473, 00105552
PredictFailure, xrefs: 00105661
ery), xrefs: 00105407

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
String ID: (error)$)$0.0.0.0$4.1.1.865$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
API String ID: 2830066208-329860846
Opcode ID: b6d6f34d15b6bd607fc6c56436f0d89be1143b60d8fd7f91310a43de73042761
Instruction ID: f1dc68f582b45295644bc84275ec537191cc87959d157caf3465cf929b245776
Opcode Fuzzy Hash: b6d6f34d15b6bd607fc6c56436f0d89be1143b60d8fd7f91310a43de73042761
Instruction Fuzzy Hash: 4E820170901348DFEB14DFA4D8487EEBBB2AF55304F24421DE485AB7D2DBB49A84CB61

Function 000FF110 Relevance: 68.3, APIs: 21, Strings: 17, Instructions: 1782COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FF268
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FF307
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FF37E
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FF8B0
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FFBBD

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FFDB6
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 001000BA
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0010015F
GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 001005D7
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00100614
GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 0010086A
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 001008A7
GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 00100A90
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00100ACD

Strings

SOFTWARE\McAfee\WebAdvisor, xrefs: 000FF181
HTTP status error for AWS: , xrefs: 0010011E
X-Api-Key: , xrefs: 000FFF28
HTTP open request failed for AWS: , xrefs: 00100DB8
AWS Response Code received , xrefs: 00100079
NO_REGVALUE, xrefs: 000FF54F
HTTP send request failed for AWS: , xrefs: 0010085A
HTTP receive response failed for AWS: , xrefs: 001005C7
HTTP add request header failed for AWS x_api_key: , xrefs: 00100A80
`ato, xrefs: 000FFE78, 000FFE8D, 0010027E, 00100293, 00100415, 0010042A, 00100733, 00100748, 001009C6, 001009DB, 00100BEC, 00100C01, 00100CFE, 00100D13, 00100E15
Failed to initialize buffer for AWS, xrefs: 000FF889
AWS Adhoc Telemetry Payload = , xrefs: 000FFB62
Failed to convert the x_api_key string to wide, xrefs: 000FFD8F
HTTP connection failed for AWS: , xrefs: 00100EBA
0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b, xrefs: 000FF5B7, 000FF656
AdhocTelemetryAWS, xrefs: 000FF1B6
Querying AdhocTelemetryAWS value failed: , xrefs: 000FF217

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key: $`ato
API String ID: 1658547907-4278538183
Opcode ID: 061292db2f61f89d70bf29346a87e0a37055c3255ec563f21a4d7fefc08f065d
Instruction ID: 0e1dc6f28726ba297c459605b55d570d0d0dfcde5832edec81b873c702d5444d
Opcode Fuzzy Hash: 061292db2f61f89d70bf29346a87e0a37055c3255ec563f21a4d7fefc08f065d
Instruction Fuzzy Hash: 9BF2CF709002699BDB25EB24CD99BEDB7B5AF49304F0041E8E44DAB292DB759FC8CF50

Function 00113AC0 Relevance: 66.7, APIs: 3, Strings: 34, Instructions: 1934COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 00113CE8

Part of subcall function 00143084: __EH_prolog3.LIBCMT ref: 0014308B
Part of subcall function 00143084: std::_Lockit::_Lockit.LIBCPMT ref: 00143096
Part of subcall function 00143084: std::locale::_Setgloballocale.LIBCPMT ref: 001430B1
Part of subcall function 00143084: std::_Lockit::~_Lockit.LIBCPMT ref: 00143107

std::locale::_Init.LIBCPMT ref: 00114934
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00114CD5

Strings

c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h, xrefs: 00113B53, 00113EFF, 00113F67, 00114400, 00114D16, 00114DE5, 00114E51, 001151E6, 0011546C, 001154C3, 00115585, 001155DA, 00115785, 0011586D, 001158AF, 001158EC
UPDATE, xrefs: 00113B7F, 001154DE
Precondition "%s" evaluated to false, xrefs: 00114B1E
true, xrefs: 001142E4
NWebAdvisor::NXmlUpdater::CUpdater::Process, xrefs: 00114276, 001142AC, 00114359, 0011438F, 00114C35, 00114D66, 00115564, 00115619, 00115741, 00115824, 0011593A
NWebAdvisor::NXmlUpdater::Hound::End, xrefs: 00114D11, 00114DE0, 00115467, 001154BE, 00115580, 001155D5, 00115868, 001158AA, 001158E7
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp, xrefs: 0011427B, 001142B1, 0011435E, 00114394, 00114C3A, 00114D6B, 00115569, 0011561E, 00115746, 00115829, 0011593F
NWebAdvisor::NXmlUpdater::Hound::Start, xrefs: 00113B4E, 00113EFA, 00113F62, 001143FB, 00114E4C, 001151E1
unknown, xrefs: 00114103
UPDATEARRAY, xrefs: 00113B18
XML precondition array returned false due to sniffer actions, xrefs: 0011426C
NWebAdvisor::NXmlUpdater::Hound::ExitResult, xrefs: 00115780
2, xrefs: 001158E2
EXIT, xrefs: 00115270, 001152B2
Exit update command triggered. Exiting..., xrefs: 0011560F
Malformed XML, no UPDATEARRAY element, xrefs: 00115930
UPDATECOMMANDS, xrefs: 00114E06
Command "%s" failed, xrefs: 0011581A
XML precondition array with tag %s returned false, xrefs: 00114D5C
TAG, xrefs: 00113FCA
Precondition "%s" evaluated to true, xrefs: 00114C2B
EXIT_XML, xrefs: 001152FB
Unable to substitute the return code, xrefs: 001156D7, 0011573F
PRECONDITIONARRAY, xrefs: 00113F1E
PRECONDITION, xrefs: 001143B9, 00114C71
Unable to convert ReturnCode into int, xrefs: 0011573A
Couldn't find the ReturnCode attribute of EXIT command, xrefs: 00115676
XML precondition array with tag %s returned true due to sniffer actions, xrefs: 00114385
EXIT_UPDATE, xrefs: 00115344, 001155FD
XML precondition array with tag %s returned false due to sniffer actions, xrefs: 001142A2
XML precondition failed - no Type specified, xrefs: 0011555A
ReturnCode, xrefs: 00115637, 0011568C, 001156DE
XML precondition array returned true due to sniffer actions, xrefs: 0011434F
false, xrefs: 001141FF

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
String ID: 2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown
API String ID: 3544396713-2181764886
Opcode ID: c73ae5b5bc6409bafc89a7b8c2eff6ca9f86bb4ee7a266918bca25d8dc502162
Instruction ID: 6395d602eb3ea9b0df4b55b91941ea9e9c0f219e3e563a8037244a5d40b9db39
Opcode Fuzzy Hash: c73ae5b5bc6409bafc89a7b8c2eff6ca9f86bb4ee7a266918bca25d8dc502162
Instruction Fuzzy Hash: AC138A75D002689BDB28DF68C849BEDBBB5AF59304F1441E9E409B7291DB70AEC4CF90

Function 000F5870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780
encryptionfilethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 000F58AA
GetCurrentThreadId.KERNEL32 ref: 000F58B4
CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 000F593A
CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 000F595C
CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 000F5991
CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 000F59B5
CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 000F59D9
CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 000F59FD
UuidCreate.RPCRT4(00000000), ref: 000F5A41
UuidCreate.RPCRT4(00000000), ref: 000F5A57
CryptAcquireContextW.ADVAPI32(?), ref: 000F5D0E
CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 000F5D2A
CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 000F5D43
CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 000F5D5F
CryptDestroyHash.ADVAPI32(?), ref: 000F5D6E
CryptReleaseContext.ADVAPI32(?,00000000), ref: 000F5D7F
CryptAcquireContextW.ADVAPI32(?), ref: 000F5F87
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 000F5FA3
CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 000F5FBC
CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 000F5FD8
CryptDestroyHash.ADVAPI32(?), ref: 000F5FE7
CryptReleaseContext.ADVAPI32(?,00000000), ref: 000F5FF8

Strings

al delete policy on terminate process 0x%x (%d) rule, xrefs: 000F5C8A
Created access handle %p, xrefs: 000F6171, 000F620C
AacControl3, xrefs: 000F5AB6, 000F5ABD
AacControl2, xrefs: 000F5AC5, 000F5ACC
\\.\Global\WGUARDNT, xrefs: 000F5957, 000F59B0, 000F59F8
AacControl6, xrefs: 000F5A76, 000F5A80, 000F5A90
AacControl4, xrefs: 000F5AA7, 000F5AAE
\\.\WGUARDNT, xrefs: 000F592E, 000F598C, 000F59D4
AacControl, xrefs: 000F5AD4
al disable rules on terminate thread 0x%x (%d) rule, xrefs: 000F5F01
accesslib policy %x:%x, xrefs: 000F5B78
AacControl5, xrefs: 000F5A98, 000F5A9F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
API String ID: 4128897270-3926088020
Opcode ID: 4eb668af5403cccc3a8e722c5ea121d08863e917f4cff9f0bf143b00da78d786
Instruction ID: 7bce6d47d58739b544c624d6f2733ae0ad13a86544e11cf433e47770f8377525
Opcode Fuzzy Hash: 4eb668af5403cccc3a8e722c5ea121d08863e917f4cff9f0bf143b00da78d786
Instruction Fuzzy Hash: D5523535604314AFDB14DF24CC94B2EBBE6BB88714F190559FA46AB790CB74EE418F82

Function 00131840 Relevance: 56.8, APIs: 5, Strings: 27, Instructions: 754registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 00131932
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 00131DAD
RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 00131DD3
std::locale::_Init.LIBCPMT ref: 001320C4

Strings

c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp, xrefs: 0013228D, 001322D3
Error (%d) creating registry key: %s, xrefs: 0013194D
(Default), xrefs: 00131D2A, 00131D72
QWORD, xrefs: 001319E9
Error (%d) setting value (%s) under registry key: %s, xrefs: 00131D87
Unable to read key or value attribute of SETVAR command, xrefs: 001322C7
memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey, xrefs: 0013198B, 00131AA4, 00131CEA
Value, xrefs: 00131EF2
Unable to set the variable, xrefs: 00131FA6
invalid stoull argument, xrefs: 00131E0B
Unknown registry key type: %s, xrefs: 00131C24
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp, xrefs: 0013195C, 00131997, 00131AB3, 00131C08, 00131C33, 00131CF6, 00131D96
Unable to convert %s to hex, xrefs: 00131BF9
Unable to substitute variables for the SETVAR command, xrefs: 001322BB, 001322CC
STR, xrefs: 001318AA
invalid substitutor, xrefs: 00131E8C
BIN, xrefs: 00131AD9
stoull argument out of range, xrefs: 00131E15
Setting variable , xrefs: 00132170
to , xrefs: 00132189
NWebAdvisor::NXmlUpdater::SetRegistryKey, xrefs: 00131957, 00131992, 00131AAE, 00131C03, 00131C2E, 00131CF1, 00131D91
Key, xrefs: 00131E98
NUM, xrefs: 001319BD
invalid stoul argument, xrefs: 00131E1F
DWORD, xrefs: 001319D3
NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute, xrefs: 00132288, 001322CE
stoul argument out of range, xrefs: 00131E29

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Close$CreateInitstd::locale::_
String ID: to $(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range
API String ID: 3662814871-412574832
Opcode ID: 5e63fabf708142916ae9347dc0dbe6fefc07c37e4e259e2c231fc1b78e852c0b
Instruction ID: 3cef65b8985dfc57188ab1d93723ae2d5d9b47c454c302e6e8ab57759ea018bf
Opcode Fuzzy Hash: 5e63fabf708142916ae9347dc0dbe6fefc07c37e4e259e2c231fc1b78e852c0b
Instruction Fuzzy Hash: 5E52CF74A00318EFDB24DF94CC45BEEB7B5BF05704F5441A9E8096B281E775AA88CFA1

Function 000F5204 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 345
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 000F5225
RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 000F5265
SetLastError.KERNEL32(0000006F), ref: 000F52B6
RegCloseKey.ADVAPI32(?), ref: 000F52C2
RegCloseKey.ADVAPI32(?), ref: 000F52D0
GetLastError.KERNEL32 ref: 000F52F6
OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 000F53E3
OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in EXE directory), ref: 000F54A1

Strings

Software\McAfee\SystemCore, xrefs: 000F521B
NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 000F56B7
%ls\%ls, xrefs: 000F5533
szInstallDir32, xrefs: 000F525F
NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 000F53DE
NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 000F549C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseDebugErrorLastOutputString$OpenQueryValue
String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
API String ID: 901107078-3767168787
Opcode ID: cf78bf40d441840f63c73824c4de066038a914f8458f016a9a0350637a669904
Instruction ID: acece16d1dce78e0a466c460584870b40bcce85e6a9301f86b01dc2b72259de5
Opcode Fuzzy Hash: cf78bf40d441840f63c73824c4de066038a914f8458f016a9a0350637a669904
Instruction Fuzzy Hash: A1D1C070E0071DEBEF60DF64DC45BAEB7B5AF04305F0441A9EA09AA681DB709E84DF91

Function 000F70D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON

Download Yara Rule

APIs

Part of subcall function 00104B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0010521E

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F7D3D
Concurrency::cancel_current_task.LIBCPMT ref: 000F7DFC
__Mtx_unlock.LIBCPMT ref: 000F7DC8

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F7EBB

Strings

Failed to add reserved 2 dimension (, xrefs: 000F7834
Failed to add reserved 5 dimension (, xrefs: 000F7CFD
Failed to add reserved 4 dimension (, xrefs: 000F7B63
z, xrefs: 000F7CF1
Failed to add event action (, xrefs: 000F7379
Failed to add event category (, xrefs: 000F71F0
u, xrefs: 000F7B57
Failed to add reserved 1 dimension (, xrefs: 000F769E
Failed to add reserved 3 dimension (, xrefs: 000F79CD
Failed to add event label (, xrefs: 000F7508
Service has not been initialized, xrefs: 000F7E88

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
API String ID: 342047005-3525645681
Opcode ID: cdead84b5ba9471d99cca7071e8035af47f73545fbf33415dcd8d8785beefc69
Instruction ID: e51160be39b4ad6f1b1e5cc6d2d6cd1a678fa8432cbe8839caf54428d79b1da2
Opcode Fuzzy Hash: cdead84b5ba9471d99cca7071e8035af47f73545fbf33415dcd8d8785beefc69
Instruction Fuzzy Hash: 4E821670904248CFDF18EF24C895BEE7BB5EF45304F50419CE91A9B682DB75DA08DBA2

Function 000F8FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON

Download Yara Rule

APIs

CoCreateGuid.OLE32(?), ref: 000F8FC8
StringFromCLSID.OLE32(?,?), ref: 000F8FE0
CoTaskMemFree.OLE32(?), ref: 000F9138
Concurrency::cancel_current_task.LIBCPMT ref: 000F9173
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F93D1

Strings

SOFTWARE\McAfee\WebAdvisor, xrefs: 000F91FB
Could not create registry key , xrefs: 000F923F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
API String ID: 3741506170-3627174789
Opcode ID: ccf0486eef311df29a5abc99e838d0ed62b5cf032e0fc3626b217ba5170fda89
Instruction ID: 0772933a57509652315e379d1e374127f1293f4baf843905bd396b1222c854fe
Opcode Fuzzy Hash: ccf0486eef311df29a5abc99e838d0ed62b5cf032e0fc3626b217ba5170fda89
Instruction Fuzzy Hash: 4381D671A00209DFD714EF64DC49BAE77E8FF54310F50462DFA2697681EB30AA48CB91

Function 000E4C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 000E4CA6
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 000E4CB8
Process32FirstW.KERNEL32(00000000,?), ref: 000E4CD3
Process32NextW.KERNEL32(00000000,0000022C), ref: 000E4CE9
CloseHandle.KERNEL32(00000000), ref: 000E4CFA

Strings

saBSI.exe, xrefs: 000E4D1C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
String ID: saBSI.exe
API String ID: 592884611-3955546181
Opcode ID: 1dca2c63a918d0af47fdd3c0a36aac946dc30f10dceb6642d78553aa99026b35
Instruction ID: 378133dc7fe33e8dc7d3f52abd77de4380bdacc6e50d9eca540a094a645efc8c
Opcode Fuzzy Hash: 1dca2c63a918d0af47fdd3c0a36aac946dc30f10dceb6642d78553aa99026b35
Instruction Fuzzy Hash: BE213D312053409FC260EF26EC49ABF77D5EB85324F140629FD25E71D1E730D9498693

Function 001173B0 Relevance: 9.2, Strings: 7, Instructions: 433COMMON

Download Yara Rule

Strings

CObfuscatedIniReader cannot load file: %s, xrefs: 001175DD
NWebAdvisor::CSubInfoDatReader::ReadString, xrefs: 001175E4, 00117741, 0011782D
&, xrefs: 0011750E
Key was not found: %s, xrefs: 00117826
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubInfoDataReader.cpp, xrefs: 001175E9, 00117746, 00117832
No section found for %s, xrefs: 0011773A
&, xrefs: 001174C2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: HeapProcess
String ID: &$&$CObfuscatedIniReader cannot load file: %s$Key was not found: %s$NWebAdvisor::CSubInfoDatReader::ReadString$No section found for %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubInfoDataReader.cpp
API String ID: 54951025-2132657581
Opcode ID: 046ebc9a1ab5d721d050495c76cf714f2317445bad23499e6e5ba975421dabb2
Instruction ID: eadee1b81da0e5c43beb9f575927d5b7878f134e85da7a543435fda2bc8d65a6
Opcode Fuzzy Hash: 046ebc9a1ab5d721d050495c76cf714f2317445bad23499e6e5ba975421dabb2
Instruction Fuzzy Hash: B2F1D270A04209DFDB18DF68C845BDEB7B1AF55314F1482ACE809AB3D1EB709A88CF50

Function 000F4F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00000000,00000000,428E8EC3), ref: 000F4FB5
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 000F4FDF
GetLastError.KERNEL32 ref: 000F4FF2
GetLastError.KERNEL32 ref: 000F500B

Strings

%ls\%ls, xrefs: 000F5056

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CurrentDirectoryErrorLast
String ID: %ls\%ls
API String ID: 152501406-2125769799
Opcode ID: 02e8ea16a7b8ff6a52a1d390285b5306b400fe920cbbcc68eed62369569f9a0d
Instruction ID: ea7399e5b0f6ae9a2b4f56365cfdce41311726f5728c6776b44fef4d13d75552
Opcode Fuzzy Hash: 02e8ea16a7b8ff6a52a1d390285b5306b400fe920cbbcc68eed62369569f9a0d
Instruction Fuzzy Hash: D9419671E006199BDB24DFA5CC4576FB6B9AF44701F24413AFA05EB681EF35C9048B91

Function 0012D540 Relevance: 7.2, Strings: 5, Instructions: 925COMMON

Download Yara Rule

Strings

c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp, xrefs: 0012DB6A, 0012E17A
invalid substitutor, xrefs: 0012DB5E
NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied, xrefs: 0012DB65, 0012E175
NEQ, xrefs: 0012D892
Unable to substitute the arguments, xrefs: 0012E16E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: NEQ$NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp$invalid substitutor
API String ID: 0-4090108046
Opcode ID: 2940e72228f032e112c48b1ef357cb99de5fe82051995b4d4e21cc5a2a8a53ca
Instruction ID: a3e091264fb9e5af084fba362f387df587793607607d7944a88fbc3c5de1b039
Opcode Fuzzy Hash: 2940e72228f032e112c48b1ef357cb99de5fe82051995b4d4e21cc5a2a8a53ca
Instruction Fuzzy Hash: 4582B070D002588FDF18DFA8D855BEDBBB1BF45308F10829DE419AB291EB75AA85CF50

Function 000E5C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(001AD808,00000000,00000017,001BB024,00000000,428E8EC3,?,?,?,00000000,00000000,00000000,00188687,000000FF), ref: 000E5C7A
OleRun.OLE32(00000000), ref: 000E5C89

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: 66df43dff93103600934aefe96edafe358ccaf0617a2d7f45dff62946f4c6014
Instruction ID: 255222d5555ba84f9c8edc36525571ae03a14fa7a8359f60c92b6eb157a0c0d5
Opcode Fuzzy Hash: 66df43dff93103600934aefe96edafe358ccaf0617a2d7f45dff62946f4c6014
Instruction Fuzzy Hash: E8215C75600A18EFCB04DB58CC55F6EB7F9FB88B25F204129F516A77A0DB75AD00CA50

Function 000E4E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0010D6D0: GetModuleHandleW.KERNEL32(kernel32.dll,000E4E6C,428E8EC3), ref: 0010D6D5
Part of subcall function 0010D6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0010D6E5

CoInitializeEx.COMBASE(00000000,00000000,428E8EC3), ref: 000E4F3E
CommandLineToArgvW.SHELL32(?,?), ref: 000E5226
GetLastError.KERNEL32(?,00000001), ref: 000E5276
GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 000E52A8
GetLastError.KERNEL32(?,00000001), ref: 000E52F3
GetLongPathNameW.KERNEL32(?,?,00000104), ref: 000E535F
GetLastError.KERNEL32(?,00000002), ref: 000E53AE
CloseHandle.KERNEL32(?,?,00000001), ref: 000E58E9

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Part of subcall function 000E136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E13A5

CoUninitialize.OLE32(?,00000001), ref: 000E58D4

Part of subcall function 000F6BD0: __Mtx_init_in_situ.LIBCPMT ref: 000F6CC0

Strings

SA/WA installation failed with exit code: , xrefs: 000E5863
InvalidArguments, xrefs: 000E56B5
MAIN_XML, xrefs: 000E5553
STORE_XML_ON_DISK, xrefs: 000E55D5
failed to initialize updater, xrefs: 000E51DC
Failed to allocate memory for event sender service, xrefs: 000E5123
InitSecureDllLoading failed., xrefs: 000E4EAB
Process, xrefs: 000E5208
SELF_UPDATE_ALLOWED, xrefs: 000E54CE
SaBsi.cpp, xrefs: 000E4E6C, 000E510A, 000E51C3, 000E524D, 000E52CA, 000E5385, 000E5669, 000E56E7, 000E57A3, 000E584A
GetLongPathName failed (, xrefs: 000E539E
Install, xrefs: 000E5622, 000E56BA, 000E5769, 000E5810
Failed to create xml updater logger, xrefs: 000E4FD1
TRUE, xrefs: 000E54AA, 000E54B9, 000E55B2
FALSE, xrefs: 000E54A2
GetModuleFileName failed: , xrefs: 000E52E3
WaitForOtherBSIToExit failed, xrefs: 000E4F16
/xml, xrefs: 000E5513, 000E5542
Failed to create xml updater signature verifier, xrefs: 000E505B
CommandLineToArgvW failed: , xrefs: 000E5266
Started, xrefs: 000E5203, 000E561D
Ended, xrefs: 000E5764
BootStrapInstaller, xrefs: 000E520D, 000E5627, 000E56BF, 000E576E, 000E5815
Some command line BSI variables are invalid., xrefs: 000E5700
BSI installation success. Exit code: , xrefs: 000E57BC
Failed, xrefs: 000E580B
/store_xml_on_disk, xrefs: 000E559B
/no_self_update, xrefs: 000E548C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
API String ID: 126520999-360321973
Opcode ID: 7b055ee326b86102ae2cc9fe4a7152fb96665f592a5017a3e8724326d7f47564
Instruction ID: a18d3f8e4d8a98d8011832ae91114439ed6635a5f209f42bee0d6aee5b461a99
Opcode Fuzzy Hash: 7b055ee326b86102ae2cc9fe4a7152fb96665f592a5017a3e8724326d7f47564
Instruction Fuzzy Hash: DB624D70900289EFDF14EFA5D995BED7BB4AF14304F508459F819B7282EB709E48CBA1

Function 0011EFC0 Relevance: 63.7, APIs: 13, Strings: 23, Instructions: 743
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32 ref: 0011F13D

Part of subcall function 00118650: std::locale::_Init.LIBCPMT ref: 0011882F

CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 0011FAC8

Part of subcall function 0015E960: _free.LIBCMT ref: 0015E973

Strings

WinHttpCrackUrl failed (%d), url: %s, xrefs: 0011F159
HTTP GET request failed (%d), url: %s, xrefs: 0011F227
Unable to open HTTP transaction, xrefs: 0011F055
empty filename, xrefs: 0011F541
Cache-Control: no-cache, xrefs: 0011F23D
GET, xrefs: 0011F1FD
HTTP connection failed (%d), url: %s, xrefs: 0011F1C9
CreateFile failed (%d), xrefs: 0011F88E
true, xrefs: 0011F2BA, 0011F2C5
Unable to extract the filename from url (%s), xrefs: 0011F567
HTTP query content length (%d), url: %s, xrefs: 0011F3C1
HTTP send request failed (%d), url: %s, ignore proxy flag %s, xrefs: 0011F2C9
HTTP receive response failed (%d), url: %s, xrefs: 0011F31A
HTTP status (%d) error (%d), url: %s, xrefs: 0011F35F
File already exists: %s, xrefs: 0011F8C1
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 0011F064, 0011F274, 0011F2D8, 0011F36E, 0011F3D0, 0011F43F, 0011F550, 0011F576, 0011F808, 0011F89D, 0011F8D0, 0011FAB3
false, xrefs: 0011F2B5
Unable to allocate %d bytes, xrefs: 0011F430
NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator (), xrefs: 0011F05F, 0011F26F, 0011F2D3, 0011F369, 0011F3CB, 0011F43A, 0011F54B, 0011F571, 0011F803, 0011F898, 0011F8CB, 0011FAAE
Unable to rename the old file (%d): %s, xrefs: 0011F7F9
WriteFile failed (%d), xrefs: 0011FAA4
HTTP add request headers failed (%d), url: %s, xrefs: 0011F265
<, xrefs: 0011F0D2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseErrorHandleInitLast_freestd::locale::_
String ID: <$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
API String ID: 2292809486-983596374
Opcode ID: 6292acb5e78b34a6dcaae06e35c07cd126be4d7e8f8074a9a3cce90efc1649b0
Instruction ID: 007ff97e606b2cb288f25fe095be44f3847a385efcc7df56c198ab7537ccc51e
Opcode Fuzzy Hash: 6292acb5e78b34a6dcaae06e35c07cd126be4d7e8f8074a9a3cce90efc1649b0
Instruction Fuzzy Hash: F8627DB0A40619AFDB28DB10CC45FE9BBB5BF55304F4001E9F61967292DB70AAC5CFA4

Function 001265F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 0012683B
GetLastError.KERNEL32 ref: 0012686E
SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 00126A15
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 00126A6B

Strings

Unknown folder identifier: %s, xrefs: 00126965
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp, xrefs: 00126749, 00126881, 00126971, 00126A33
CSIDL_COMMON_APPDATA, xrefs: 00126AAE
CSIDL_SYSTEM, xrefs: 00126BCD
CSIDL_COMMON_DOCUMENTS, xrefs: 00126ACA
ProgramW6432, xrefs: 00126832, 0012683A
Error retrieving directory %s, xrefs: 00126A27
CSIDL_COMMON_STARTUP, xrefs: 00126AE3
CSIDL_PROGRAM_FILESX64, xrefs: 00126652, 00126B60
GetEnvironmentVariable failed (%d), xrefs: 00126875
CSIDL_PROGRAM_FILESX86, xrefs: 00126B47
CSIDL_PROGRAM_FILES, xrefs: 00126B05
Unable to get the platform, xrefs: 0012673D
NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute, xrefs: 00126744, 0012687C, 0012696C, 00126A2E
CSIDL_PROGRAM_FILES_COMMON, xrefs: 00126B82
ProgramFiles, xrefs: 0012682D
CSIDL_SYSTEMX86, xrefs: 00126C0C
CSIDL_WINDOWS, xrefs: 00126C45

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
API String ID: 3946049928-1874136459
Opcode ID: ce070b2e5dfbae1afb823d3d10eae25c80683d95aa9089252e08032c7578f26a
Instruction ID: d9187b15b20109b4539305c9370789da057fe26bf011ac7b8b00271c534ae668
Opcode Fuzzy Hash: ce070b2e5dfbae1afb823d3d10eae25c80683d95aa9089252e08032c7578f26a
Instruction Fuzzy Hash: 6402BC74A003A8DEDB24DF64DC49BE9BBB0AF55708F104199E809672D1EBB46BD8CF50

Function 0011EAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(428E8EC3), ref: 0011EBF9
GetLastError.KERNEL32(428E8EC3,?,00000000,00115D40), ref: 0011EC70
GetLastError.KERNEL32(428E8EC3,GET,?,00000000,00000000,00000000,00000000,?,00000000,00115D40), ref: 0011ECD8

Part of subcall function 00118650: std::locale::_Init.LIBCPMT ref: 0011882F

GetLastError.KERNEL32(428E8EC3,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,00115D40), ref: 0011ED2E
GetLastError.KERNEL32(428E8EC3,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,00115D40), ref: 0011ED75

Strings

WinHttpCrackUrl failed (%d), url: %s, xrefs: 0011EC00
HTTP GET request failed (%d), url: %s, xrefs: 0011ECDF
HTTP send request failed (%d), url: %s, proxy ignore flag %s, xrefs: 0011ED78
Cache-Control: no-cache, xrefs: 0011ED13
GET, xrefs: 0011ECC9
HTTP connection failed (%d), url: %s, xrefs: 0011EC77
Not enough space in buffer: bufferLength(%d) Read(%d), xrefs: 0011EF88
NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator (), xrefs: 0011EC07, 0011EC7E, 0011ECE6, 0011ED38, 0011ED7F, 0011EDBF, 0011EE0E, 0011EE62, 0011EEB6, 0011EF92
true, xrefs: 0011ED6B, 0011ED73
<, xrefs: 0011EB91
HTTP query content length (%d), url: %s, xrefs: 0011EE58
HTTP receive response failed (%d), url: %s, xrefs: 0011EDB8
HTTP status (%d) error (%d), url: %s, xrefs: 0011EE07
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 0011EC0C, 0011EC83, 0011ECEB, 0011ED3D, 0011ED84, 0011EDC4, 0011EE13, 0011EE67, 0011EEBB, 0011EF97
false, xrefs: 0011ED66
Unable to allocate %d bytes, xrefs: 0011EEAC
HTTP add request headers failed (%d), url: %s, xrefs: 0011ED31

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast$Initstd::locale::_
String ID: <$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
API String ID: 1579124236-1699437461
Opcode ID: b5d8a45ce427783f161c5d98619e0664fc9f64dccbe9b1121b55fb48e649c45b
Instruction ID: b0d3e88801f00512910557b927e5b15fc8251ab68164e6d68cdd9fbb575bb411
Opcode Fuzzy Hash: b5d8a45ce427783f161c5d98619e0664fc9f64dccbe9b1121b55fb48e649c45b
Instruction Fuzzy Hash: F7C1D6F4A40719AAEB249F50CC42FE9B7B5AF15704F4041A9FA09771C2E7B06AC4CF69

Function 0011BC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,001BBFD0,00000000,428E8EC3), ref: 0011BD7A
DeleteFileW.KERNEL32(00000000), ref: 0011BE57

Strings

Location, xrefs: 0011BF76
NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand, xrefs: 0011BD4B, 0011BE37
invalid substitutor, xrefs: 0011BF6A, 0011C387
DestDir, xrefs: 0011BFBE
Unable to verify MD5, deleting file: %s, xrefs: 0011BE2D
.exe, xrefs: 0011BD84
Unable to download %s, xrefs: 0011BD44
Unable to get substitute download variables, xrefs: 0011C312, 0011C346
.cab, xrefs: 0011BD98
MD5, xrefs: 0011C006
Unable to verify signature, deleting file: %s, xrefs: 0011BDE1
NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute, xrefs: 0011C2B6, 0011C34D, 0011C389
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp, xrefs: 0011BD50, 0011BE3C, 0011C2BB, 0011C352, 0011C38E
extra, xrefs: 0011C096
Unable to create destination directory (%d), xrefs: 0011C2AF
Unable to read Location and/or DestDir attribute of DOWNLOAD command, xrefs: 0011C382
DestFile, xrefs: 0011C2D4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: DeleteExtensionFileFindPath
String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create destination directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
API String ID: 3618814920-733304951
Opcode ID: 4ff883f3324e3ae410f987eaf2efa499f1b38cb5af0a1c0e3788a7c35d09b2c9
Instruction ID: 83a61c8bd6e008b56ddfe576eb6c198244f1befc78ff31627f61b0893f109558
Opcode Fuzzy Hash: 4ff883f3324e3ae410f987eaf2efa499f1b38cb5af0a1c0e3788a7c35d09b2c9
Instruction Fuzzy Hash: 0D228EB1E40208DFDB18DFA4CC95BEDB7B5BF58304F104569E815B7282DB74AA84CBA1

Function 000F0890 Relevance: 28.6, APIs: 12, Strings: 4, Instructions: 560
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 000F0903
LocalFree.KERNEL32(?,?), ref: 000F0A26
LocalFree.KERNEL32(?,?), ref: 000F0A43

Part of subcall function 000E2510: __EH_prolog3_catch.LIBCMT ref: 000E2517

std::_Lockit::_Lockit.LIBCPMT ref: 000F0B08
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000F0B50
std::_Locinfo::~_Locinfo.LIBCPMT ref: 000F0B86
std::locale::_Init.LIBCPMT ref: 000F0B97
std::_Lockit::_Lockit.LIBCPMT ref: 000F0BC0
std::_Lockit::~_Lockit.LIBCPMT ref: 000F0BE1
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 000F0BF2
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F1017
__Mtx_unlock.LIBCPMT ref: 000F1020

Strings

D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 000F08FE
ios_base::badbit set, xrefs: 000F0F6E, 000F1055, 000F1081
ios_base::failbit set, xrefs: 000F105F
ios_base::eofbit set, xrefs: 000F1064

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$DescriptorFreeLocalLockit::_Securitystd::locale::_$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimp::_Locimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockStringstd::ios_base::_
String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2168703646-3388121372
Opcode ID: 4d65f9d27a598f24baf527f192d6cefe01b3903120fea85a9145d29ff9a0ee58
Instruction ID: c61d6d118fdaeda7eabbb8b00bc47283ca7edadbe320a3eac9a9a44556df6911
Opcode Fuzzy Hash: 4d65f9d27a598f24baf527f192d6cefe01b3903120fea85a9145d29ff9a0ee58
Instruction Fuzzy Hash: 90326A70900258CFDB14DFA8C955BEDBBF4BF18304F1440A9E949AB692DB74AE84CF91

Function 00119400 Relevance: 25.4, APIs: 7, Strings: 7, Instructions: 870
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32,428E8EC3,?), ref: 0011947B
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0011948B
GetCurrentProcess.KERNEL32(?), ref: 001194A8
GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,001BA52C,001BA52A), ref: 001197C1
GetLastError.KERNEL32(?,?,?,001BA52C,001BA52A), ref: 001197CB
GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 0011987C
GetLastError.KERNEL32 ref: 0011989A

Strings

1.1, xrefs: 00119BCB
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 001197E1, 001198B1
GetLongPathName failed (%d) for %s, xrefs: 001198A2
NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir, xrefs: 001197DC, 001198AC
IsWow64Process, xrefs: 00119485
kernel32, xrefs: 00119472
GetModuleFileName failed (%d), xrefs: 001197D2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
String ID: 1.1$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32
API String ID: 891933594-2307011595
Opcode ID: ab7347334f3bef2f4f2fc2b8b57352d6ad3bbe65a19537fdcaf46f61a032bde9
Instruction ID: e0e0dc1f3f5f2c24017ea400617fd26b77f0cd5e178bb4780f9407ab809a5836
Opcode Fuzzy Hash: ab7347334f3bef2f4f2fc2b8b57352d6ad3bbe65a19537fdcaf46f61a032bde9
Instruction Fuzzy Hash: 0772AAB0A002189FCB28DF24CC99BDDB7B5AF48314F1041ECE619AB291CB74AE85CF55

Function 001059AA Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 407
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00106067
Concurrency::cancel_current_task.LIBCPMT ref: 00106085
SysFreeString.OLEAUT32 ref: 0010610F
SysFreeString.OLEAUT32(00000000), ref: 0010615A

Strings

), xrefs: 00106016
UUID, xrefs: 00105AC8
UUID, xrefs: 00105C84
orm, xrefs: 00105FDD
IsWow64Process, xrefs: 00105F95
kernel32, xrefs: 00105F82
NO_REGKEY, xrefs: 00105CDE

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFreeString
String ID: )$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
API String ID: 3597043392-3766208032
Opcode ID: a22a48a2afd9f33cfdec41d0b12d86e2ec22eaed672f3c2ffd360d53a6077eac
Instruction ID: 60b70c581533d7eafb3317c6b5e0cb2c19ef2900463b165cc19821b0dc6e54d6
Opcode Fuzzy Hash: a22a48a2afd9f33cfdec41d0b12d86e2ec22eaed672f3c2ffd360d53a6077eac
Instruction Fuzzy Hash: 8CE10370900344DFEB28DF64C9487AEBBB6AF55300F24461CE495AB7D2DBB4DA84CB91

Function 00116560 Relevance: 24.2, APIs: 14, Strings: 2, Instructions: 211
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalFree.KERNEL32(00000001), ref: 00116590
GlobalFree.KERNEL32(?), ref: 001165A1
GlobalFree.KERNEL32(00000000), ref: 001165B2
GlobalFree.KERNEL32(?), ref: 001165E1
GlobalAlloc.KERNEL32(00000000,?), ref: 0011660D
GlobalFree.KERNEL32(00000000), ref: 00116636
GlobalAlloc.KERNEL32(00000000,?), ref: 0011666A
GlobalFree.KERNEL32(?), ref: 00116696
GlobalFree.KERNEL32(?), ref: 001166A7
GlobalFree.KERNEL32(?), ref: 001166B9
GlobalFree.KERNEL32(00000000), ref: 0011677C
GlobalFree.KERNEL32(00000000), ref: 0011678D
GlobalFree.KERNEL32(00000000), ref: 001167BD
GlobalFree.KERNEL32(00000000), ref: 001167CE

Strings

Temp, xrefs: 00116713
`ato, xrefs: 00116763

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Global$Free$Alloc
String ID: Temp$`ato
API String ID: 1780285237-1624478980
Opcode ID: f1c57fd6e8e763c7c7c3a572cb99aa476b6100ccae77b25d1d6763616bfc6fb6
Instruction ID: ce739a7edb3a50655ef481accfe96a9160ccc4116b03f931b96633258c892879
Opcode Fuzzy Hash: f1c57fd6e8e763c7c7c3a572cb99aa476b6100ccae77b25d1d6763616bfc6fb6
Instruction Fuzzy Hash: 3B715DB4E002199BDF149FA5CC84BEEFBB8AF14744F098169EC01AB285D776D984CB60

Function 000F4200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenProcess.KERNEL32(00000400,00000000,?,428E8EC3,?,?), ref: 000F4257
GetLastError.KERNEL32(?,00000001,?,?), ref: 000F42BC
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F42F2
QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 000F4367
GetLastError.KERNEL32(?,?), ref: 000F4375
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F440A
CloseHandle.KERNEL32(00000000,?), ref: 000F455B

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Strings

Filename for process with id , xrefs: 000F44B0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
String ID: Filename for process with id
API String ID: 563014942-4200337779
Opcode ID: a862912c0fa006aa60ee2808546764bd778697644074481e7a744bb20e02119d
Instruction ID: f1b5f79ab7def6014b8823ea6363d965cafab3fc047e6c0dce7b345fbfa81296
Opcode Fuzzy Hash: a862912c0fa006aa60ee2808546764bd778697644074481e7a744bb20e02119d
Instruction Fuzzy Hash: A8D1BDB0D10259DFCB20DFA4D845BEEB7B4FF44304F104669E919A7682EB746A88CB91

Function 001800DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0017FE25: CreateFileW.KERNEL32(00000000,00000000,?,00180187,?,?,00000000,?,00180187,00000000,0000000C), ref: 0017FE42

GetLastError.KERNEL32 ref: 001801F2
__dosmaperr.LIBCMT ref: 001801F9
GetFileType.KERNEL32(00000000), ref: 00180205
GetLastError.KERNEL32 ref: 0018020F
__dosmaperr.LIBCMT ref: 00180218
CloseHandle.KERNEL32(00000000), ref: 00180238
CloseHandle.KERNEL32(00000000), ref: 00180385
GetLastError.KERNEL32 ref: 001803B7
__dosmaperr.LIBCMT ref: 001803BE

Strings

H, xrefs: 00180343

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 7ddc685a8e68a13d26bdbe609db574aab45a623876a296de933b01b7f21f39ee
Instruction ID: a7935110769577ecfa17dc6fed90d777f8646656b7d8442584d59052839b9ff4
Opcode Fuzzy Hash: 7ddc685a8e68a13d26bdbe609db574aab45a623876a296de933b01b7f21f39ee
Instruction Fuzzy Hash: 64A12632A041598FCF2AEF68DC557AE3BF1AB0A324F140159E811EF2E1DB359E46CB51

Function 000FE380 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 271COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE4A1

Part of subcall function 000FDE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FDF0C

__Mtx_unlock.LIBCPMT ref: 000FE3DE

Part of subcall function 000FE0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE161

__Mtx_unlock.LIBCPMT ref: 000FE4FB
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE665
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE6F8

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Strings

SOFTWARE\McAfee\WebAdvisor, xrefs: 000FE57E
AdhocTelemetryAzure, xrefs: 000FE5B3
Event string is empty, xrefs: 000FE477
Querying AdhocTelemetryAzure value failed: , xrefs: 000FE614
], xrefs: 000FE605

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]
API String ID: 1670716954-2879113573
Opcode ID: f9969d1bcd88d95a95479805e36ee86f024d5ad3a7757d4cdec797d06ba69c42
Instruction ID: c95dac104e9d1a8c13c3b9dc06d41f9d990ef58f2776ae598a3bbdf0fad0acf6
Opcode Fuzzy Hash: f9969d1bcd88d95a95479805e36ee86f024d5ad3a7757d4cdec797d06ba69c42
Instruction Fuzzy Hash: 3D91147190025C9FDB24EF54DD45BEEB3B8EF15314F0041A9E915A7682EB706B48CFA1

Function 00105A23 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 265COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00106085
SysFreeString.OLEAUT32 ref: 0010610F
SysFreeString.OLEAUT32(00000000), ref: 0010615A

Strings

), xrefs: 00106016
UUID, xrefs: 00105AC8
UUID, xrefs: 00105C84
orm, xrefs: 00105FDD
IsWow64Process, xrefs: 00105F95
kernel32, xrefs: 00105F82
NO_REGKEY, xrefs: 00105CDE

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FreeString$Concurrency::cancel_current_task
String ID: )$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
API String ID: 2663709405-3766208032
Opcode ID: 2d3b688d3babb1311bb38c0e6daab7427656180f72422b69d6ccce3f08f3ad55
Instruction ID: 5ca59aa97b480a1b7d8d622cde5f76e9dd8dcc0f5e2c336207884bec3c8dce91
Opcode Fuzzy Hash: 2d3b688d3babb1311bb38c0e6daab7427656180f72422b69d6ccce3f08f3ad55
Instruction Fuzzy Hash: 70B1B270900348DBEF14DFA4C9587EEBBB2AF55304F24465CE484AB3D2DBB99A84CB51

Function 000FCE00 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 545COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 000FD1E6

Part of subcall function 000EBBB0: std::locale::_Init.LIBCPMT ref: 000EBBFC

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FD6C4

Strings

/messages?timeout=60&api-version=2014-01, xrefs: 000FD368
Content-Type: application/atom+xml;type=entry;charset=utf-8, xrefs: 000FCF5D
.servicebus.windows.net/, xrefs: 000FD348
https://, xrefs: 000FD334
AWS m_url_aws = , xrefs: 000FD675
u, xrefs: 000FD666

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
String ID: .servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$https://$u
API String ID: 655687434-3999228595
Opcode ID: 7c5d745d451f2d7062255b093f7ee15f457939895111e2f51d69ad3e80f778a2
Instruction ID: ceb2f473d901a0055743cd3155265b7e90b1dfb8780fba72aa6645bf34d70f43
Opcode Fuzzy Hash: 7c5d745d451f2d7062255b093f7ee15f457939895111e2f51d69ad3e80f778a2
Instruction Fuzzy Hash: 85428D70900749CFEB24DF28DD45BE9B7B1BF54308F1086A9E548AB652EB74AAC4CF50

Function 000F3D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON

Download Yara Rule

APIs

WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 000F3E00
OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 000F3F9C
Concurrency::cancel_current_task.LIBCPMT ref: 000F3FCA

Strings

Error retrieving session id for generating log name., xrefs: 000F3E0B
WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 000F3F81
UNKNOWN, xrefs: 000F3DD2
WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 000F3F97

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
API String ID: 1186403813-1860316991
Opcode ID: c3e6006789d3546c4e578f35ab2409bdbc23ce73bd4443cf7243da1a3e912a83
Instruction ID: b28f27113b0cea4bb1de87d46203f18c272e042b487c7639d15e0c5ac7656305
Opcode Fuzzy Hash: c3e6006789d3546c4e578f35ab2409bdbc23ce73bd4443cf7243da1a3e912a83
Instruction Fuzzy Hash: 3E519371E00219DBCB189F74DC897BEBBB4FF44320F240629E526D7A90D7749A44DB91

Function 00159900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00104AA5,00104AA7,00000000,00000000,428E8EC3,?,00000000,?,0015BE00,001CBF08,000000FE,?,00104AA5,?), ref: 00159989
MultiByteToWideChar.KERNEL32(00000000,00000000,00104AA5,?,00000000,00000000,?,0015BE00,001CBF08,000000FE,?,00104AA5), ref: 00159A04
SysAllocString.OLEAUT32(00000000), ref: 00159A0F
_com_issue_error.COMSUPP ref: 00159A38
_com_issue_error.COMSUPP ref: 00159A42
GetLastError.KERNEL32(80070057,428E8EC3,?,00000000,?,0015BE00,001CBF08,000000FE,?,00104AA5,?), ref: 00159A47
_com_issue_error.COMSUPP ref: 00159A5A
GetLastError.KERNEL32(00000000,?,00000000,?,0015BE00,001CBF08,000000FE,?,00104AA5,?), ref: 00159A70
_com_issue_error.COMSUPP ref: 00159A83

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
String ID:
API String ID: 1353541977-0
Opcode ID: ec868cefe7313230b236be41fbf52ce9fd5354f712ee8fdc7107b48b366a1b3b
Instruction ID: f440462640817d649aa11de428bcaffd897b486f64a1c123c74049bd68f58291
Opcode Fuzzy Hash: ec868cefe7313230b236be41fbf52ce9fd5354f712ee8fdc7107b48b366a1b3b
Instruction Fuzzy Hash: A841F971A00209DFD710DF68DC45BAEBBE8EB54715F10422EFD25EB251D7349904CBA1

Function 000E9C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON

Download Yara Rule

APIs

Part of subcall function 000EE310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 000EE36C

__Mtx_init_in_situ.LIBCPMT ref: 000E9DD4
Concurrency::cancel_current_task.LIBCPMT ref: 000EA06D

Strings

SOFTWARE\McAfee\WebAdvisor, xrefs: 000E9CF1, 000E9D51, 000E9F83
LogLevel, xrefs: 000E9FA8
LogRotationFileSize, xrefs: 000E9D16
LogRotationCount, xrefs: 000E9D76
log, xrefs: 000E9D8E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
API String ID: 239504998-2017128786
Opcode ID: c23bc7c46364f93b25ece3e2a004f57f874ac7cb0c39e6d9d1aaac99c921f93e
Instruction ID: 7bd1994800d59cb2e76f935fa30e9914e66e4eb9603838afdaabb661a8d86972
Opcode Fuzzy Hash: c23bc7c46364f93b25ece3e2a004f57f874ac7cb0c39e6d9d1aaac99c921f93e
Instruction Fuzzy Hash: 87C18A71D00249DFDB04DFA4C945BEEBBF0BF59304F204229E415BB291EBB5AA48CB91

Function 000F6D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON

Download Yara Rule

APIs

__Mtx_init_in_situ.LIBCPMT ref: 000F6D7B
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F6F75
__Mtx_unlock.LIBCPMT ref: 000F6F88

Strings

async, xrefs: 000F6E9A, 000F6F38
event sender, xrefs: 000F6EB0, 000F6F4E
=, xrefs: 000F6F10
Failed to initialize , xrefs: 000F6F1C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
String ID: event sender$=$Failed to initialize $async
API String ID: 3676452600-816272291
Opcode ID: 40316a892d45a3083e615a982447ecadd83a363cc5eff11c6d102743641d3b45
Instruction ID: 8e06765e6fa830f9a27e451007811a424ee269dcea4301daf8b3b9e89d324c60
Opcode Fuzzy Hash: 40316a892d45a3083e615a982447ecadd83a363cc5eff11c6d102743641d3b45
Instruction Fuzzy Hash: 4E6190B0900349CFEB14DF64C955BEEBBF5AF54304F5440A9D905BB382EB719A48CBA1

Function 000F928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON

Download Yara Rule

APIs

Part of subcall function 000F8FB0: CoCreateGuid.OLE32(?), ref: 000F8FC8
Part of subcall function 000F8FB0: StringFromCLSID.OLE32(?,?), ref: 000F8FE0
Part of subcall function 000F8FB0: CoTaskMemFree.OLE32(?), ref: 000F9138

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F93D1

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Strings

UUID, xrefs: 000F92F6
InstallerFlags, xrefs: 000F9368
Could not set registry value InstallerFlags, xrefs: 000F93AA
], xrefs: 000F939E
Failed to create new UUID, xrefs: 000F92C8
Could not set registry value , xrefs: 000F9338

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
API String ID: 598746661-2174109026
Opcode ID: dfabd3b6ae8812a53a17ca0196ef0dc21fac82413e1aeee6136d4ef42830ad67
Instruction ID: 7ac294775a40f1cfa75900a144102ecd6603cc2750cb030b0eb89141ab12cdc3
Opcode Fuzzy Hash: dfabd3b6ae8812a53a17ca0196ef0dc21fac82413e1aeee6136d4ef42830ad67
Instruction Fuzzy Hash: 0A51B270A00248DEDF18EF61D952BEE77B4EF61304F508059F94967682EB74AB48CBA1

Function 000F5790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 000F5808
FreeLibrary.KERNEL32(?), ref: 000F5828
GetLastError.KERNEL32 ref: 000F5830
FreeLibrary.KERNEL32(?), ref: 000F5839

Strings

NotComDllGetInterface, xrefs: 000F5802
mfeaaca.dll, xrefs: 000F57A9, 000F57B0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FreeLibrary$AddressErrorLastProc
String ID: NotComDllGetInterface$mfeaaca.dll
API String ID: 1092183831-2777911605
Opcode ID: 959643ca3d4e5c3a4240d4a0916c36b2c671775854d49295a70ba773d3e4b6f8
Instruction ID: 757142e373d4374e0a1505625f51a2664e120d832d4940d18e8f0e119410d78a
Opcode Fuzzy Hash: 959643ca3d4e5c3a4240d4a0916c36b2c671775854d49295a70ba773d3e4b6f8
Instruction Fuzzy Hash: 6F21B032E006199BDB119BA8DC4467EBBF8FF51351F44016AEE01F7610EB708D419BD1

Function 000E4D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 000E4C8E: GetCurrentProcessId.KERNEL32 ref: 000E4CA6
Part of subcall function 000E4C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 000E4CB8
Part of subcall function 000E4C8E: Process32FirstW.KERNEL32(00000000,?), ref: 000E4CD3
Part of subcall function 000E4C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 000E4CE9
Part of subcall function 000E4C8E: CloseHandle.KERNEL32(00000000), ref: 000E4CFA

CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 000E4D88
GetLastError.KERNEL32 ref: 000E4DD0

Part of subcall function 000E136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E13A5

WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 000E4DFC
CloseHandle.KERNEL32 ref: 000E4E0D

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Strings

CreateMutex failed: , xrefs: 000E4DC2
SaBsi.cpp, xrefs: 000E4DA9
Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 000E4D7F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseCreateHandleInitIos_base_dtorOnceProcess32std::ios_base::_$BeginCompleteCurrentErrorFirstInitializeLastMutexNextObjectProcessSingleSnapshotToolhelp32Wait
String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
API String ID: 2598072538-1117126455
Opcode ID: 86c9eb75cbf51cafd85b8a79784317d1c512513ae05750fc51488b283a848ebc
Instruction ID: 51158f82ee0bfa232aacd96b1e6af878461d875354c0576ed0053353567b7b5a
Opcode Fuzzy Hash: 86c9eb75cbf51cafd85b8a79784317d1c512513ae05750fc51488b283a848ebc
Instruction Fuzzy Hash: D911A330218382AFD720EF22D845BEA77E4BF50700F104D2DF495672D2EB709448CAA3

Function 000FEEC0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 323COMMON

Download Yara Rule

APIs

Part of subcall function 000FCCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FCDBB

Concurrency::cancel_current_task.LIBCPMT ref: 000FF0FC
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FF268
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FF307

Strings

SOFTWARE\McAfee\WebAdvisor, xrefs: 000FF181
AdhocTelemetryAWS, xrefs: 000FF1B6
Querying AdhocTelemetryAWS value failed: , xrefs: 000FF217

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor
API String ID: 1722207485-3297656441
Opcode ID: 55e01c4c750f6430a791db37b1c7dceb963112302dfaefc3ae78e51357225919
Instruction ID: 6b114cbb08dee14334f8593a5d39d121879e0f3c7cc9bcc7d890cf181d238d6a
Opcode Fuzzy Hash: 55e01c4c750f6430a791db37b1c7dceb963112302dfaefc3ae78e51357225919
Instruction Fuzzy Hash: 56C1DFB1D0025D9FCB24EF68CC45BEEB7B4EF14310F5042A9E419A7682EB706A45CB91

Function 000FE0D0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 171COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE161
GetLastError.KERNEL32(?,00000001), ref: 000FE278
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE351

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Strings

Unable to open HTTP session for AWS, xrefs: 000FE327
WinHttpCrackUrl failed for AWS: , xrefs: 000FE268
Event Sender already initialized for AWS, xrefs: 000FE137

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS:
API String ID: 2211357200-794796586
Opcode ID: fc1cb1fcd12f6806ab30320c312922d4718d93b9148984802191f76e84aba37a
Instruction ID: 3b1edf33614d91650385f1afe63c22d1aa1b5e572eeba42b381430bfa043d312
Opcode Fuzzy Hash: fc1cb1fcd12f6806ab30320c312922d4718d93b9148984802191f76e84aba37a
Instruction Fuzzy Hash: 5161AB709007498FDB64DFA0DD45BEAB7F9FB44305F00056DE91AA7291EBB06A48CF91

Function 000FDE80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 147COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FDF0C
GetLastError.KERNEL32(?,00000001), ref: 000FDFD7
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE0A2

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Strings

WinHttpCrackUrl failed for Azure: , xrefs: 000FDFC7
Unable to open HTTP session for Azure, xrefs: 000FE078
Event Sender already initialized for Azure, xrefs: 000FDEE2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure:
API String ID: 2211357200-3864554942
Opcode ID: 037b6fb68200ecf668bd56e2424aec470de58d6aa468ecb97dc52b31dd21d253
Instruction ID: 56c5829134192933ed45972aaead1df98b9b056b8a42da0d4a89c3f4f8ebe7b3
Opcode Fuzzy Hash: 037b6fb68200ecf668bd56e2424aec470de58d6aa468ecb97dc52b31dd21d253
Instruction Fuzzy Hash: 74516E709003588FDB64DF60C955BEEB7F8FB14304F1045AEE446A7691EBB4AA88CF91

Function 000E5A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 000E5A59

Part of subcall function 000E5C1E: CoCreateInstance.OLE32(001AD808,00000000,00000017,001BB024,00000000,428E8EC3,?,?,?,00000000,00000000,00000000,00188687,000000FF), ref: 000E5C7A
Part of subcall function 000E5C1E: OleRun.OLE32(00000000), ref: 000E5C89

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

_com_issue_error.COMSUPP ref: 000E5B97

Strings

Activation option is set successfuly, xrefs: 000E5B69
Failed to set new option. Error , xrefs: 000E5B26
Failed to create Global Options object. Error , xrefs: 000E5AA9
i, xrefs: 000E5B5D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
API String ID: 1362393928-3233122435
Opcode ID: 5e032ccdd523da5259484f7f97fb43b30e2b03852efcac93dc8c45acd19802aa
Instruction ID: 6220e147ed4fbf5f88eae6e29a6e991b549a3fbce2f72ecd1ae344a6a51c2c4e
Opcode Fuzzy Hash: 5e032ccdd523da5259484f7f97fb43b30e2b03852efcac93dc8c45acd19802aa
Instruction Fuzzy Hash: FE314C70E11259CEDF14EBA5CC62BEDB374BF14305F804598E50177282EB745A49CFA2

Function 001622D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 00162461
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0016247D
__allrem.LIBCMT ref: 00162494
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001624B2
__allrem.LIBCMT ref: 001624C9
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001624E7

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: f87d5442f0ebf9ebcbd6879315b9098c2ef1ccdfcdcf202bff3e40a4258d3857
Instruction ID: 8e985b456ad1cc75cd28c864c58e35ba206effaac9a99fc61676345ba4c68b70
Opcode Fuzzy Hash: f87d5442f0ebf9ebcbd6879315b9098c2ef1ccdfcdcf202bff3e40a4258d3857
Instruction Fuzzy Hash: A1810971601F02DBE7349E28CC82BAAB3F5AF54720F248129F465EB7C1EB74DA158750

Function 001237B0 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 459registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,428E8EC3,?,?), ref: 001239FC
RegCloseKey.ADVAPI32(00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00123D36

Strings

path, xrefs: 00123A22
SOFTWARE\WATesting, xrefs: 001239EB
invalid hash bucket count, xrefs: 0012398D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseOpen
String ID: SOFTWARE\WATesting$invalid hash bucket count$path
API String ID: 47109696-512319763
Opcode ID: c0438501a1666ae4d5247ccac1e852657da22137d8be1c83f3f6b2f94a9f37fb
Instruction ID: 54bf260f4cac7337da1bc6ef999db4c19f5dd7f75d65f0973c5ae0ee2a52604c
Opcode Fuzzy Hash: c0438501a1666ae4d5247ccac1e852657da22137d8be1c83f3f6b2f94a9f37fb
Instruction Fuzzy Hash: 83129B70A00229DFCB24CF54D884BAEBBB5FF49304F5481A9E859AB351D774AE94CF90

Function 000F07C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

APIs

__Mtx_destroy_in_situ.LIBCPMT ref: 000F085F
ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 000F0903
LocalFree.KERNEL32(?,?), ref: 000F0A26
__Mtx_unlock.LIBCPMT ref: 000F1020

Strings

D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 000F08FE

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
API String ID: 4147401711-3078421892
Opcode ID: e4732970c9024a6fe65e7b194c5ad35b4e42604bf0f4ec26a87ab03d8b331cd0
Instruction ID: aed7a7455cc3afa2012540244c64bbcf0d9b37b63766ccf20cd30f04b2e7f146
Opcode Fuzzy Hash: e4732970c9024a6fe65e7b194c5ad35b4e42604bf0f4ec26a87ab03d8b331cd0
Instruction Fuzzy Hash: D96123719002489FDB18DF64CC88BEEB7F4EF44304F0041ADE549ABA92DB74AA84CB90

Function 0011E580 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 131COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 0011E6B0

Strings

invalid input, xrefs: 0011E5A3
NWebAdvisor::XMLParser::ParseBuffer, xrefs: 0011E5AA, 0011E6C3
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 0011E5AF, 0011E6C8
Unable to convert XML buffer into wide characters, xrefs: 0011E6BC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: __cftoe
String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input
API String ID: 4189289331-3914853187
Opcode ID: 49eb1e68be34ebd873775e55544bea2e8e66ab8c97c66f36b0b2d625510256d7
Instruction ID: c747df4e98db2a621752d0b90ba6bf246b1b9fd385db9682bbc7fa49944bcbf6
Opcode Fuzzy Hash: 49eb1e68be34ebd873775e55544bea2e8e66ab8c97c66f36b0b2d625510256d7
Instruction Fuzzy Hash: 1341D6B5A01304ABC728DF58D842BAFF7E4BF28700F41452DEC4AAB281DBB5E954C790

Function 000E7F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

__Xtime_get_ticks.LIBCPMT ref: 000E7FAA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000E7FBC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000E7FD0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 000E7FE2

Strings

[%Y%m%d %H:%M:%S., xrefs: 000E800C, 000E8019

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
String ID: [%Y%m%d %H:%M:%S.
API String ID: 3638035285-2843400524
Opcode ID: eeaf612c1e51534fb77ff6b582e0699a3399ab89b3de3406c3552fc48b90eacf
Instruction ID: 9aa2008cba280ff47b21c0279dc04b9411a5154bbb87bd18a930feafa193005f
Opcode Fuzzy Hash: eeaf612c1e51534fb77ff6b582e0699a3399ab89b3de3406c3552fc48b90eacf
Instruction Fuzzy Hash: 99318271E002549FDB10EFA5CC86FAEB7F8EB54710F104129F518BB281DB749A05CB95

Function 000FCCB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FCDBB

Strings

SOFTWARE\McAfee\WebAdvisor, xrefs: 000FCCF8
5, xrefs: 000FCD6A
AdhocAWSQAMode, xrefs: 000FCD24
Querying AdhocAWSQAMode value failed: , xrefs: 000FCD76

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor
API String ID: 539357862-4010608570
Opcode ID: 334c43c2f0f57d6f4373dfdb60217f4d2e719bfbda31a685a9ecc826ba994b8c
Instruction ID: 89b7598ff58a8758c9310f269205508b9085bad157327bd08e6206a86b68011e
Opcode Fuzzy Hash: 334c43c2f0f57d6f4373dfdb60217f4d2e719bfbda31a685a9ecc826ba994b8c
Instruction Fuzzy Hash: AA318171D1024D9EDF14EFA4D952BEEB7B8FF18300F504569E506B3281EB745A08CB61

Function 00104B40 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 562COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00105182
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0010521E

Strings

N, xrefs: 001051EB
Invalid arguements passed to AddDimension, xrefs: 001051F7

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
String ID: Invalid arguements passed to AddDimension$N
API String ID: 4106036149-286115907
Opcode ID: 3083f1175863a36e0b58efd0a8614fca75647da72f7d5aa661db49e33f65f876
Instruction ID: cb3f1229ac5d741584171caa251558468b57790903353a7679f9f3992c23168d
Opcode Fuzzy Hash: 3083f1175863a36e0b58efd0a8614fca75647da72f7d5aa661db49e33f65f876
Instruction Fuzzy Hash: 1032A170D00259DFDB24CF64C884BAEBBF1FF55304F148299E499AB292D7B5A984CF81

Function 00184DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON

Download Yara Rule

Strings

\\?\, xrefs: 00184F61, 001853C0, 001855DE
%s%s, xrefs: 00185044
%s\%s, xrefs: 00184FEC, 0018507D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: %s%s$%s\%s$\\?\
API String ID: 0-2843747179
Opcode ID: b3ff2aa34e22fbb97d2d456a72980e8f5499589deba1c0725e8d2569c0946ff9
Instruction ID: 72804c2714a6ee95cd48b9299a5d2d8bf13baf1f2078f53aacf14e4fb29009f5
Opcode Fuzzy Hash: b3ff2aa34e22fbb97d2d456a72980e8f5499589deba1c0725e8d2569c0946ff9
Instruction Fuzzy Hash: E0D19F71D00258DFCF10EFA4C889AEEBBB9EF15314F540529E815B7291E734AA45CFA1

Function 001239A0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 264registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,428E8EC3,?,?), ref: 001239FC

Part of subcall function 00122820: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,428E8EC3,?,?), ref: 001228AC

RegCloseKey.ADVAPI32(00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00123D36

Strings

path, xrefs: 00123A22
SOFTWARE\WATesting, xrefs: 001239EB

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseInfoOpenQuery
String ID: SOFTWARE\WATesting$path
API String ID: 2142960691-1550987622
Opcode ID: 3c1ce1798c2050b7464d19ee7c25ccc64e9ab9b00b62cc321cb97bad4e0a58aa
Instruction ID: 2f25b83fcdc9079d382ccf84cb1687bfbfd07b1e2799a824a51980cdec0b1638
Opcode Fuzzy Hash: 3c1ce1798c2050b7464d19ee7c25ccc64e9ab9b00b62cc321cb97bad4e0a58aa
Instruction Fuzzy Hash: FEB1D371A00258DFCB24DB64DC49BEEBBB9AF55304F4401D9E409AB282DB74AB98CF50

Function 0011FBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,001BBFD0,00000000,001BBFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,001BBFD0,00000000,428E8EC3), ref: 0011FC1D

Strings

Destination directory does not exist, xrefs: 0011FC8F
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 0011FC9E
NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 0011FC99

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AttributesFile
String ID: Destination directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
API String ID: 3188754299-3555079292
Opcode ID: 25632d80e7e2b7a785341d2a3b28d9d69dc8d6416416385425af54dd60fe65a4
Instruction ID: d2a8155492518cd88f3b0c19a2fbbc2b0e009d19c80f4257bfa522121dbe109c
Opcode Fuzzy Hash: 25632d80e7e2b7a785341d2a3b28d9d69dc8d6416416385425af54dd60fe65a4
Instruction Fuzzy Hash: 3F215E75E0021C9FCF04DFA8D842AEEBBF5AB58714F01426AFC15B7281D770AA46CB90

Function 000EDC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON

Download Yara Rule

Strings

D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 000EE367

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
API String ID: 0-3078421892
Opcode ID: b0d21b8507f85d8b257868ea533e2bc7e34e9eaf6e0b79ef9c5bdf3acad4c332
Instruction ID: 9cf310a159b895151e09eaf37ec0249c641932fdfffb73b83ddfe2dbd37cc7da
Opcode Fuzzy Hash: b0d21b8507f85d8b257868ea533e2bc7e34e9eaf6e0b79ef9c5bdf3acad4c332
Instruction Fuzzy Hash: F5220371A002899FCB24DF64CC89BEDBBB5FF84304F10469DE419A7691DB74AA84CB90

Function 00118650 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 337COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 0011882F

Strings

Failed to create log message string. Error 0x, xrefs: 001189CF
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 00118AF6

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Initstd::locale::_
String ID: Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp
API String ID: 1620887387-1553574442
Opcode ID: 839563a9858a02983799e7ae7fa92094d5d223d3525fab5208c136481e819e84
Instruction ID: 9a4cc3859bc77253e16f0e091384efe08ab40b297e3f8cd7bb01027b50b97471
Opcode Fuzzy Hash: 839563a9858a02983799e7ae7fa92094d5d223d3525fab5208c136481e819e84
Instruction Fuzzy Hash: 97E14D74E00259DFDB28CF58C885BDDB7B1BF49304F1481AAE909AB281DB75AE84CF50

Function 000EE310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 000EE36C

Strings

D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 000EE367

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
API String ID: 3907675253-3078421892
Opcode ID: 9cd538d32a549f6e8f99fdb2d4d82e74090af33d0e5f4e8b2135dc6e4dda5546
Instruction ID: 0bda23df887d24332c16f9bbd4ead87f74bf3eae3911afa0ef4d30199383f001
Opcode Fuzzy Hash: 9cd538d32a549f6e8f99fdb2d4d82e74090af33d0e5f4e8b2135dc6e4dda5546
Instruction Fuzzy Hash: 1281BE719012999FDB24DF24DC8CB9DB7B1EF84309F1046D9E408A7291EB79AB88CF50

Function 0010CC20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

GetLastError.KERNEL32(?,00000001), ref: 0010CCBB
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0010CCEC

Strings

Unable to set proxy option, error: , xrefs: 0010CCAB

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
String ID: Unable to set proxy option, error:
API String ID: 879576418-14943890
Opcode ID: a0257cd1f0ef2866082ffabfe9305367a13b4f5743f078515538736002d09cd3
Instruction ID: 89ce60617542cb0812c4dc003c8f9ffe9c0c5bb0467986fe966f85ee4949cb21
Opcode Fuzzy Hash: a0257cd1f0ef2866082ffabfe9305367a13b4f5743f078515538736002d09cd3
Instruction Fuzzy Hash: 9831C171900319DFEB24EF90DC05BDEB7B9FB04710F00866EE805A3690EB706A44CB91

Function 00175FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0017576D: GetConsoleCP.KERNEL32(8304488B,0016537C,00000000), ref: 001757B5

WriteFile.KERNEL32(?,00000000,?,00164E7E,00000000,001440A9,0016537C,0016537C,00000010,00164E7E,00000000,8304488B,001440A9,001440A9,?), ref: 00176129
GetLastError.KERNEL32(?,0016537C), ref: 00176133
__dosmaperr.LIBCMT ref: 00176178

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ConsoleErrorFileLastWrite__dosmaperr
String ID:
API String ID: 251514795-0
Opcode ID: 499bdfaac8ecccec167536e3d789ad47b223cfee485f69a2823fdfa4d9c88a5c
Instruction ID: 796655f82e2edbc12ff5a0ab0b18d575e62ad55fd0c78048baf68d37164ab21d
Opcode Fuzzy Hash: 499bdfaac8ecccec167536e3d789ad47b223cfee485f69a2823fdfa4d9c88a5c
Instruction Fuzzy Hash: C951D671A00A0AEFDF25DFA4CC85BEE7BB9EF59314F548051F808AB252D7709D418760

Function 000EE640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000000,428E8EC3,0000005C,?,?,?,?,00000000,0018952D,000000FF,?,000EE09D), ref: 000EE681
CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,0018952D,000000FF,?,000EE09D), ref: 000EE738
GetLastError.KERNEL32(?,?,?,?,00000000,0018952D,000000FF,?,000EE09D), ref: 000EE742

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AttributesCreateDirectoryErrorFileLast
String ID:
API String ID: 674977465-0
Opcode ID: 20e509478d6315711d4d98636d65d75a82d57ea917f32e93725457273d6101ce
Instruction ID: a2c20545fa20b57cc91cf4c6f5c28e924bd96132abbd1b601366a0df4796a2be
Opcode Fuzzy Hash: 20e509478d6315711d4d98636d65d75a82d57ea917f32e93725457273d6101ce
Instruction Fuzzy Hash: FE314A71A04288DFCB14CF99D848BAEF7F4FF44754F14462EE805A3690D734A904CB90

Function 00176B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,0014407F,?,00176A9A,0014407F,001CC5B8,0000000C,00176B4C,001CC218), ref: 00176BC2
GetLastError.KERNEL32(?,00176A9A,0014407F,001CC5B8,0000000C,00176B4C,001CC218), ref: 00176BCC
__dosmaperr.LIBCMT ref: 00176BF7

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseErrorHandleLast__dosmaperr
String ID:
API String ID: 2583163307-0
Opcode ID: 8c0043ee0e5c3ce106ae2f3f65199241d27c9368fc487a1c38a930d84e38e538
Instruction ID: 5046ae55f6e515679972ef03ee80ce431b6dd8086d7ae7c4f981bb9977e795e6
Opcode Fuzzy Hash: 8c0043ee0e5c3ce106ae2f3f65199241d27c9368fc487a1c38a930d84e38e538
Instruction Fuzzy Hash: 6D01263270A5605AC6256334AC45B7E27B99FD3734F65825AE82DCB1D2DB309C848291

Function 001768F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,0017F765,00000008,00000000,?,?,?,001769A3,00000000,00000000,?,0017F765), ref: 0017692F
GetLastError.KERNEL32(?,?,?,001769A3,00000000,00000000,?,0017F765,?,0017F765,?,00000000,00000000,00000001,?,00000008), ref: 00176939
__dosmaperr.LIBCMT ref: 00176940

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: 568768426b0d06e2549b59d31c38248ff636df1cffbe2c842775781ef2c02e59
Instruction ID: 9a6c3c4c83ef312b3183260947e87056f0d140af9d6f37d24b37ca98b3f6c2ca
Opcode Fuzzy Hash: 568768426b0d06e2549b59d31c38248ff636df1cffbe2c842775781ef2c02e59
Instruction Fuzzy Hash: 24014C32610914EFCB158F59DC0586E3B7AEFC53247344209F9269B1D0EB30DD418750

Function 00173E2F Relevance: 4.5, APIs: 3, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00172174: RtlAllocateHeap.NTDLL(00000000,?,?,?,0015872D,?,?,000EA1ED,0000002C,428E8EC3), ref: 001721A6

_free.LIBCMT ref: 00173E42
_free.LIBCMT ref: 00173E68

Part of subcall function 00172098: RtlFreeHeap.NTDLL(00000000,00000000,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?), ref: 001720AE
Part of subcall function 00172098: GetLastError.KERNEL32(?,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?,?), ref: 001720C0

_free.LIBCMT ref: 00173E98

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$Heap$AllocateErrorFreeLast
String ID:
API String ID: 4150789928-0
Opcode ID: 7ba5b84415015eeb7e893a622acc866c28c90c4cbfa070f76daa69253d81a35e
Instruction ID: 39d9b19e63e7882e78bcfd2bf214290705ab822b4063db20a0d0630ea555efbd
Opcode Fuzzy Hash: 7ba5b84415015eeb7e893a622acc866c28c90c4cbfa070f76daa69253d81a35e
Instruction Fuzzy Hash: E5F0F97790013956CF36A2349C01AFE67784F51750F15C2A9F4AD72141DF308E85A691

Function 000EC310 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

, xrefs: 000EC37D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: ae5aa8420b9aa15cb83e1486bd4de6bd5414a1aa4338a2f09ce2b91501498443
Instruction ID: e029daccbb27015ada2fe7ca5a7bd4714dd36e2e91a92320ce7e1ef87ccc124f
Opcode Fuzzy Hash: ae5aa8420b9aa15cb83e1486bd4de6bd5414a1aa4338a2f09ce2b91501498443
Instruction Fuzzy Hash: 847114B660064ACFE314DF29D480DA5F3E0FF49320B55826AE8159BB90D731FC96CB94

Function 00134C69 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: 8d713082b656d7fe2f904b2d1e7f9c3e62cc86fe7e754cc76f084119ab9e47bb
Instruction ID: c4ffe86893a8a99f0fb302389002b9dcfe324ade95413f919a3785ce79d43520
Opcode Fuzzy Hash: 8d713082b656d7fe2f904b2d1e7f9c3e62cc86fe7e754cc76f084119ab9e47bb
Instruction Fuzzy Hash: 44B01295299100BE73085110BE06C37010CCAD0F10F70522FF400D01509B615C840071

Function 00134C9A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: 91b1352583a06fe6a277849941c8805f289b7e60d18100bcb8fdf3c4fac61788
Instruction ID: f678c6e349ea83c07ea326ff7e32c81ff0ee4bfa7a6399aa6660eab62257004e
Opcode Fuzzy Hash: 91b1352583a06fe6a277849941c8805f289b7e60d18100bcb8fdf3c4fac61788
Instruction Fuzzy Hash: 40B012812992007E73089104BD02D37010CC6D4F10F70512FF400C1290DB505C840031

Function 00134C8A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: 4b786a0e404cf144a4f3a0a29846f4138bb7b0aac52f9d529b7ee0973ba51072
Instruction ID: 4ccf8e404cbd87979b659dadbb7ea628852b2652e3929c970080f09ea1aceed4
Opcode Fuzzy Hash: 4b786a0e404cf144a4f3a0a29846f4138bb7b0aac52f9d529b7ee0973ba51072
Instruction Fuzzy Hash: BBB01281299111BE7308A104FD02D37010CC6D4F10F70942FF400C1290DB405C400031

Function 00134CBA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B, 00134CBA

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: 024234660b2dc9794710e3f791ee965ebeeb19dccd20437359d44da933063359
Instruction ID: c1396359d9c7e331a21beb8fc33ff7f75ee798d04232d44266fbff46a64ed075
Opcode Fuzzy Hash: 024234660b2dc9794710e3f791ee965ebeeb19dccd20437359d44da933063359
Instruction Fuzzy Hash: ADB01281299010BE7308A104BD02D37010CCAD4F10F71912FF400C1250DB515C400431

Function 00134CAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: ffe40790f2209910778bddc6b584ab08289a010f102d54fcce531180f634f4c4
Instruction ID: 5e5584633b6bedee00fb86ab244d029e5dc4e869534a95ef370c0a2eacabb13a
Opcode Fuzzy Hash: ffe40790f2209910778bddc6b584ab08289a010f102d54fcce531180f634f4c4
Instruction Fuzzy Hash: B4B012812991007E73089104BE02D37010CC6E4F10F70902FF100C12D0DB415C410031

Function 00134CDA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: 49fb97899ba1162ffcf64644b41b989af5acfc7cd69e4736f4b6d3257db3cc0d
Instruction ID: f6a3c9065d78d39171d905907ac8b08e2985c76f451f1c5d208e51756092d448
Opcode Fuzzy Hash: 49fb97899ba1162ffcf64644b41b989af5acfc7cd69e4736f4b6d3257db3cc0d
Instruction Fuzzy Hash: 70B01281299100BE73089104BE02D37010CC6E4F14F70512FF400C0260DB505C840032

Function 00134CCA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: 368f7a1d22e1dfbf2f555fbe65c1900d6fa5c6216adb5f5920d66e87b81e3b49
Instruction ID: 6f7e5359902dda2564c106627f5137260dbfeb95cdce3aa91787cc0a16b44d1e
Opcode Fuzzy Hash: 368f7a1d22e1dfbf2f555fbe65c1900d6fa5c6216adb5f5920d66e87b81e3b49
Instruction Fuzzy Hash: 3AB012C1299010FE7308A108BE02D37010CC6D4F14F70902FF400C0250DB805C404032

Function 00134CFA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: 22e6dcd35bca46727a3a4aaa3a08465bf6104960c79d1e3d4d953f532f0c6155
Instruction ID: aeba07e844cec560611723d3f058b5630f2c84c64a6339ee91b2bb1612be7e21
Opcode Fuzzy Hash: 22e6dcd35bca46727a3a4aaa3a08465bf6104960c79d1e3d4d953f532f0c6155
Instruction Fuzzy Hash: BAB01281299000BE72089104BE02E37011CC6D4F14F70902FF000C0250DB405C404032

Function 00134CEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134C81

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

yt, xrefs: 00134C7B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: yt
API String ID: 1269201914-4251244651
Opcode ID: ceeda35ffa8260d012be00e20daa1b36bf78c5ae426bdaba913e38dec734ea9c
Instruction ID: a689f8059902bd68f746da741c4dd0fe511f201ded6d3dc0076eb89dab2a3f8b
Opcode Fuzzy Hash: ceeda35ffa8260d012be00e20daa1b36bf78c5ae426bdaba913e38dec734ea9c
Instruction Fuzzy Hash: CAB01281299000BE73089104BF02D37010CC6D4F14F70902FF000C0250DB415C410032

Function 00134D0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: 4b772577f0bc6db3f3268533fd3183e58bc264ae9bf55d46da12fb3c00a20851
Instruction ID: 4c97a91dc81dbfbd5e85d31b504a0efa3f026ae89ce2f27bf2d0c5fc98cb7a2f
Opcode Fuzzy Hash: 4b772577f0bc6db3f3268533fd3183e58bc264ae9bf55d46da12fb3c00a20851
Instruction Fuzzy Hash: ABB012813580017D72082140FE02C37021CC6E4B147B4802FF400D4251E7445C415031

Function 00134D39 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: ca60abb99eb2c5522b6449731489efcaa737c4ff90ce280a3df68f6605358b0a
Instruction ID: 764ccf346acb3c4bfcec419d723492db4e66be7e64ee2dcdb4d4c7bc2285da54
Opcode Fuzzy Hash: ca60abb99eb2c5522b6449731489efcaa737c4ff90ce280a3df68f6605358b0a
Instruction Fuzzy Hash: 85B012812581007D76485144FD02D3B021CC6E4B217B4422FF801C0350E7505C845031

Function 00134D25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16, 00134D25

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: d83286a2d828c6b471e00c5c9e668b6ad9bddda8fb7c5eebd8b3292515e4f48b
Instruction ID: 9c535a5563fbb1949d873df451454448b6506d5b466b09d1131d2aa920f5adf9
Opcode Fuzzy Hash: d83286a2d828c6b471e00c5c9e668b6ad9bddda8fb7c5eebd8b3292515e4f48b
Instruction Fuzzy Hash: E0B012813580007E71486144FD02E37022CCAE4B107B4802FF400C4350E7445C409031

Function 00134D2F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: 82e8a3cba3cfd49a9f5ee4e92ef964482065b680c82310ece97a1cd79802ff85
Instruction ID: 270ad1da8d4234307f6b4216e15a6aa3762ea7988280b768ba9e54b9a3e51c44
Opcode Fuzzy Hash: 82e8a3cba3cfd49a9f5ee4e92ef964482065b680c82310ece97a1cd79802ff85
Instruction Fuzzy Hash: A4B01281258010BD7A486144FD02D3B031CC6E8B207B4812FF801C0350E7405C405031

Function 00134D57 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: d8f1ebd5537e32a9748c5e32ccc4a7ea72964587a936e5c6e639bade15257342
Instruction ID: 4234b44d0c5ba90106ff2c680904d3fe894e4fecd07069fa3d7c9776c458c65e
Opcode Fuzzy Hash: d8f1ebd5537e32a9748c5e32ccc4a7ea72964587a936e5c6e639bade15257342
Instruction Fuzzy Hash: 22B012812680007D75485144FD02E3B022CC6E4B207B4822FF401C0350E7405C409031

Function 00134D43 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: 474d5a45ac64ad5fa83862c22c38f38b5e3f9674de9cf24436d1efaa8bf1d608
Instruction ID: 3f8ea72d44b3dbadce825094a716a715669673c2f09e4c8a7f7b6b3cd9442fa6
Opcode Fuzzy Hash: 474d5a45ac64ad5fa83862c22c38f38b5e3f9674de9cf24436d1efaa8bf1d608
Instruction Fuzzy Hash: 45B012812580007D76485144FE02D3B021DC6E4B207F4822FF401C0350E7405C415031

Function 00134D4D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: 8354dc7b357ea89df7e39cfbb87b1d018c071056aae9c0465892c77388fbe69e
Instruction ID: cec3c963d806d7cc3c2085450e3600437d8fe080c44f64ce1e44f7dd29f20c4f
Opcode Fuzzy Hash: 8354dc7b357ea89df7e39cfbb87b1d018c071056aae9c0465892c77388fbe69e
Instruction Fuzzy Hash: 14B01281358010BD77487144FD02D37022CC6E4B107B4802FF800C5350E7445C445031

Function 00134D75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: 93ef7eaa5f1774e998f8fa0655b1e8a6b272bfecc544cb48e6511624c24d2405
Instruction ID: 907611ea80318ba2a9946768e918ca50d260095a8797b2b6676b4da79c78537a
Opcode Fuzzy Hash: 93ef7eaa5f1774e998f8fa0655b1e8a6b272bfecc544cb48e6511624c24d2405
Instruction Fuzzy Hash: C3B01281258010BD76886144FD02D37021CC6E4B107B4C02FF800C0350E7406C445031

Function 00134D7F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: 72579dd6f12228eb31816ee92b3f0c78b11d3dfd9ae743b3f9f65abec470f4d2
Instruction ID: 2c87c4f1c1cd7800ca25e9041b5cfc1f8f3bbd593e0458436349fb561d745963
Opcode Fuzzy Hash: 72579dd6f12228eb31816ee92b3f0c78b11d3dfd9ae743b3f9f65abec470f4d2
Instruction Fuzzy Hash: 87B012812981007E71485145FD02E37022CC6E5B107B4802FF400C0350E7405C40D131

Function 00134D61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: c6778b1079b86af64fec0a1451290d98aad7537a2754bb4490cb046dc55df6f5
Instruction ID: a9ebdd874aca141332ab9cbdcfe1e6bc965db6c578513084e250d15c3df66f64
Opcode Fuzzy Hash: c6778b1079b86af64fec0a1451290d98aad7537a2754bb4490cb046dc55df6f5
Instruction Fuzzy Hash: 25B01281258110BE76487144FD02D37021CC6E4B107B4802FF800C0350E7405C409031

Function 00134D6B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: 482bc03cc89a7c9de7cbb85ad743e8fa82b5c33a78c087eb089cf6b1a43cb328
Instruction ID: 4fb073a1321749c9e80fd5a2f369d9ddc5f4d21e81cdec6d572e94c5b6122296
Opcode Fuzzy Hash: 482bc03cc89a7c9de7cbb85ad743e8fa82b5c33a78c087eb089cf6b1a43cb328
Instruction Fuzzy Hash: BAB012813581007D72486144FD02D37021CC6E4B107B4412FF800C4350E7545C845031

Function 00134D93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: b5e960ade7d985e666e1dbfb447916657fa39cc30e1a1c784faf14b71b6fa14e
Instruction ID: 456fa95672eb77f8087532246cae6726f0a7554bbc603f93ed6950dde8e437ae
Opcode Fuzzy Hash: b5e960ade7d985e666e1dbfb447916657fa39cc30e1a1c784faf14b71b6fa14e
Instruction Fuzzy Hash: 1CB012812582007E76485144FD02D37021CC6E4B107B4412FF800C0350E7505C84D031

Function 00134D89 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134D1C

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Strings

`ato, xrefs: 00134D16

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: `ato
API String ID: 1269201914-3307817267
Opcode ID: c64a260e83f9ddf9179d009ca64345eadb43fb753ecb7539a8bb6e709f815105
Instruction ID: d2b1acf53b4281b0bc5798d0b41f8cba74aa4aa36aab20461ce4c02dbcb733ab
Opcode Fuzzy Hash: c64a260e83f9ddf9179d009ca64345eadb43fb753ecb7539a8bb6e709f815105
Instruction Fuzzy Hash: B6B012812582007E72485144FE02E37021CC6E4B107B4802FF400C0350E7405C419031

Function 00104A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON

Download Yara Rule

APIs

_com_issue_error.COMSUPP ref: 00104AD2
SysFreeString.OLEAUT32(-00000001), ref: 00104AFD

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FreeString_com_issue_error
String ID:
API String ID: 709734423-0
Opcode ID: 5283383525edf1c1fd176f2d56807081ab1ead9a8bb71471efdf2bc93b3afa0c
Instruction ID: 6f9da6a79d2358914bf39d4745776c4ac167f6b5bb7852a3154bd85026213b3f
Opcode Fuzzy Hash: 5283383525edf1c1fd176f2d56807081ab1ead9a8bb71471efdf2bc93b3afa0c
Instruction Fuzzy Hash: 1421B2B1900715EBE7209F59C845B5AFBE8EF50B21F20462EF965AB6C0E7B4E844C790

Function 00175BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,8304488B,0016537C,00000000,?,0017610D,00000010,0016537C,00000000,?,001440A9,0016537C), ref: 00175C8C
GetLastError.KERNEL32(?,0017610D,00000010,0016537C,00000000,?,001440A9,0016537C,0016537C,00000010,00164E7E,00000000,8304488B,001440A9,001440A9,?), ref: 00175CB2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: b69113b6523a54cc8b5b13ac974932d75584af8dd95c5754221a4e6ae90c47d3
Instruction ID: 752493b0cd38a9cab3017402d7a0d7daf2e98c79f096c54c353d999f6c4a1c40
Opcode Fuzzy Hash: b69113b6523a54cc8b5b13ac974932d75584af8dd95c5754221a4e6ae90c47d3
Instruction Fuzzy Hash: 2A217671A012199FCF16CF19DC90AE9B7FAEB58305F1480A9E94AD7251D730DE86CF60

Function 000E9BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitOnce$BeginCompleteInitialize
String ID:
API String ID: 51270584-0
Opcode ID: 4658560b760fb338087c39caf5c4281756ab8ef05e6667ea528f240ebe2b48df
Instruction ID: 99190f461144ae0ae20dbb8e3db36393360f391757cb215533f33bbc795268cf
Opcode Fuzzy Hash: 4658560b760fb338087c39caf5c4281756ab8ef05e6667ea528f240ebe2b48df
Instruction Fuzzy Hash: 3A019270A40649AFEB50EF95CC06F6EB7F8FB04B04F10062AB911A76C0DB74A504CB55

Function 001599E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00104AA5,?,00000000,00000000,?,0015BE00,001CBF08,000000FE,?,00104AA5), ref: 00159A04
SysAllocString.OLEAUT32(00000000), ref: 00159A0F

Part of subcall function 0015E960: _free.LIBCMT ref: 0015E973

_com_issue_error.COMSUPP ref: 00159A38
_com_issue_error.COMSUPP ref: 00159A42
GetLastError.KERNEL32(80070057,428E8EC3,?,00000000,?,0015BE00,001CBF08,000000FE,?,00104AA5,?), ref: 00159A47
_com_issue_error.COMSUPP ref: 00159A5A
GetLastError.KERNEL32(00000000,?,00000000,?,0015BE00,001CBF08,000000FE,?,00104AA5,?), ref: 00159A70
_com_issue_error.COMSUPP ref: 00159A83

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
String ID:
API String ID: 878839965-0
Opcode ID: 403b0f57c3d6a1c088d8aacf7145e7379b584f45a07892383e97dc40658063aa
Instruction ID: 86449e6bdf2f2d9aa74a4a440bca6e2b3e679c8030d357fda6b5cabc548b51e1
Opcode Fuzzy Hash: 403b0f57c3d6a1c088d8aacf7145e7379b584f45a07892383e97dc40658063aa
Instruction Fuzzy Hash: 8C01D172F04218DFDB20CF94D841BEEBBB8EF48722F00012AEE216B280CB715844C7A1

Function 0016ED5C Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0016EDA4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ac3207a5e983bcfd82ef4588742066d0e96c8d6a3cac1ffbbadbb2971ecc7d09
Instruction ID: 16ed1a64ce440df313bb5828ce9f236f196b9c6c5d24779e4771c4e3be995d4f
Opcode Fuzzy Hash: ac3207a5e983bcfd82ef4588742066d0e96c8d6a3cac1ffbbadbb2971ecc7d09
Instruction Fuzzy Hash: D5E02B2B64793155E232277EBC0577E17D58FD2330F228317F424861D0EF3048D289A1

Function 0010DEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON

Download Yara Rule

APIs

SHDeleteKeyW.SHLWAPI(?,001BBFD0,?,0010DE7B), ref: 0010DED6
RegCloseKey.KERNEL32(?,?,0010DE7B), ref: 0010DEE4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseDelete
String ID:
API String ID: 453069226-0
Opcode ID: c5b8554eae49323412b97cec7f86a633e903c95330f858e78e8f5ccdef590840
Instruction ID: e70a95148b19f5260035909d6e7bcb925abcc2983d49e3ceef4c0a87a548ec8d
Opcode Fuzzy Hash: c5b8554eae49323412b97cec7f86a633e903c95330f858e78e8f5ccdef590840
Instruction Fuzzy Hash: F2E0E570608B518ED730CB69F848B43BBE8AB04710F14C85EE4AAC7A94C3B8E8808B54

Function 000EDEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,428E8EC3,?,?), ref: 000EDF08
ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 000EE36C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: DescriptorSecurity$ConvertFolderPathSpecialString
String ID:
API String ID: 4077199523-0
Opcode ID: 374d855ae394971387df10c46f2d8150e4318fe60ee65e1d46c12746e2af2b91
Instruction ID: 43450006e6f5adfd3d73464b5d6c89ff69376f5bb1e43f7b98fd582b3afe92b1
Opcode Fuzzy Hash: 374d855ae394971387df10c46f2d8150e4318fe60ee65e1d46c12746e2af2b91
Instruction Fuzzy Hash: A5C1F431A002989FCB28DF24DD897ADB7B2FF85304F10869DD409A7691DB75AAC4CF90

Function 0017627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d22d0680f9d6bab68801a47e2c1ac12661036d0d993ac8eeabe06534f5ea380b
Instruction ID: ca7c3156e372a98375b3a0ca988b3131794c32051ee9433c6795cc82f24acfe8
Opcode Fuzzy Hash: d22d0680f9d6bab68801a47e2c1ac12661036d0d993ac8eeabe06534f5ea380b
Instruction Fuzzy Hash: 9541E271A00504AFDB14DF58C881AAE7BB2FB99364F29C169F84C9B392D771DE41CB50

Function 0017732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00177364

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: acfe002db2df9a0aeb5410b3fe80db069984f974a7eb740c423ddb1b31b51c9a
Instruction ID: f1ffeebed0a64a25d7f3ace894d6bc2fca278fb052203462e9035464260308bb
Opcode Fuzzy Hash: acfe002db2df9a0aeb5410b3fe80db069984f974a7eb740c423ddb1b31b51c9a
Instruction Fuzzy Hash: 55111571A0420AAFCF05DF58E94199A7BF5EF48304F054069F809EB251D730EA11DBA5

Function 00165854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 282a097375bc80f4373b0f2c81a965c1d3cc09c55b52072a59958bf1b6cb881c
Instruction ID: 39b69ff717ae913f7fb1088e9dedebea58c4f6d8d1e4c99d4d4afea6a58b0af8
Opcode Fuzzy Hash: 282a097375bc80f4373b0f2c81a965c1d3cc09c55b52072a59958bf1b6cb881c
Instruction Fuzzy Hash: 8CF07832501E145BDB32362A9C0579B33AE8F62335F104314FC38979D2CB34D826C7A1

Function 0010DF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 0010DF45

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b37e2cfc96351159ee3665d442b2838365b7aa05bcaaa6af7c38e2204319ea48
Instruction ID: 328deffa42c7f5dbaf28b5bc71a0d4458550464c0908c7bf943805cafc2ba6d3
Opcode Fuzzy Hash: b37e2cfc96351159ee3665d442b2838365b7aa05bcaaa6af7c38e2204319ea48
Instruction Fuzzy Hash: 5D017C35600209EBCB11CF45D804F9EBBB9FF98310F20805AF94597350C770AA55DB90

Function 00126050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(?), ref: 00126061

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 811cae316a87451f9f6baebc7094c697cbb951ea693e3eeedd2500c595d9b5f2
Instruction ID: b794d359ddffd3568aed0be06e679adb3cf72f7181c91eac48212ffc635fe40b
Opcode Fuzzy Hash: 811cae316a87451f9f6baebc7094c697cbb951ea693e3eeedd2500c595d9b5f2
Instruction Fuzzy Hash: FBF06D712002109BC718DF69E858B5BBBFAEF88711F00851DE449CBA60D375F941CBE4

Function 00172174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,0015872D,?,?,000EA1ED,0000002C,428E8EC3), ref: 001721A6

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: de82ed4309c2a1873b9b9aa0396a69247a372d399b03fb020fe3dab9af79ca1b
Instruction ID: af7a32161693341b706c073714df928014c8f011e8ba3239080afcb7ec87e04a
Opcode Fuzzy Hash: de82ed4309c2a1873b9b9aa0396a69247a372d399b03fb020fe3dab9af79ca1b
Instruction Fuzzy Hash: 2DE0ED312012A0A7EB302625AC04B5A3678BB513A0F91C161FE1C96190CB30DC8682A0

Function 0010E500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 0010E51F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 6942e8927ab4b5c7b5ac2ceeb585afc3c157630a083569679b8048d19c5cf03c
Instruction ID: a36edab7dda48379c8ee3f89e4e9a4d5fd140c260e5c111abdc6220306d5bc38
Opcode Fuzzy Hash: 6942e8927ab4b5c7b5ac2ceeb585afc3c157630a083569679b8048d19c5cf03c
Instruction Fuzzy Hash: CFF05E31600208EBDB24CF0ADC04F5EBBE8EF94710F14845EF84597250D7B0AA108B94

Function 000E136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E13A5

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID:
API String ID: 323602529-0
Opcode ID: d2bea63b57f1a9df0e45f3e181ad8335b85bc4846d3d21744eb740131039a6ab
Instruction ID: 279cf085cb4942388b2503b1cb726c83f720eb96b586f5b00bfc79a236c74155
Opcode Fuzzy Hash: d2bea63b57f1a9df0e45f3e181ad8335b85bc4846d3d21744eb740131039a6ab
Instruction Fuzzy Hash: 2EF06572904654AFD7059F48DD01F9AB7ECEB09720F10462EF411A3781DB7569048A94

Function 0010ED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0010ED2F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: ca315737c64e3455e57c5ec97323d9f38cd80e3e13cf5ec0f2bbd0f813f8434c
Instruction ID: 74ac048c4934c6070b52531106dfbc5b72ac1a393a9824cfcb8c954efda9de44
Opcode Fuzzy Hash: ca315737c64e3455e57c5ec97323d9f38cd80e3e13cf5ec0f2bbd0f813f8434c
Instruction Fuzzy Hash: AEE0123524010CEBDB008E95EC50F677B6AEB94700F14C815F9484A195C7B3DC61ABA0

Function 00184D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000000,?,00184E6A,00000000,00000000,-00000002,428E8EC3,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,001A44E4), ref: 00184D92

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 06ffe771b377447a39dd1252da563a8e1791911729242274352b57921352ea18
Instruction ID: cf99da2ed13c9b39715e333c4df94381af53a0330d84f8c750227ffc3bb8b18f
Opcode Fuzzy Hash: 06ffe771b377447a39dd1252da563a8e1791911729242274352b57921352ea18
Instruction Fuzzy Hash: BBD0A73121020A5BAF54AEFC94696B6738E9B5176474C0755F41EC60D4EF30FD929B10

Function 0017FE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00180187,?,?,00000000,?,00180187,00000000,0000000C), ref: 0017FE42

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6bf7c28dcff10870b4fcf70294ea89c3f96bf3bc19bb10b7ffd331762585615f
Instruction ID: 8b09f9de77480c1c08517e6fdaa08635f220ae533f4b4572be83b2696025d55a
Opcode Fuzzy Hash: 6bf7c28dcff10870b4fcf70294ea89c3f96bf3bc19bb10b7ffd331762585615f
Instruction Fuzzy Hash: 3ED06C3210010DBBDF028F84DD06EDA3BAAFB48714F054000BA1856060C772E961AB91

Function 0014269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00142743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 00142743
Part of subcall function 00142743: AcquireSRWLockExclusive.KERNEL32(?,001428F1), ref: 00142760

DloadProtectSection.DELAYIMP ref: 001426C5

Part of subcall function 0014286C: DloadObtainSection.DELAYIMP ref: 0014287C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
String ID:
API String ID: 1209458687-0
Opcode ID: 2b95e92dd9f52997e1147d283629ec89ed9b65ba2f332a39af3ec426e2840f51
Instruction ID: 811de288562768832089e66a9aad91c519416ef6a69a48df8c8ab349e1cac271
Opcode Fuzzy Hash: 2b95e92dd9f52997e1147d283629ec89ed9b65ba2f332a39af3ec426e2840f51
Instruction Fuzzy Hash: 73D01230D0AA609AD355BB66EC9A7283390B724301FE1841AF90AC29B4D7B298C18E25

Function 0010E8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0010E8D4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5bbdc5dd39689d81104198f95cb9ea8b2fe596890bfce858706218c5d4d0dbf6
Instruction ID: aac6444fbb331245aea8ae537f95570a7382df9804e84c1deda15bed1327b631
Opcode Fuzzy Hash: 5bbdc5dd39689d81104198f95cb9ea8b2fe596890bfce858706218c5d4d0dbf6
Instruction Fuzzy Hash: 47D0CA3200020CBBCF028F80ED02E8A3F2AEB08760F088401FA080806193B39470ABA0

Function 0015E960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0015E973

Part of subcall function 00172098: RtlFreeHeap.NTDLL(00000000,00000000,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?), ref: 001720AE
Part of subcall function 00172098: GetLastError.KERNEL32(?,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?,?), ref: 001720C0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
Instruction ID: faec9aa4275c1c61f12093230da60835836bc03cdce22be890c904251db4afdf
Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
Instruction Fuzzy Hash: C3C08C7110020CBBCB009B41C806A4E7BB8DB80364F204044F40517240CBB1EE049690

Function 00134D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134DAF

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 95976adb800c38012cc199f780548972d107b728c92a5a82433dd2dbce43dc4f
Instruction ID: fc94d3843dccc5fd68a6f5af4f298c31b55a19ecebec1ebd661cc7b482dac31d
Opcode Fuzzy Hash: 95976adb800c38012cc199f780548972d107b728c92a5a82433dd2dbce43dc4f
Instruction Fuzzy Hash: 75B012C12990107D71081140FD02D37011CCAE5B10BF3812FF040D016097509C404031

Function 00134DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00134DAF

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 079230d21fb4c714d2a5852a5e6cf28cd41328588e9f8571f7de474f9d8ecb32
Instruction ID: f2c3674fd2c4d65de8993b6821be79a461d4d3341286435f02aedcb64be4c843
Opcode Fuzzy Hash: 079230d21fb4c714d2a5852a5e6cf28cd41328588e9f8571f7de474f9d8ecb32
Instruction Fuzzy Hash: 2FB012C1298010BDB2486154BD02D37010CC6E8B10777803FF404C0260D7409C440031

Function 001414C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 001414D8

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: bff058929defe69ca938152942a58ec02e51be16fc0e99183cf8a29dc1b8227f
Instruction ID: b4e61a383487e1d831d62ef456707c464fd90a3f88191b00f6b1d9c3a46dc5fc
Opcode Fuzzy Hash: bff058929defe69ca938152942a58ec02e51be16fc0e99183cf8a29dc1b8227f
Instruction Fuzzy Hash: ADB012E12580107C32081111BE02D37120CC7D0B147B4C02FF000D1560D7405C821031

Function 001597AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

___delayLoadHelper2@8.DELAYIMP ref: 001597C4

Part of subcall function 0014293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 001429AF
Part of subcall function 0014293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 001429C0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: b44030fccf9ccfe8d5fe4c81d6be39c19f9a3e49839546ccb0b42b2a9167e6a7
Instruction ID: fc335cbc3e819df2fa050a7d186bead3f3f15722862e40a3c3354423fdff7f49
Opcode Fuzzy Hash: b44030fccf9ccfe8d5fe4c81d6be39c19f9a3e49839546ccb0b42b2a9167e6a7
Instruction Fuzzy Hash: A3B01291278010FC32083114BE02C37110DC6D8B11378C43FFD00E4151B7404C490433

Function 0010ECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 0010ECEE

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: a5c7778e6f5a2274a58a401a87c3a52038dcb08b0ad12e6dc588986936c97167
Instruction ID: 86166a12ab33b8e0d4178d91da852cd18959e7401e6035b51844be886ceb107f
Opcode Fuzzy Hash: a5c7778e6f5a2274a58a401a87c3a52038dcb08b0ad12e6dc588986936c97167
Instruction Fuzzy Hash: 4AE0ED37200119ABDB01CB8AEC84D9AFBADEBD5371704403BFA0487620D772AC25CBA0

Non-executed Functions

Function 00110540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,428E8EC3), ref: 00110571
FreeLibrary.KERNEL32(00000000), ref: 001105B7
GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 001105DD
GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 001105E9
GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 001105F5
GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00110601
GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 0011060D
GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 0011061C
GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 00110628
GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 00110634
GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 00110640
GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 0011064C
GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 00110658
GetProcAddress.KERNEL32(?,FreeSid), ref: 00110664
GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 00110670
GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 0011067C
GetProcAddress.KERNEL32(?,InitializeAcl), ref: 00110688
GetProcAddress.KERNEL32(?,InitializeSid), ref: 00110694
GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 001106A0
GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 001106AC
GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 001106B8
GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 001106C4
GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 001106D0
GetProcAddress.KERNEL32(?,GetAce), ref: 001106DC
GetProcAddress.KERNEL32(?,DeleteAce), ref: 001106E8
GetProcAddress.KERNEL32(?,EqualSid), ref: 001106F4
GetProcAddress.KERNEL32(?,GetAclInformation), ref: 00110700
GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 0011070F
LeaveCriticalSection.KERNEL32(?), ref: 001107DE

Strings

advapi32.dll, xrefs: 00110595
SetSecurityDescriptorDacl, xrefs: 00110636
OpenThreadToken, xrefs: 00110666
GetFileSecurityW, xrefs: 001105DF
GetExplicitEntriesFromAclW, xrefs: 00110603
RegGetKeySecurity, xrefs: 0011060F
SetSecurityDescriptorControl, xrefs: 00110702
GetTokenInformation, xrefs: 00110672
SetEntriesInAclW, xrefs: 001105D6
InitializeAcl, xrefs: 0011067E
GetSecurityDescriptorDacl, xrefs: 00110642
SetFileSecurityW, xrefs: 001105EB
InitializeSid, xrefs: 0011068A
SetSecurityInfo, xrefs: 001106BA
DeleteAce, xrefs: 001106DE
InitializeSecurityDescriptor, xrefs: 0011062A
QueryServiceStatusEx, xrefs: 001106C9
AllocateAndInitializeSid, xrefs: 0011064E
GetSecurityInfo, xrefs: 001106AE
FreeSid, xrefs: 0011065A
RegSetKeySecurity, xrefs: 0011061E
GetAce, xrefs: 001106D2
GetSidSubAuthority, xrefs: 00110696
AddAccessAllowedAce, xrefs: 001106A2
GetAclInformation, xrefs: 001106F6
EqualSid, xrefs: 001106EA
LookupAccountSidW, xrefs: 001105F7

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
API String ID: 2701342527-838666417
Opcode ID: 3723a6ebc530a5ea1b6f38ffa765d67410a098d4c365f39f77365f94c784342e
Instruction ID: e9b717ac7e10dcd2d8602798c4d59f10ccc2eac7a64d878d02a7b7c23e31afb8
Opcode Fuzzy Hash: 3723a6ebc530a5ea1b6f38ffa765d67410a098d4c365f39f77365f94c784342e
Instruction Fuzzy Hash: D8812979D40B25FECF2A9B61C848B99BFA1FB09355F000526E504629E0D7B5A4E8CFC1

Function 00128190 Relevance: 41.9, APIs: 7, Strings: 16, Instructions: 1638timeCOMMON

Download Yara Rule

APIs

Part of subcall function 000E463F: GetProcessHeap.KERNEL32(?,?,?,000EE97C,428E8EC3,?,?,?,?,00189590,000000FF), ref: 000E4676

VariantTimeToSystemTime.OLEAUT32 ref: 00128539
GetLastError.KERNEL32(428E8EC3,?), ref: 0012867A

Part of subcall function 00108690: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 001086D6
Part of subcall function 00108690: LoadResource.KERNEL32(00000000,00000000), ref: 001086E4
Part of subcall function 00108690: LockResource.KERNEL32(00000000), ref: 001086EF
Part of subcall function 00108690: SizeofResource.KERNEL32(00000000,00000000), ref: 001086FD
Part of subcall function 00108690: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00108764
Part of subcall function 00108690: LoadResource.KERNEL32(00000000,00000000), ref: 00108776
Part of subcall function 00108690: LockResource.KERNEL32(00000000), ref: 00108785
Part of subcall function 00108690: SizeofResource.KERNEL32(00000000,00000000), ref: 00108797

__floor_pentium4.LIBCMT ref: 00128C83
__floor_pentium4.LIBCMT ref: 00128CDF
__floor_pentium4.LIBCMT ref: 00128D37

Strings

YESTERDAY, xrefs: 00128C2C
, xrefs: 0012883B
Invalid DateTime, xrefs: 00128277, 00128300
string %s does not have %d symbols starting index %d, xrefs: 00129279, 001298A7, 001298D8
GetAsSystemTime failed: %d, xrefs: 00128681
yyyy, xrefs: 00128EEB
NWebAdvisor::NXmlUpdater::CDateSubstitution::FormatDateTime, xrefs: 00128688
epoch, xrefs: 00128500, 00128DBF
failed to parse day: %s, xrefs: 00129620
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateSubstitution.cpp, xrefs: 0012868D, 00129038, 001291D8, 00129288, 00129300, 0012962F, 00129885, 001298B6, 001298E7
failed to convert date element(s) to int: year = %s, month = %s, day = %s, xrefs: 00129876
failed to parse month: %s, xrefs: 001291C9
failed to parse year: %s, xrefs: 001292F1
NWebAdvisor::NXmlUpdater::CDateSubstitution::Substitute, xrefs: 00129033, 001291D3, 00129283, 001292FB, 0012962A, 00129880, 001298B1, 001298E2
failed to convert epoch date: %s, xrefs: 00129029
TOMORROW, xrefs: 00128BE2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Resource$__floor_pentium4$FindLoadLockSizeofTime$ErrorHeapLastProcessSystemVariant
String ID: $GetAsSystemTime failed: %d$Invalid DateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::FormatDateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::Substitute$TOMORROW$YESTERDAY$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateSubstitution.cpp$epoch$failed to convert date element(s) to int: year = %s, month = %s, day = %s$failed to convert epoch date: %s$failed to parse day: %s$failed to parse month: %s$failed to parse year: %s$string %s does not have %d symbols starting index %d$yyyy
API String ID: 3108935575-1381540002
Opcode ID: bc4efc9ede2483aa68574811e823137718aafa4c374bf097c55eb84b45a313b0
Instruction ID: 733628b13248a92977c23e251c6a840598bc822bb19a1af96e2031f7e78c9f3a
Opcode Fuzzy Hash: bc4efc9ede2483aa68574811e823137718aafa4c374bf097c55eb84b45a313b0
Instruction Fuzzy Hash: E0E2BC71A00268CFDB24DFA8DC55BEEB7B5BF55304F104299E449B7281EB30AA95CF90

Function 00122B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,428E8EC3,00000000,?,00000000,?,00123AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00122B73
GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 00122B98
GetProcAddress.KERNEL32(00000000,Controller), ref: 00122BA7
GetProcAddress.KERNEL32(00000000,Release), ref: 00122BC8
FreeLibrary.KERNEL32(00000000), ref: 00122C46
FreeLibrary.KERNEL32(00000000), ref: 00122CC3
GetLastError.KERNEL32(?,00123AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 00122CCB

Strings

Release, xrefs: 00122BC2
Dispatcher, xrefs: 00122B92
NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 00122CDF
Failed to load library %s. Error 0x%08X, xrefs: 00122CD5
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 00122CE4
Controller, xrefs: 00122B9E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddressLibraryProc$Free$ErrorLastLoad
String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
API String ID: 2058215185-435243658
Opcode ID: 47798d3e6642f7630e4ad14bc02ae98e2c47e8d416c7f915394ef0a84f73a7be
Instruction ID: 41ebeffb04b41fb081d451d71e16cd03be9ba77906d729e0c1c56bcc6160db31
Opcode Fuzzy Hash: 47798d3e6642f7630e4ad14bc02ae98e2c47e8d416c7f915394ef0a84f73a7be
Instruction Fuzzy Hash: DB4169B0A00314EFD704CFA9D948B9EBBF4FF08710F19416AE805AB291D7B58950CFA5

Function 0013B4F0 Relevance: 22.2, Strings: 17, Instructions: 999COMMON

Download Yara Rule

Strings

UTF), xrefs: 0013B654
LF), xrefs: 0013B869
ANY), xrefs: 0013B8BB
BSR_ANYCRLF), xrefs: 0013B907
NO_AUTO_POSSESS), xrefs: 0013B698
NO_START_OPT), xrefs: 0013B6BA
$, xrefs: 0013C1EC
CR), xrefs: 0013B840
UCP), xrefs: 0013B676
no error, xrefs: 0013C39A, 0013C3A3
LIMIT_MATCH=, xrefs: 0013B6DC
BSR_UNICODE), xrefs: 0013B922
LIMIT_RECURSION=, xrefs: 0013B790
UTF8), xrefs: 0013B632
ANYCRLF), xrefs: 0013B8E1
Error text not found (please report), xrefs: 0013C3BA
CRLF), xrefs: 0013B892

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF8)$no error
API String ID: 0-2110857069
Opcode ID: df536dd33ab49c62f0916537dc38d2525108a4f371daa0fbacf33564185cba6a
Instruction ID: f661309f8c45f47b97f67f4aed3d05273fd2138046d3c0866d14d431166d6c54
Opcode Fuzzy Hash: df536dd33ab49c62f0916537dc38d2525108a4f371daa0fbacf33564185cba6a
Instruction Fuzzy Hash: B792AF75E042299BDB28CF14CC917EABBB5AF59304F0441E9EB5DA7281E7349E84CF90

Function 000F6220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?), ref: 000F6268
GetCurrentThreadId.KERNEL32 ref: 000F6274
CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 000F63BF
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 000F63DF
CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 000F63FC

Strings

al exception rule %x:%x res %s, xrefs: 000F632E
3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 000F671E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
API String ID: 3004248768-911235813
Opcode ID: 9543e3b5ab28d479f993c8848cccb6bb3b63e280b9ca958956dea7892867ffb5
Instruction ID: 3e0569adea0a4a173e95b54d9320f24587411f0ef18429b4170179d6d07a08ce
Opcode Fuzzy Hash: 9543e3b5ab28d479f993c8848cccb6bb3b63e280b9ca958956dea7892867ffb5
Instruction Fuzzy Hash: 4CF12935B012289BDB65DF14CC95BADB7B5BF48710F1800D9EA0AA7791DB70AE81CF90

Function 000F67B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 000F67F3
GetCurrentThreadId.KERNEL32 ref: 000F67FB
CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 000F687F
CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 000F689F
CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 000F68BC
CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 000F68DE
CryptDestroyHash.ADVAPI32(00000000), ref: 000F68EF
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 000F6902
DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 000F6951
DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 000F6980

Strings

al exception rule %x:%x res %s, xrefs: 000F6824
Freeing access handle %p, xrefs: 000F67D0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
String ID: Freeing access handle %p$al exception rule %x:%x res %s
API String ID: 581428007-3582322424
Opcode ID: abe320208e9a00a56ead792bc6fcf0864e173965fa43dbda671114ffc18ecb6d
Instruction ID: c842bd90773546a6160503f1016e1693ccd1eaff763e4ef6c1ea42d81d2a51c5
Opcode Fuzzy Hash: abe320208e9a00a56ead792bc6fcf0864e173965fa43dbda671114ffc18ecb6d
Instruction Fuzzy Hash: 0E515171A00218ABEB60CB60DC46FEA77FCEB14710F144295BA15E65C1DBB1EE84DF60

Function 000D5400 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 918COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000D59C1
Concurrency::cancel_current_task.LIBCPMT ref: 000D59C6
Concurrency::cancel_current_task.LIBCPMT ref: 000D6066

Strings

ps_host, xrefs: 000D5746, 000D57E7
YSTEM, xrefs: 000D6080
heron_host, xrefs: 000D55CD, 000D5677
hti_auth_host, xrefs: 000D57FE, 000D589F
/, xrefs: 000D5A6B
UPDATER_URL, xrefs: 000D5431, 000D54DD
), xrefs: 000D5A61

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
API String ID: 118556049-3423396178
Opcode ID: f998e0ed2b3cfb3e277096b8a2ba32ad8feab6b1362068f8f27a9f225363fd44
Instruction ID: c2655483024bb62f096960f4b79ff82e87a7190e02214d6240955d0ddeb75617
Opcode Fuzzy Hash: f998e0ed2b3cfb3e277096b8a2ba32ad8feab6b1362068f8f27a9f225363fd44
Instruction Fuzzy Hash: 5A72E3B1D00354DFDB24CF64CC557AE77B5EB18315F20026EE82AAB391EB719A88CB51

Function 000DA610 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000DABD1
Concurrency::cancel_current_task.LIBCPMT ref: 000DABD6
Concurrency::cancel_current_task.LIBCPMT ref: 000DB256

Strings

YSTEM, xrefs: 000DB270
heron_host, xrefs: 000DA7DD, 000DA887
/, xrefs: 000DAC5B
ps_host, xrefs: 000DA956, 000DA9F7
), xrefs: 000DAC51
hti_auth_host, xrefs: 000DAA0E, 000DAAAF
UPDATER_URL, xrefs: 000DA641, 000DA6ED

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
API String ID: 118556049-3423396178
Opcode ID: 6230b4425736144e85e384f17842120aecfb6d04fdc8387522e109d62b4a4f2f
Instruction ID: f937f1c13d897b17104c4c14fe2d651fef91296f540ceb30ff8ae878818266d6
Opcode Fuzzy Hash: 6230b4425736144e85e384f17842120aecfb6d04fdc8387522e109d62b4a4f2f
Instruction Fuzzy Hash: 647204B1E00354DFDB24CF24C8557AE77B5FB19314F20066EE826AB391EB349988CB61

Function 000D2B00 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000D30C1
Concurrency::cancel_current_task.LIBCPMT ref: 000D30C6
Concurrency::cancel_current_task.LIBCPMT ref: 000D3746

Strings

/, xrefs: 000D314B
YSTEM, xrefs: 000D3760
UPDATER_URL, xrefs: 000D2B31, 000D2B41, 000D2BDD, 000D30F8
ps_host, xrefs: 000D2E46, 000D2E58, 000D2EE7
), xrefs: 000D3141
heron_host, xrefs: 000D2CCD, 000D2CDF, 000D2D77
hti_auth_host, xrefs: 000D2EFE, 000D2F10, 000D2F9F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
API String ID: 118556049-3423396178
Opcode ID: 2a44c7e72366dc333b35448861958c0005c1caeae77c2e1f42823b859d6bb53f
Instruction ID: 20e0f857e7a8e041f1232a6a12981f76dc212f8b08912cf5abc33edf97949e4f
Opcode Fuzzy Hash: 2a44c7e72366dc333b35448861958c0005c1caeae77c2e1f42823b859d6bb53f
Instruction Fuzzy Hash: 227204B1D05354CFDB24CF24C8557AE77B4FB58314F20026EE82AAB391EB759A88CB51

Function 000DCF40 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000DD501
Concurrency::cancel_current_task.LIBCPMT ref: 000DD506
Concurrency::cancel_current_task.LIBCPMT ref: 000DDB86

Strings

ps_host, xrefs: 000DD286, 000DD327
hti_auth_host, xrefs: 000DD33E, 000DD3DF
UPDATER_URL, xrefs: 000DCF71, 000DD01D
YSTEM, xrefs: 000DDBA0
/, xrefs: 000DD58B
), xrefs: 000DD581
heron_host, xrefs: 000DD10D, 000DD1B7

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
API String ID: 118556049-3423396178
Opcode ID: a5aee79cd2ff7f9e9a4fe5af8362561da8ec17281cd6bd8038e690d75ff03194
Instruction ID: 6c9bb4d3caa9aa43def70ae3cda0de15e068a4de9d26fb7fef020aaf44f8b074
Opcode Fuzzy Hash: a5aee79cd2ff7f9e9a4fe5af8362561da8ec17281cd6bd8038e690d75ff03194
Instruction Fuzzy Hash: 7072F5B1D00354CFDB24CF24C8557AE77B4EB28314F20466FE826AB791EB759A88CB51

Function 000DF830 Relevance: 18.4, APIs: 3, Strings: 7, Instructions: 886COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000DFDF1
Concurrency::cancel_current_task.LIBCPMT ref: 000DFDF6
Concurrency::cancel_current_task.LIBCPMT ref: 000E0476

Strings

YSTEM, xrefs: 000E0490
ps_host, xrefs: 000DFB76, 000DFC17
heron_host, xrefs: 000DF9FD, 000DFAA7
UPDATER_URL, xrefs: 000DF861, 000DF90D
/, xrefs: 000DFE7B
hti_auth_host, xrefs: 000DFC2E, 000DFCCF
), xrefs: 000DFE71

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: )$/$UPDATER_URL$YSTEM$heron_host$hti_auth_host$ps_host
API String ID: 118556049-3423396178
Opcode ID: 36547af9029a99d8d77837d94493a7b7deeb5bfa2306a8f6389337031faa32df
Instruction ID: de1f4d5bfc1a4a95a8a19f8d4a4518addffb67691306e4282e67d10e4fa39e5f
Opcode Fuzzy Hash: 36547af9029a99d8d77837d94493a7b7deeb5bfa2306a8f6389337031faa32df
Instruction Fuzzy Hash: 5572FFB1D00355DFDB248F24C9157AE77B5EF18304F24426EE82BAB391EB749A88CB51

Function 0012A540 Relevance: 15.8, Strings: 12, Instructions: 846COMMON

Download Yara Rule

Strings

stol argument out of range, xrefs: 0012A991
NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied, xrefs: 0012A9FF, 0012B07E
failed to parse date from name: %s, xrefs: 0012A5B2
NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl, xrefs: 0012A956
Unknown comparison operator: %s, xrefs: 0012A94F
invalid substitutor, xrefs: 0012A9F8
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp, xrefs: 0012A95B, 0012AA04, 0012B083
NEQ, xrefs: 0012A8CD
Unable to substitute the arguments, xrefs: 0012B077
failed to parse date from value: %s, xrefs: 0012A63C
invalid stol argument, xrefs: 0012A987
[DATE:TODAY], xrefs: 0012AA28

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Time$SystemVariant
String ID: NEQ$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$Unknown comparison operator: %s$[DATE:TODAY]$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp$failed to parse date from name: %s$failed to parse date from value: %s$invalid stol argument$invalid substitutor$stol argument out of range
API String ID: 352189841-3100175478
Opcode ID: 85d6fc57c3859bb370c935d97fbdb6f2f5afa280643cae0b8df8234cf9ec7f01
Instruction ID: 48b950e3b7e7f419a2ac124242fc612125d340f9a24085df5f1542641b5f116d
Opcode Fuzzy Hash: 85d6fc57c3859bb370c935d97fbdb6f2f5afa280643cae0b8df8234cf9ec7f01
Instruction Fuzzy Hash: AB72AE71D002589FCF25DFA4D855BEEB7B4BF15304F504299E40ABB282EB34AA85CF51

Function 001328A0 Relevance: 13.0, Strings: 10, Instructions: 464COMMON

Download Yara Rule

Strings

Invalid arguments passed to SEND_EVENT command, xrefs: 00132E6D
Name, xrefs: 00132DB0
invalid substitutor, xrefs: 001328F6
NWebAdvisor::NXmlUpdater::CSendEventCommand::Execute, xrefs: 00132B5D, 00132B9F, 00132BE4, 00132C30, 00132C7E, 00132CCC, 00132D1A, 00132D65, 00132DFE, 00132E34, 00132E74
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SendEventCommand.cpp, xrefs: 00132B62, 00132BA4, 00132BE9, 00132C35, 00132C83, 00132CD1, 00132D1F, 00132D6A, 00132E03, 00132E39, 00132E79
Unexpected call to legacy SEND_EVENT command, xrefs: 00132DF7
Unable to substitute variables for the SEND_EVENT command, xrefs: 00132B56, 00132B98, 00132BDD, 00132C29, 00132C74, 00132CC2, 00132D10, 00132D5B, 00132E26, 00132E32
Invalid, xrefs: 00132E63
Encountered SEND_EVENT, but no event reporter was defined, xrefs: 001328E2
default, xrefs: 00132C0B, 00132DA1

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: Encountered SEND_EVENT, but no event reporter was defined$Invalid$Invalid arguments passed to SEND_EVENT command$NWebAdvisor::NXmlUpdater::CSendEventCommand::Execute$Name$Unable to substitute variables for the SEND_EVENT command$Unexpected call to legacy SEND_EVENT command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SendEventCommand.cpp$default$invalid substitutor
API String ID: 0-494503603
Opcode ID: 07cf874e12cddf201f180da41dcf0e747f6bcea5c7540ad8c50c4e6e1f3ebf2c
Instruction ID: 130f205106d575c4c1ecf6454b2be7fa986a7b68d8028b2e124918a8399b252b
Opcode Fuzzy Hash: 07cf874e12cddf201f180da41dcf0e747f6bcea5c7540ad8c50c4e6e1f3ebf2c
Instruction Fuzzy Hash: 36026474A402089FDB14EF90C996FEEBBB5AF19704F504458F501772C2DBB5AE48CBA1

Function 00136D43 Relevance: 10.7, Strings: 8, Instructions: 655COMMON

Download Yara Rule

Strings

\b(?<=\w), xrefs: 00136D8F
Q\E, xrefs: 00136E11
^, xrefs: 0013705F
\b(?=\w), xrefs: 00136D5B
alpha, xrefs: 00136F83, 00136F9C
@, xrefs: 001372CE
[:<:]], xrefs: 00136D45
[:>:]], xrefs: 00136D7A

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: @$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$^$alpha
API String ID: 0-4118445655
Opcode ID: 358a1c3a2a92df324c7025376f856ea04cc3863ab010da4661b9d9ab092718ba
Instruction ID: 2848110135abca3bd626691648e19fb5ac415dc1170cd5dcdaa19c21a9570d14
Opcode Fuzzy Hash: 358a1c3a2a92df324c7025376f856ea04cc3863ab010da4661b9d9ab092718ba
Instruction Fuzzy Hash: 614280B4D083588FDF39CF64C8907ADBBB1AF16314F28819DD889AB292D7349D85CB50

Function 0017CE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,0017D124,00000002,00000000,?,?,?,0017D124,?,00000000), ref: 0017CE9F
GetLocaleInfoW.KERNEL32(?,20001004,0017D124,00000002,00000000,?,?,?,0017D124,?,00000000), ref: 0017CEC8
GetACP.KERNEL32(?,?,0017D124,?,00000000), ref: 0017CEDD

Strings

OCP, xrefs: 0017CE5A
ACP, xrefs: 0017CE24

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: a9c449b0ef1be838300e64132a9e30e47829c5079fe53804efb131f81d2421bd
Instruction ID: de24b280c9b4d9fef6bf9d4ffaf3b900a8b3ece75a0dc1eefa6d3974815c898f
Opcode Fuzzy Hash: a9c449b0ef1be838300e64132a9e30e47829c5079fe53804efb131f81d2421bd
Instruction Fuzzy Hash: C6217132640101AAEB34CF68D900AA77AB6AB64F54B56C469E90ED7604EF32DE41C7D0

Function 0011D2C0 Relevance: 8.0, Strings: 6, Instructions: 504COMMON

Download Yara Rule

Strings

expected =, xrefs: 0011D9D8
expected >, xrefs: 0011D7E4, 0011D800
expected ' or ", xrefs: 0011D9F1
unexpected end of data, xrefs: 0011D551
expected element name, xrefs: 0011D7C8
invalid numeric character entity, xrefs: 0011D3A3

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: expected ' or "$expected =$expected >$expected element name$invalid numeric character entity$unexpected end of data
API String ID: 0-1758782166
Opcode ID: 2d80485b5ce30e6909d928485ddc3d0374aeedc3036e7780b38d818cafc63b52
Instruction ID: 6113b70c4e2c627669fb2f98e737f15c0169d5c1c391e227d03118ee05549036
Opcode Fuzzy Hash: 2d80485b5ce30e6909d928485ddc3d0374aeedc3036e7780b38d818cafc63b52
Instruction Fuzzy Hash: C402D4705042109FCB2CCF28E4957B6BBF1FF56308F2885AEE4898F291E7759985CB91

Function 0017CFDB Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

Part of subcall function 00171CA9: _free.LIBCMT ref: 00171D0B
Part of subcall function 00171CA9: _free.LIBCMT ref: 00171D41

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0017D0E7
IsValidCodePage.KERNEL32(00000000), ref: 0017D130
IsValidLocale.KERNEL32(?,00000001), ref: 0017D13F
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0017D187
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0017D1A6

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
String ID:
API String ID: 949163717-0
Opcode ID: 09562143c19a175a4dcfe23bd0e03cf9f0ade02ec11956c5cc53e2a02c8d26fb
Instruction ID: 2acb8b847e914fdaf2fc190ac7f2851ffd2954260241adc21c1b7f7b7faba37b
Opcode Fuzzy Hash: 09562143c19a175a4dcfe23bd0e03cf9f0ade02ec11956c5cc53e2a02c8d26fb
Instruction Fuzzy Hash: 1B518371A0020AAFDF10DFA5DC41ABA77B8FF19700F158469F519EB150EB709945CBA1

Function 00140660 Relevance: 7.2, Strings: 5, Instructions: 986COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00140B9E
PCRE, xrefs: 001407E8
ERCP, xrefs: 001407DF
VUUU, xrefs: 00140C5C
VUUU, xrefs: 00140BD1

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: ERCP$PCRE$VUUU$VUUU$VUUU
API String ID: 0-663802839
Opcode ID: 62d99f542335fc8d1890c0b0c39201a763844e386c8818b83358ecd26b6052bb
Instruction ID: 93018f532ed90e47fb09e7ca9399350644601231a73bd2df760ab8e47e9df1ea
Opcode Fuzzy Hash: 62d99f542335fc8d1890c0b0c39201a763844e386c8818b83358ecd26b6052bb
Instruction Fuzzy Hash: 8D82AC71A002598FDB25CF29C890BEDB7B1BF48314F1442EAD959AB2A1D7319EC5CF50

Function 00137602 Relevance: 6.2, Strings: 4, Instructions: 1247COMMON

Download Yara Rule

Strings

?, xrefs: 001377E8
#, xrefs: 001377EE
(, xrefs: 001377E2
n, xrefs: 00137CDF

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: #$($?$n
API String ID: 0-1429268647
Opcode ID: 1fb719513467338c1088bfdcf351643978b00c3928595c541304ea48eb2c2d85
Instruction ID: 56a342a310f9a6b584cc1abd514c62c5641a312851cce96905e6145af15e6378
Opcode Fuzzy Hash: 1fb719513467338c1088bfdcf351643978b00c3928595c541304ea48eb2c2d85
Instruction Fuzzy Hash: D6B25E74E04359CFDB29CFA8C8906ADFBB1BF59310F188299D459AB386D730A946CF50

Function 001593F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 001593FE
IsDebuggerPresent.KERNEL32 ref: 001594CA
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 001594EA
UnhandledExceptionFilter.KERNEL32(?), ref: 001594F4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 168326b2ff9eaf26371e123a642fa13b2e8369aab03c3e516e9c0616d185ae3b
Instruction ID: 85bb0414295e7497ec9ed023cff6b37fceae93d4b2b26697d20c17c36182228e
Opcode Fuzzy Hash: 168326b2ff9eaf26371e123a642fa13b2e8369aab03c3e516e9c0616d185ae3b
Instruction Fuzzy Hash: B13129B5D4121CDBDB11DFA4D989BCDBBF8AF18305F1041AAE40DAB250EB709A898F05

Function 001383A0 Relevance: 5.5, Strings: 4, Instructions: 532COMMON

Download Yara Rule

Strings

\b(?=\w), xrefs: 00138480
), xrefs: 0013844A
), xrefs: 00139093
:, xrefs: 00138403

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: )$)$:$\b(?=\w)
API String ID: 0-1096454370
Opcode ID: 72baaf700cf57ee24742836cf0de5745fb850c54fc1f2b22999b221d56c17a96
Instruction ID: e668927382ea146e602196ae93a05904cc84b6c144b789671403e17e1312f598
Opcode Fuzzy Hash: 72baaf700cf57ee24742836cf0de5745fb850c54fc1f2b22999b221d56c17a96
Instruction Fuzzy Hash: 65324C74E04259CFDB25CF68C8807ADBBB1BF09314F15819AD89AAB351C7B49D85CF50

Function 0017CA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

Part of subcall function 00171CA9: _free.LIBCMT ref: 00171D0B
Part of subcall function 00171CA9: _free.LIBCMT ref: 00171D41

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0017CAD4
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0017CB1E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0017CBE4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InfoLocale$ErrorLast_free
String ID:
API String ID: 3140898709-0
Opcode ID: 93105bf4b178e921907dfed378429c6ae8085186be240ff6278f2bc767dc2e98
Instruction ID: bb197003f9f0a38e903c22d292d16b91ab050b445ac264219cdbf57c0880a54b
Opcode Fuzzy Hash: 93105bf4b178e921907dfed378429c6ae8085186be240ff6278f2bc767dc2e98
Instruction Fuzzy Hash: FD618D719002179BEB299F68CD82BBAB7B9EF14340F1480BEED0DD6585E734D984DB90

Function 0015D453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,001D80CC), ref: 0015D54B
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,001D80CC), ref: 0015D555
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,001D80CC), ref: 0015D562

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 05accda215ffbb4e91e6317686d5af4a69721062731d424aba238e9a96f831ee
Instruction ID: 038b6f6ac4bc7f0c1db222db8931e7355c0c63373ac9ed411ecfcfc87f61de3f
Opcode Fuzzy Hash: 05accda215ffbb4e91e6317686d5af4a69721062731d424aba238e9a96f831ee
Instruction Fuzzy Hash: B631A8B4911228DBCB61DF64D98978DBBB8BF18311F5041DAE81CA7250E7709F858F45

Function 0016E8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,0016E8FD,00000002,00000002,?,00000002), ref: 0016E920
TerminateProcess.KERNEL32(00000000,?,0016E8FD,00000002,00000002,?,00000002), ref: 0016E927
ExitProcess.KERNEL32 ref: 0016E939

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5e5b4b09b03e8458e4d1e47045e8d05c2acbe15dedb2f451250495d44c3d40a4
Instruction ID: 204fc6243434676b327948c1a93f3e2e445b08732f5bb88de7bfb0f3c91c23ae
Opcode Fuzzy Hash: 5e5b4b09b03e8458e4d1e47045e8d05c2acbe15dedb2f451250495d44c3d40a4
Instruction Fuzzy Hash: C4E04635010108EFCF12AF24DD08A083BA9FF14341B088515F80886631CB35EDA1CA51

Function 00108EA0 Relevance: 3.6, APIs: 2, Instructions: 635COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 001091DE
Concurrency::cancel_current_task.LIBCPMT ref: 0010952E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 5b38bb7b6d4788f898e7d3f319b1a8e3828ae79a14ef3b315f6685c24b76e670
Instruction ID: 4c30b25c6b0f01f8d2eae0f8044c806df70148a3a088b923038640ca5ce35fa4
Opcode Fuzzy Hash: 5b38bb7b6d4788f898e7d3f319b1a8e3828ae79a14ef3b315f6685c24b76e670
Instruction Fuzzy Hash: 8622B072E00119EFCF19DFA8DC51AAEBBB5FF48310F154229F855BB292DB7099018B91

Function 0016B340 Relevance: 3.4, APIs: 2, Instructions: 450COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
Instruction ID: b735308f7867f377219d65487ddd3f6d8a73f3913d0b179c7cbde2e8e4fd41a4
Opcode Fuzzy Hash: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
Instruction Fuzzy Hash: E5F11C71E052199FDF14CFA8C8D06ADBBB1FF88314F258269D819EB385D731AA51CB90

Function 001770B4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,00165A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480), ref: 0017703D
OutputDebugStringW.KERNEL32(?,?,00165A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480,?), ref: 00177054

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: DebugDebuggerOutputPresentString
String ID:
API String ID: 4086329628-0
Opcode ID: 42d156a6833716a7e84f958e45fb8111f248af1b50aa848ab769c366ce2259fa
Instruction ID: 2902c323badf8dad4cf0f09e1175afc889f3586296c912013c605fa15f51b40b
Opcode Fuzzy Hash: 42d156a6833716a7e84f958e45fb8111f248af1b50aa848ab769c366ce2259fa
Instruction Fuzzy Hash: F4018F3114821A679A206AA19C46F7B3BB9AF17361F29C401F90DC61D1DB22C91195B2

Function 001714AF Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001714AA,?,?,00000008,?,?,00180D68,00000000), ref: 001716DC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: bfbca9aac333315a214e0b6fa4e68fe865d090ddc1d31aabc886b5689ce89e80
Instruction ID: 965688ccdf902948498f4ec0beb58dc1eab6bd2268d1263651cc625711c10009
Opcode Fuzzy Hash: bfbca9aac333315a214e0b6fa4e68fe865d090ddc1d31aabc886b5689ce89e80
Instruction Fuzzy Hash: F2B12835610609EFD719CF2CC486AA57BB1FF45364F29C658E89ACF2A1C335EA91CB40

Function 00159215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0015922B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 1d7de7202674779c691bed3b0eef1004d25579390b9b4f4bc89eb43376cc11d6
Instruction ID: 525b320e790685f7ee816fe8fe516c60207c85394f6a0f09dfc9977dc14dd1c3
Opcode Fuzzy Hash: 1d7de7202674779c691bed3b0eef1004d25579390b9b4f4bc89eb43376cc11d6
Instruction Fuzzy Hash: F451ACB1A02215DFEB14CF65D8857AABBF0FB48311F24846AC815EB2A0E374DD84CF51

Function 0012F150 Relevance: 1.6, Strings: 1, Instructions: 342COMMON

Download Yara Rule

Strings

1.3.6.1.4.1.311.2.4.1, xrefs: 0012F1A3

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: 1.3.6.1.4.1.311.2.4.1
API String ID: 0-146536318
Opcode ID: ef814cfb4b47f4f0045a6e80db78344220bbbe0c387d60f3104c5d068bf2ebd9
Instruction ID: 2a48146fef09f1de320b34573a53b248e1a2ea8b493ebb03b9544621d969a11f
Opcode Fuzzy Hash: ef814cfb4b47f4f0045a6e80db78344220bbbe0c387d60f3104c5d068bf2ebd9
Instruction Fuzzy Hash: 17D15871D00229DFCB24DF64E885BAEBBB5FF49714F1041A9E819A7380D730AA55CFA0

Function 0017CCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

Part of subcall function 00171CA9: _free.LIBCMT ref: 00171D0B
Part of subcall function 00171CA9: _free.LIBCMT ref: 00171D41

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0017CD34

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast_free$InfoLocale
String ID:
API String ID: 2003897158-0
Opcode ID: 6a985492c0fbc60ece5d35990acb124986a40dd6f4c63fbba6e8e08cf6b1e1a8
Instruction ID: f97c7d0e0a6614ccb5af7a8d9e1d0d576b80342d0c00520628e55b1a6ca43498
Opcode Fuzzy Hash: 6a985492c0fbc60ece5d35990acb124986a40dd6f4c63fbba6e8e08cf6b1e1a8
Instruction Fuzzy Hash: 6021C572610206ABDB289AA9DC42ABA7BBDEF54300F10807EFD0AD6141EB34DD4487D0

Function 0017C952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

EnumSystemLocalesW.KERNEL32(0017CA80,00000001,00000000,?,-00000050,?,0017D0BB,00000000,?,?,?,00000055,?), ref: 0017C9C4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: ed634b50ada41729088b48bc10beaa71bf98be933fc6d2ce08ba4fa1f90da88f
Instruction ID: a1abdfb0f14e55ae6bde95f1ef901910e8c9f1ceb12943cc171c6a8a4a70418f
Opcode Fuzzy Hash: ed634b50ada41729088b48bc10beaa71bf98be933fc6d2ce08ba4fa1f90da88f
Instruction Fuzzy Hash: 1B11E9372007059FDB189F79C89157AB7A1FF84359B14843DEA4B97A40D771B942C780

Function 0017CF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0017CC9C,00000000,00000000,?), ref: 0017CF38

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 1eb9566f2574fbf38d67e092212845dfbfaa88a475406d32c09cf087b42ba10e
Instruction ID: 6354647106b843e453498998f8ed261377dfe41777d99aaf7e8c866579c3f988
Opcode Fuzzy Hash: 1eb9566f2574fbf38d67e092212845dfbfaa88a475406d32c09cf087b42ba10e
Instruction Fuzzy Hash: EAF0A932500115BBDB289765DC05BBA7B79EB40754F15842DED19A3180EB74FE41C5D0

Function 0017C9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

EnumSystemLocalesW.KERNEL32(0017CCE0,00000001,?,?,-00000050,?,0017D07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0017CA37

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 01f3b950d35bcb0d5e328bc0eb45edef435aa47800823aa4f03f8986679179ff
Instruction ID: 5280773ac4e06a1950da837679154c2c3109bd21693baa7cc781e4f3fb2b66c0
Opcode Fuzzy Hash: 01f3b950d35bcb0d5e328bc0eb45edef435aa47800823aa4f03f8986679179ff
Instruction Fuzzy Hash: 77F0F6362003085FDB15DF79DC81A7ABBA5EF81368B05C42DF9498B690E771AD41C690

Function 0017C907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

EnumSystemLocalesW.KERNEL32(0017C860,00000001,?,?,?,0017D0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0017C93E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 0c6811331629ce0686f6602805ec79a663c2ce212d7a189cf8df693b6a967a16
Instruction ID: a5643aab2ba4f1fc4436dff4199be7ab340e99da3236117bce84a6e6f574d60a
Opcode Fuzzy Hash: 0c6811331629ce0686f6602805ec79a663c2ce212d7a189cf8df693b6a967a16
Instruction Fuzzy Hash: D8F0E53670020557CB159F7ADC4666ABFA4EFC1B64B06805EFA098B651C7719A42C790

Function 001745DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00170C61,?,20001004,00000000,00000002,?,?,0017024C), ref: 0017460E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 9021876289c5ad12dd4579c929c3c7d7612efe49d7952d856a60ba09dcb32d1d
Instruction ID: bdb4a05cdd88cdebd8552e66e955908b2eb2389897302f7973e782c252037121
Opcode Fuzzy Hash: 9021876289c5ad12dd4579c929c3c7d7612efe49d7952d856a60ba09dcb32d1d
Instruction Fuzzy Hash: 95E04F31540128BBCF126F60EC04E9E3E79FF55761F028411FD1966221CB318961AAD4

Function 00159586 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000895A0,00158A95), ref: 0015958B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 93f0ed856c908c65f477cfd1f85d55da9c8302d710d502360a11358f4bcc2b91
Instruction ID: f3d3e5cf5852ae511bfa6e59e89a6e56e06e710015ae50638a0b1c7c0bce4996
Opcode Fuzzy Hash: 93f0ed856c908c65f477cfd1f85d55da9c8302d710d502360a11358f4bcc2b91
Instruction Fuzzy Hash:

Function 00160B4B Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

0, xrefs: 00160CE3

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 5bc61374a1c59d7e959c34cdc8f724b993fd4a7992fc3f5e9b176fe92d8915df
Instruction ID: e3cd9833c36acf708ef1c1f9881e52755e47689ec562f0a9f394efc2fe9ceb81
Opcode Fuzzy Hash: 5bc61374a1c59d7e959c34cdc8f724b993fd4a7992fc3f5e9b176fe92d8915df
Instruction Fuzzy Hash: 6E616B70600709AADB3A9A688C91BBF73A5EF5D704F14466DE883DB2C1DB619DA1C305

Function 00160919 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00160A95

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
Instruction ID: cc2be4edef507f0e52a96d50b76733eda617c35bcd26bfe38ed189fd58116583
Opcode Fuzzy Hash: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
Instruction Fuzzy Hash: 7C51AB3160074866FF3B89688D857BF679B9B1E348F18451ED88AE7283D7119E74C342

Function 001347C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

:, xrefs: 0013484D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: 238e278610db25795a66644fb0a71c7a4759701867ebd4beb9b09851c3b2a6c0
Instruction ID: 42698b326c8b55450f7b224a90f212794781955bc864399b888d9f6b43160dea
Opcode Fuzzy Hash: 238e278610db25795a66644fb0a71c7a4759701867ebd4beb9b09851c3b2a6c0
Instruction Fuzzy Hash: 03410BA7A01248EFEB018E5998937DFFBA4DB76704F44409DD8042B383D665A70BC7A2

Function 000E463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 001588FA: EnterCriticalSection.KERNEL32(001D742C,?,?,?,000F402B,001D827C,428E8EC3,?,000F1171,?), ref: 00158905
Part of subcall function 001588FA: LeaveCriticalSection.KERNEL32(001D742C,?,?,?,000F402B,001D827C,428E8EC3,?,000F1171,?), ref: 00158942

GetProcessHeap.KERNEL32(?,?,?,000EE97C,428E8EC3,?,?,?,?,00189590,000000FF), ref: 000E4676

Part of subcall function 001588B0: EnterCriticalSection.KERNEL32(001D742C,?,?,000F4086,001D827C,001968E0,?), ref: 001588BA
Part of subcall function 001588B0: LeaveCriticalSection.KERNEL32(001D742C,?,?,000F4086,001D827C,001968E0,?), ref: 001588ED
Part of subcall function 001588B0: RtlWakeAllConditionVariable.NTDLL ref: 00158964

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
String ID:
API String ID: 325507722-0
Opcode ID: 526a24274bc2c2f024092ff772d0d5540e061f4028f27514edface77c7dae69b
Instruction ID: 9bf75c2ec6986187b7a4bed56bfddd4d4719febb31f77a25dd80137ffae715ce
Opcode Fuzzy Hash: 526a24274bc2c2f024092ff772d0d5540e061f4028f27514edface77c7dae69b
Instruction Fuzzy Hash: 4E118231517600EFD750AB29ED0670677E0A755326F18422BF618E7BA1DF7868CC8B25

Function 00174619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

Strings

GetSystemTimePreciseAsFileTime, xrefs: 00174629

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: GetSystemTimePreciseAsFileTime
API String ID: 0-595813830
Opcode ID: 419a4987fa60a06952840b7b7ead684f07b8f6ae50b3a7e91dde3f530df8b88b
Instruction ID: c0ad73c4d5a5615fc9c344ec61bedb6b8af3df1daa16d8adb5f831c2229dcda4
Opcode Fuzzy Hash: 419a4987fa60a06952840b7b7ead684f07b8f6ae50b3a7e91dde3f530df8b88b
Instruction Fuzzy Hash: D4E0C232780224B3C22076A0EC06EAEBE94DB50BB1F440123FA0866A5297B1585086D9

Function 001868E0 Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
Instruction ID: 376d7daca5838c92f07200c351ea84c3978355ed64f99302b4fe1e49387b4cd0
Opcode Fuzzy Hash: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
Instruction Fuzzy Hash: 8B325FB3F515145BDB0CCE5DCC927ECB3E3AF98214B0E813DA81AD7345EA78D9158A84

Function 00178609 Relevance: .6, Instructions: 637COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff6e658ed4c0a5286f523458f6543180699d5d98e9b0162269d3154cd01f1274
Instruction ID: 44f4def15d389aefce8c187febcb8cb96eb3dc82b16a1e54b98c195474f7b4c9
Opcode Fuzzy Hash: ff6e658ed4c0a5286f523458f6543180699d5d98e9b0162269d3154cd01f1274
Instruction Fuzzy Hash: 62320022E69F014DD7279634CC26336A259AFB73C5F15DB27E81AB5EA9EF28C4C34100

Function 00160DB0 Relevance: .2, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d36cb122b29826e0997162283c5de5d14a0b1633d4d20863dbaf2842b36c6468
Instruction ID: 035bc3458afa8b402e3c1e46bba4114153193ea989067d54fdc0618543ad609d
Opcode Fuzzy Hash: d36cb122b29826e0997162283c5de5d14a0b1633d4d20863dbaf2842b36c6468
Instruction Fuzzy Hash: E6615770640218ABDF3E9A288C917BFB3A5EB6D300F580D6EE842DB281D7639D75C341

Function 0016933A Relevance: .2, Instructions: 159COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
Instruction ID: 7b97eeee4e8187efcce1b8f7e59e24e3d1fdee38c478c8f0668377362c817b98
Opcode Fuzzy Hash: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
Instruction Fuzzy Hash: 06515071E00119AFDF04CFA9CD81AAEBBB6FF89314F198059E915AB241C7349E51DB90

Function 00180AB2 Relevance: .1, Instructions: 104COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57724895e5882ec5891a1b8fbf1ae226668b69608c27895d180e528886314f0
Instruction ID: dc794b449c592fe1ad1ddf1412ec8f6e9cb97addb16bc82b3aaba0794dc7a555
Opcode Fuzzy Hash: c57724895e5882ec5891a1b8fbf1ae226668b69608c27895d180e528886314f0
Instruction Fuzzy Hash: 8521B673F20439477B0CC47E8C5627DB6E1C78C501745423AE8A6EA2C1D968D917E2E4

Function 00180992 Relevance: .1, Instructions: 81COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cb6f31c867744f395171067cdb48738a9f0a2a4cbdf7864bd309aeb46824fcc
Instruction ID: 7bc6113074fbee9319003911c16170cdeadef3b47e7b78e428353bf49f77e397
Opcode Fuzzy Hash: 4cb6f31c867744f395171067cdb48738a9f0a2a4cbdf7864bd309aeb46824fcc
Instruction Fuzzy Hash: FB117323F30C295A775C816D8C172BAA6D6EBD825470F533AD826E7284E9A4DE13D290

Function 0015ADD0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 2106e3cbb30665f3309996eb4c7acbd973d9a7ba54f3e9d56efdb12e3a93e799
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 7C119B772C0082C7D618862DD8F65B7A795EFC53237AC437AC9724F714C322E90D9902

Function 00146AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00146AB6
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00146AC4
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00146AD5
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00146AE6
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00146AF7
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00146B08
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00146B19
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00146B2A
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00146B3B
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00146B4C
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00146B5D
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00146B6E
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00146B7F
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00146B90
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00146BA1
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00146BB2
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00146BC3
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00146BD4
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00146BE5
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00146BF6
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00146C07
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00146C18
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00146C29
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00146C3A
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00146C4B
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00146C5C
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00146C6D
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00146C7E
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00146C8F
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00146CA0
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00146CB1
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00146CC2
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00146CD3
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00146CE4
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00146CF5
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00146D06
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00146D17
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00146D28
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00146D39
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00146D4A
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00146D5B

Strings

CloseThreadpoolWait, xrefs: 00146BB8
GetTickCount64, xrefs: 00146C1E
FlushProcessWriteBuffers, xrefs: 00146BC9
GetSystemTimePreciseAsFileTime, xrefs: 00146C51
FlsAlloc, xrefs: 00146ABE
CreateSemaphoreExW, xrefs: 00146B41
GetCurrentPackageId, xrefs: 00146C0D
CreateSymbolicLinkW, xrefs: 00146C01
CreateSemaphoreW, xrefs: 00146B30
CloseThreadpoolTimer, xrefs: 00146B85
CreateThreadpoolWait, xrefs: 00146B96
CreateThreadpoolWork, xrefs: 00146CFB
CloseThreadpoolWork, xrefs: 00146D1D
SubmitThreadpoolWork, xrefs: 00146D0C
InitializeConditionVariable, xrefs: 00146C62
FlsGetValue, xrefs: 00146ADB
FreeLibraryWhenCallbackReturns, xrefs: 00146BDA
FlsFree, xrefs: 00146ACA
InitializeCriticalSectionEx, xrefs: 00146AFD
AcquireSRWLockExclusive, xrefs: 00146CB7
CreateThreadpoolTimer, xrefs: 00146B52
WakeAllConditionVariable, xrefs: 00146C84
GetCurrentProcessorNumber, xrefs: 00146BEB
ReleaseSRWLockExclusive, xrefs: 00146CD9
LCMapStringEx, xrefs: 00146D50
WaitForThreadpoolTimerCallbacks, xrefs: 00146B74
CompareStringEx, xrefs: 00146D2E
GetFileInformationByHandleEx, xrefs: 00146C2F
InitializeSRWLock, xrefs: 00146CA6
SetThreadpoolTimer, xrefs: 00146B63
FlsSetValue, xrefs: 00146AEC
CreateEventExW, xrefs: 00146B1F
SleepConditionVariableCS, xrefs: 00146C95
kernel32.dll, xrefs: 00146AB1
WakeConditionVariable, xrefs: 00146C73
SetFileInformationByHandle, xrefs: 00146C40
SleepConditionVariableSRW, xrefs: 00146CEA
InitOnceExecuteOnce, xrefs: 00146B0E
GetLocaleInfoEx, xrefs: 00146D3F
SetThreadpoolWait, xrefs: 00146BA7
TryAcquireSRWLockExclusive, xrefs: 00146CC8

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 64d3b6fa8126e8ca5395abf4a8894a3f548f5f728335ceab637cd14a03aba19f
Instruction ID: fcb51dd3cca6df9ee1960c11f4178766f50cc486f1d6bc41b765bdadfcf3f8b4
Opcode Fuzzy Hash: 64d3b6fa8126e8ca5395abf4a8894a3f548f5f728335ceab637cd14a03aba19f
Instruction Fuzzy Hash: D8610275E97361EBD740AFB4EC4D9563BE8BB1A705348092BF501D39A1E7F840A0CBA0

Function 0014E2B1 Relevance: 48.4, APIs: 32, Instructions: 449COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0014E2B8
ctype.LIBCPMT ref: 0014E2FF

Part of subcall function 000E3055: __Getctype.LIBCPMT ref: 000E3064

Part of subcall function 00147FAF: __EH_prolog3.LIBCMT ref: 00147FB6
Part of subcall function 00147FAF: std::_Lockit::_Lockit.LIBCPMT ref: 00147FC0
Part of subcall function 00147FAF: std::_Lockit::~_Lockit.LIBCPMT ref: 00148031

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E30D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E324
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E36B
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E39E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E3F0
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E405
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E424
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E443
collate.LIBCPMT ref: 0014E44D
__Getcoll.LIBCPMT ref: 0014E48F
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E4BA
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E4FB
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E510
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E559
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E58C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E5E7
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E643
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E696

Part of subcall function 00148203: __EH_prolog3.LIBCMT ref: 0014820A
Part of subcall function 00148203: std::_Lockit::_Lockit.LIBCPMT ref: 00148214
Part of subcall function 00148203: std::_Lockit::~_Lockit.LIBCPMT ref: 00148285

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E6B5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E707
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E74C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E761

Part of subcall function 001487D5: __EH_prolog3.LIBCMT ref: 001487DC
Part of subcall function 001487D5: std::_Lockit::_Lockit.LIBCPMT ref: 001487E6
Part of subcall function 001487D5: std::_Lockit::~_Lockit.LIBCPMT ref: 00148857

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E780

Part of subcall function 00147C31: __EH_prolog3.LIBCMT ref: 00147C38
Part of subcall function 00147C31: std::_Lockit::_Lockit.LIBCPMT ref: 00147C42
Part of subcall function 00147C31: std::_Lockit::~_Lockit.LIBCPMT ref: 00147CB3

codecvt.LIBCPMT ref: 0014E7B5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E7BF

Part of subcall function 001486AB: __EH_prolog3.LIBCMT ref: 001486B2
Part of subcall function 001486AB: std::_Lockit::_Lockit.LIBCPMT ref: 001486BC
Part of subcall function 001486AB: std::_Lockit::~_Lockit.LIBCPMT ref: 0014872D

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E677

Part of subcall function 00145688: Concurrency::cancel_current_task.LIBCPMT ref: 00145748
Part of subcall function 00145688: __EH_prolog3.LIBCMT ref: 00145755
Part of subcall function 00145688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00145781
Part of subcall function 00145688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 0014578C

Part of subcall function 00148298: __EH_prolog3.LIBCMT ref: 0014829F
Part of subcall function 00148298: std::_Lockit::_Lockit.LIBCPMT ref: 001482A9
Part of subcall function 00148298: std::_Lockit::~_Lockit.LIBCPMT ref: 0014831A

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E658

Part of subcall function 00145688: __EH_prolog3.LIBCMT ref: 0014568F
Part of subcall function 00145688: std::_Lockit::_Lockit.LIBCPMT ref: 00145699
Part of subcall function 00145688: std::_Lockit::~_Lockit.LIBCPMT ref: 0014573D

Part of subcall function 001480D9: __EH_prolog3.LIBCMT ref: 001480E0
Part of subcall function 001480D9: std::_Lockit::_Lockit.LIBCPMT ref: 001480EA
Part of subcall function 001480D9: std::_Lockit::~_Lockit.LIBCPMT ref: 0014815B

numpunct.LIBCPMT ref: 0014E6F7
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E4A3

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E7D4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypeLocinfoLocinfo::~_Makeloccodecvtcollatectypenumpunct
String ID:
API String ID: 3784148211-0
Opcode ID: 0d8e8a9c0df708a98b869eb99730e548428172b4ef551c4826e52cb41ab109f6
Instruction ID: 77ed0ad34b65a9230babc70b9e20fd51e787eb96af93a59277d9fd5740b0d990
Opcode Fuzzy Hash: 0d8e8a9c0df708a98b869eb99730e548428172b4ef551c4826e52cb41ab109f6
Instruction Fuzzy Hash: DEE1C1B0C06215AFDB256F648D46ABF3AE9FF11394F15442DF9087B2A2EB314D1097E2

Function 0014E7FF Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 415COMMON

Download Yara Rule

APIs

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

ctype.LIBCPMT ref: 0014E830

Part of subcall function 000E3055: __Getctype.LIBCPMT ref: 000E3064

Part of subcall function 00147D5B: __EH_prolog3.LIBCMT ref: 00147D62
Part of subcall function 00147D5B: std::_Lockit::_Lockit.LIBCPMT ref: 00147D6C
Part of subcall function 00147D5B: std::_Lockit::~_Lockit.LIBCPMT ref: 00147DDD

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E83E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E855
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E89C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E8CF
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E921
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E936
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E955
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E974
collate.LIBCPMT ref: 0014E97E
__Getcoll.LIBCPMT ref: 0014E9C0
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E9D4
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EABD
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EB18
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EB74
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EB89

Part of subcall function 0014816E: __EH_prolog3.LIBCMT ref: 00148175
Part of subcall function 0014816E: std::_Lockit::_Lockit.LIBCPMT ref: 0014817F
Part of subcall function 0014816E: std::_Lockit::~_Lockit.LIBCPMT ref: 001481F0

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EBA8

Part of subcall function 001483C2: __EH_prolog3.LIBCMT ref: 001483C9
Part of subcall function 001483C2: std::_Lockit::_Lockit.LIBCPMT ref: 001483D3
Part of subcall function 001483C2: std::_Lockit::~_Lockit.LIBCPMT ref: 00148444

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EBC7

Part of subcall function 0014832D: __EH_prolog3.LIBCMT ref: 00148334
Part of subcall function 0014832D: std::_Lockit::_Lockit.LIBCPMT ref: 0014833E
Part of subcall function 0014832D: std::_Lockit::~_Lockit.LIBCPMT ref: 001483AF

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EBE6
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EC38
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EC7D

Part of subcall function 0014DDD2: __EH_prolog3.LIBCMT ref: 0014DDD9
Part of subcall function 0014DDD2: _Getvals.LIBCPMT ref: 0014DE2B
Part of subcall function 0014DDD2: _Mpunct.LIBCPMT ref: 0014DE66
Part of subcall function 0014DDD2: _Mpunct.LIBCPMT ref: 0014DE80

Part of subcall function 00148044: __EH_prolog3.LIBCMT ref: 0014804B
Part of subcall function 00148044: std::_Lockit::_Lockit.LIBCPMT ref: 00148055
Part of subcall function 00148044: std::_Lockit::~_Lockit.LIBCPMT ref: 001480C6

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EA41

Part of subcall function 00145688: Concurrency::cancel_current_task.LIBCPMT ref: 00145748
Part of subcall function 00145688: __EH_prolog3.LIBCMT ref: 00145755
Part of subcall function 00145688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00145781
Part of subcall function 00145688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 0014578C

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014E9EB

Part of subcall function 00145688: __EH_prolog3.LIBCMT ref: 0014568F
Part of subcall function 00145688: std::_Lockit::_Lockit.LIBCPMT ref: 00145699
Part of subcall function 00145688: std::_Lockit::~_Lockit.LIBCPMT ref: 0014573D

Part of subcall function 00147F1A: __EH_prolog3.LIBCMT ref: 00147F21
Part of subcall function 00147F1A: std::_Lockit::_Lockit.LIBCPMT ref: 00147F2B
Part of subcall function 00147F1A: std::_Lockit::~_Lockit.LIBCPMT ref: 00147F9C

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EA2C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0014EA8A

Strings

u{jD, xrefs: 0014EC0A

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Mpunct$Concurrency::cancel_current_taskGetcollGetctypeGetvalsLocinfoLocinfo::~_Makeloccollatectype
String ID: u{jD
API String ID: 207879573-4045313965
Opcode ID: 831c5ea10e99b08b3529eec4e092b5e3091e9a7808087eb2083d9bc14f765f14
Instruction ID: 1219b3987abb7e20015f31f6e32cda627b44e32f45a70cd0d06006a9de318d4b
Opcode Fuzzy Hash: 831c5ea10e99b08b3529eec4e092b5e3091e9a7808087eb2083d9bc14f765f14
Instruction Fuzzy Hash: C0D1DFB0C06216AFDB256F648946ABF7AE9FF11354F154429F9087B2A2EB304D1097E2

Function 00130780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON

Download Yara Rule

Strings

Failed to extract cab (%s), xrefs: 001309D2
DeleteFile, xrefs: 0013086B
invalid substitutor, xrefs: 001307C5
DestDir, xrefs: 00130813
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 001308E5, 00130962, 001309A7, 001309DE, 00130A19, 00130A49
NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 0013095D, 001309A2, 001309D9, 00130A14
NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 001308E0, 00130A44
Failed to delete src cab (%d), xrefs: 00130A0D
Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 00130A31
Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 00130A3D, 00130A42
Unable to create destination directory (%d), xrefs: 0013099B
Source, xrefs: 001307D1
Failed to parse DeleteFile as a boolean - default to false, xrefs: 001308D9
Unable to verify signature for file: %s, xrefs: 00130956
Unable to substitute DeleteFile attribute, xrefs: 001308BC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create destination directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
API String ID: 0-2605792675
Opcode ID: 233370a2d57a170fa49c2deebe5de584fa42d6b93ef16e01c84460411733d9e2
Instruction ID: d33352fcdd619abfa41b162a4c87f4ab72e46649d85b456b49357735d86f4d1c
Opcode Fuzzy Hash: 233370a2d57a170fa49c2deebe5de584fa42d6b93ef16e01c84460411733d9e2
Instruction Fuzzy Hash: BD91F274A40304ABDB15DF94DC66BFEBBB5AF29704F000029F405772C2DB75A988CBA1

Function 000FA118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON

Download Yara Rule

APIs

Part of subcall function 000FDE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FDF0C

__Mtx_unlock.LIBCPMT ref: 000FA143
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FA1AA

Part of subcall function 000FE0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE161

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 000FA1C1
CloseHandle.KERNEL32(?), ref: 000FA1DD
CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 000FA24C
CloseHandle.KERNEL32(?), ref: 000FA268
ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 000FA410
GetLastError.KERNEL32(?,00000001), ref: 000FA46F

Strings

Failed to initialize event sender, xrefs: 000FA180
Failed to create event semaphore, xrefs: 000FA2A8
Failed to create stop event, xrefs: 000FA21D
Failed to release semaphore. Error: , xrefs: 000FA44F
E, xrefs: 000FA29C
V, xrefs: 000FA443

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
API String ID: 1380281556-3274429967
Opcode ID: 3e39cfaee082ee31ce48520363a598a6eed70dbf5e2a2a14d153b5cc8bc6f262
Instruction ID: a232fad610f4b654b765a67c511ce8d84d96259bd14cdc4c8994750b8ef0e452
Opcode Fuzzy Hash: 3e39cfaee082ee31ce48520363a598a6eed70dbf5e2a2a14d153b5cc8bc6f262
Instruction Fuzzy Hash: DAB1D4B0A00209DFDB14EFA4CC56BFEB7B5FF55300F004169E91967682EB716A49CB92

Function 00130FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,428E8EC3,000000FF,00000000,00000000,0018DF30,000000FF), ref: 00130FE8
GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00130FF8
CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,428E8EC3,000000FF,00000000,00000000,0018DF30,000000FF), ref: 00131037
GetLastError.KERNEL32 ref: 00131058
GetFileSize.KERNEL32(?,?), ref: 00131088
CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 0013109C
MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 001310D9
CloseHandle.KERNEL32(?), ref: 001310F0

Strings

kernel32.dll, xrefs: 00130FE3
Failed to map file to memory, xrefs: 00131101
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 0013106B, 0013110D
NWebAdvisor::CFileMemMap::Init, xrefs: 00131066, 00131108
CreateFileTransactedW, xrefs: 00130FF2
Failed to open the file: %d, xrefs: 0013105F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
API String ID: 2423579280-2843467768
Opcode ID: da007475f09270447956db70df88e13a17631b79d47e7a7487ed2173e33e8691
Instruction ID: 4dfc3b5bd6f00ee98b18f9eccb05aedee5bed1cfff6b5651bfe2d19603d5d43b
Opcode Fuzzy Hash: da007475f09270447956db70df88e13a17631b79d47e7a7487ed2173e33e8691
Instruction Fuzzy Hash: FA41D870740301BFEB249F60DC46FAAB7E4BB18B10F104625FA15E76C0D7B4A980CB94

Function 00132FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,428E8EC3), ref: 001330F1
RegCloseKey.ADVAPI32(00000008), ref: 0013317C

Strings

Invalid substitutor, xrefs: 00133005
Key, xrefs: 00133013
Name, xrefs: 00133055
Error (%d) deleting registry value (%s) in key: %s, xrefs: 0013319D
Error opening HKLM registry key: %d, xrefs: 001330FC
NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 00133103, 0013315E, 001331A4, 001331CC
Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 00133157
Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 001331C5
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 00133108, 00133163, 001331A9, 001331D1
Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 001331BC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseOpen
String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
API String ID: 47109696-1081640057
Opcode ID: d8998ed2da15f26e982e58cd0bd6a5f20fdfe6b3f631ac295a27e20260e8f71a
Instruction ID: ae57eb2931f4c7cfd991e8254b2b0edc2bf9f5915f820a4a5e7ad15481b320f2
Opcode Fuzzy Hash: d8998ed2da15f26e982e58cd0bd6a5f20fdfe6b3f631ac295a27e20260e8f71a
Instruction Fuzzy Hash: 3451C170A41208ABDB14DF90CC9ABAEBBB9EF15B04F540519F511772C2DBB0AA44CBA5

Function 00118400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,001CF278,00000023,00000001,00000004,00000000,00000000), ref: 00118462
CreateDirectoryW.KERNEL32(001CF278,00000000), ref: 00118491
GetLastError.KERNEL32 ref: 0011849D
CreateDirectoryW.KERNEL32(001CF278,00000000), ref: 001184C5
GetLastError.KERNEL32 ref: 001184CB
GetModuleFileNameW.KERNEL32(?,00000104), ref: 001184FC
StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 00118511
CreateDirectoryW.KERNEL32(001CF278,00000000), ref: 0011852E
GetLastError.KERNEL32 ref: 00118534
GetTickCount.KERNEL32 ref: 001185B9

Strings

\log.txt, xrefs: 00118556
%uFile:%sFunction:%sLine:%d, xrefs: 001185C5
\McAfee\, xrefs: 00118470

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
API String ID: 922589859-3713371193
Opcode ID: 850cf9ee8acbee307ab7e7f58b8c8d549346348363ea4abaf8e95cce26da5d44
Instruction ID: 2f2414cbeeb2c7688c7bddda6bf74e7288a7dad9053a134464ab10cdfd99df5d
Opcode Fuzzy Hash: 850cf9ee8acbee307ab7e7f58b8c8d549346348363ea4abaf8e95cce26da5d44
Instruction Fuzzy Hash: B351D875A80308ABDF209F64DC46FDA77A5EF64B00F1041B9F908B7592CBB0D9C18BA1

Function 0016CE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0016CECF
_free.LIBCMT ref: 0016CEE5
_free.LIBCMT ref: 0016CEF8
_free.LIBCMT ref: 0016CF0D
_free.LIBCMT ref: 0016CF22
GetCPInfo.KERNEL32(?,?), ref: 0016CF6C

Part of subcall function 0017826E: _free.LIBCMT ref: 001782D9

_free.LIBCMT ref: 0016D1D7
_free.LIBCMT ref: 0016D1EA
_free.LIBCMT ref: 0016D1F8
_free.LIBCMT ref: 0016D203
_free.LIBCMT ref: 0016D245
_free.LIBCMT ref: 0016D24D
_free.LIBCMT ref: 0016D253
_free.LIBCMT ref: 0016D25B
_free.LIBCMT ref: 0016D269

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 207a4ece0bbe699b389b967d84b1c5439e67a864b7ca10304a81b49c11e794c7
Instruction ID: bd3c0cd0b55426e27fda044e81cb82b2e73d0a8ff7089667d58bac4ae3076cea
Opcode Fuzzy Hash: 207a4ece0bbe699b389b967d84b1c5439e67a864b7ca10304a81b49c11e794c7
Instruction Fuzzy Hash: A2D17CB1E002059FDB21DFB9C881BAEBBB5BF19300F144169F899A7282D771A955CB60

Function 000FE843 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 319COMMON

Download Yara Rule

APIs

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FE8A8

Strings

Failed to create access token, xrefs: 000FE881
HTTP receive response failed for Azure: , xrefs: 000FEAE7
Authorization: , xrefs: 000FE8EB
`ato, xrefs: 000FED4B, 000FEDF6
HTTP send request failed for Azure: , xrefs: 000FEB62
HTTP status error for Azure: , xrefs: 000FEA71

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure: $`ato
API String ID: 539357862-423899989
Opcode ID: e0be58e539ce22abce3f39b1d3df00284600de36db454508633b069adce68e66
Instruction ID: 8b4d17e4377c531850dc4bffb57eebd0df164507a199f16e7c6f3fb2aa2c0c4a
Opcode Fuzzy Hash: e0be58e539ce22abce3f39b1d3df00284600de36db454508633b069adce68e66
Instruction Fuzzy Hash: 0DD1B37090129DCFDB24DB60DE45BEDB3B8AF54304F5044E8E509A7692DB70AB88DF91

Function 00133300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(00000000), ref: 00133545

Strings

Invalid substitutor, xrefs: 00133335
Unable to read Key for DEL_REG_TREE command, xrefs: 00133462
Key, xrefs: 00133359
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp, xrefs: 00133341, 0013346E, 001334A0, 001334EB, 0013352C, 00133583
Cannnot delete registry key. Not found: %s, xrefs: 00133520
Error (%d) deleting registry key tree: %s, xrefs: 00133577
Error opening HKLM registry key: %d, xrefs: 001334DF
NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 0013333C, 00133469, 0013349B, 001334E6, 00133527, 0013357E
Unable to substitute variables for the DEL_REG_TREE command, xrefs: 00133494

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Close
String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
API String ID: 3535843008-3762851336
Opcode ID: ce566a3fc420bd34ac8d01ad9b8166f27433bb457cc826b69e513cb5d36638e2
Instruction ID: 6b60e591c2ca90bf4a1bbcb7af73a473799ed8f87117557149bad6a461e1cf75
Opcode Fuzzy Hash: ce566a3fc420bd34ac8d01ad9b8166f27433bb457cc826b69e513cb5d36638e2
Instruction Fuzzy Hash: CF710231E44204EBDF14DF54C886BADBBB5BF15B10F948519F8257B2C2DB70AA84CBA4

Function 001587E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(001D742C,00000FA0,?,?,001587C5), ref: 001587F3
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,001587C5), ref: 001587FE
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,001587C5), ref: 0015880F
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00158821
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0015882F
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,001587C5), ref: 00158852
DeleteCriticalSection.KERNEL32(001D742C,00000007,?,?,001587C5), ref: 00158875
CloseHandle.KERNEL32(00000000,?,?,001587C5), ref: 00158885

Strings

SleepConditionVariableCS, xrefs: 0015881B
kernel32.dll, xrefs: 0015880A
WakeAllConditionVariable, xrefs: 00158827
api-ms-win-core-synch-l1-2-0.dll, xrefs: 001587F9

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: f1eb0828174966539f36af190e5d22c777e30d80b307c3d12aeff3872635318d
Instruction ID: aba354a23e1d30333ee8c61db1e96f0b8ea986c7e7caad5699724442d48c5b4b
Opcode Fuzzy Hash: f1eb0828174966539f36af190e5d22c777e30d80b307c3d12aeff3872635318d
Instruction Fuzzy Hash: EF01B531B45311EBD7215B74FC49A1A3FD8EB40B06B080437FD15E75A0EFB08890C621

Function 00120950 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 244fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00120490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 001204AA
Part of subcall function 00120490: GetLastError.KERNEL32 ref: 001204B8

CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 00120BB5
GetLastError.KERNEL32 ref: 00120BC2

Strings

NWebAdvisor::NUtils::StoreBufferInFile, xrefs: 0012099E, 00120BDF, 00120C3B
WriteFile failed: %d, xrefs: 00120C31
\, xrefs: 00120AF1
CreateFile failed for %s: %d, xrefs: 00120BD5
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp, xrefs: 001209A3, 00120BE4, 00120C40
CreateDir failed for %s, xrefs: 00120994

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CreateErrorLast$DirectoryFile
String ID: CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
API String ID: 1552088572-2321083101
Opcode ID: cb94edc48d8415de5e1af4356415deeb3151c629d0fc2d4499e4861f18c83054
Instruction ID: 02866f10be8ce69376651998b32dfd6863050b93b4a0fc17765e54541901cdde
Opcode Fuzzy Hash: cb94edc48d8415de5e1af4356415deeb3151c629d0fc2d4499e4861f18c83054
Instruction Fuzzy Hash: D0A1BD70E00358DEDF05DFA4CC49BEEBBB4AF58314F144219E905B7192EBB06A85CBA1

Function 0017B0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0017B118
_free.LIBCMT ref: 0017B13C
_free.LIBCMT ref: 0017B149
_free.LIBCMT ref: 0017B16E
_free.LIBCMT ref: 0017B17B
_free.LIBCMT ref: 0017B184
_free.LIBCMT ref: 0017B45F
_free.LIBCMT ref: 0017B467

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: bd64f26dbb9902328b6fbc441a28c20b3647e1f8bf488dad40e055ab1ba18d8e
Instruction ID: a60138e02af83215626ffbc4077e81203061cfb2e465e52169674f91802d51a6
Opcode Fuzzy Hash: bd64f26dbb9902328b6fbc441a28c20b3647e1f8bf488dad40e055ab1ba18d8e
Instruction Fuzzy Hash: 51C13576E44204BFDB20DBA8DC86FDE77F8AF18704F148165FA49EB282D77099418760

Function 001191A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,001BA536,00000003), ref: 001191C9
FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 001191DE
LoadResource.KERNEL32(00000000,00000000), ref: 001191EE
LockResource.KERNEL32(00000000), ref: 001191FD

Strings

Failed to format version, xrefs: 00119275
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 00119284, 0011933B
kernel32.dll, xrefs: 001191B8
Failed to retrieve kernel verison, xrefs: 0011932C
NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 0011927F, 00119336
%d.%d.%d.%d, xrefs: 0011925E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Resource$FindHandleLoadLockModule
String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
API String ID: 3968257194-3470154288
Opcode ID: cd089a55a5d2cc68b70136e8a03405db56933023d2fb069e91508ab53687365a
Instruction ID: b1cbc80bf3a213b17480ac6bd930d8df741555f5c173f465818e9b8f2bb06428
Opcode Fuzzy Hash: cd089a55a5d2cc68b70136e8a03405db56933023d2fb069e91508ab53687365a
Instruction Fuzzy Hash: 97510874A003149BDB289F75CC55BABB7B4FF04704F4005ADF929AB6C2D771AA81CB90

Function 0015C338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 0015C435
type_info::operator==.LIBVCRUNTIME ref: 0015C457
___TypeMatch.LIBVCRUNTIME ref: 0015C566
IsInExceptionSpec.LIBVCRUNTIME ref: 0015C638
_UnwindNestedFrames.LIBCMT ref: 0015C6BC
CallUnexpected.LIBVCRUNTIME ref: 0015C6D7

Strings

csm, xrefs: 0015C48E
csm, xrefs: 0015C375
csm, xrefs: 0015C3E2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 6ec8d7b7a14f1443f969f528c4fd0c6b9764bbe250368d877699d5e73f64d072
Instruction ID: 002430809ee3f07b2e644eafa94f1566675dc0a867218e29490234be0005886c
Opcode Fuzzy Hash: 6ec8d7b7a14f1443f969f528c4fd0c6b9764bbe250368d877699d5e73f64d072
Instruction Fuzzy Hash: 8FB12F71900309EFCF28DFA4C8819AEBBB5BF24316B10415AEC256F212D371EA59CBD1

Function 000F69A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON

Download Yara Rule

APIs

DeviceIoControl.KERNEL32(428E8EC3,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 000F69E9
CloseHandle.KERNEL32(428E8EC3,?,?,00000000), ref: 000F69FB
DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 000F6A2A
CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 000F6A3D
GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 000F6A8B
GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 000F6A9E
FreeLibrary.KERNEL32(00000000), ref: 000F6AB8

Strings

NotComDllUnload, xrefs: 000F6A95
mfeaaca.dll, xrefs: 000F6A84

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
String ID: NotComDllUnload$mfeaaca.dll
API String ID: 2321898493-1077453148
Opcode ID: e7611408ea45c1f47a77adb02acf0311b5ecae80704b4e335c3bb619737c2ffc
Instruction ID: fc8cfc2eee0b7bea53c9300697ad1a51504425b0df983e932f629d15584a1e7b
Opcode Fuzzy Hash: e7611408ea45c1f47a77adb02acf0311b5ecae80704b4e335c3bb619737c2ffc
Instruction Fuzzy Hash: 87316D71300304ABDB24DF24DC89B2A7BE8AF44B10F184619FA15AB6D0DB71ED44CEA2

Function 00145822 Relevance: 15.2, APIs: 10, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00145853
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00145866
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 001458AB
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 001458DF
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00145933
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00145946
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00145963
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00145980
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 001459BD
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 001459D0

Part of subcall function 0010C930: __Getctype.LIBCPMT ref: 0010C948

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddfacLocimp::_Locimp_std::locale::_$Lockitstd::_$GetctypeLockit::_Lockit::~_
String ID:
API String ID: 1152065138-0
Opcode ID: 03e8d57ce353f32706877e984dc35cd7c187b7ed830423117bdf6851eca68ad0
Instruction ID: d13e5152af635e7a15e148c3c0b7e6efc41bba16997ba795050974d7869a313b
Opcode Fuzzy Hash: 03e8d57ce353f32706877e984dc35cd7c187b7ed830423117bdf6851eca68ad0
Instruction Fuzzy Hash: 4A51F5B1D06605AFDB157B618C46EBF39ADEF62364F514419F908A7293EF74890082F2

Function 00134280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0013431B
GetLastError.KERNEL32 ref: 0013437E
GetLastError.KERNEL32 ref: 001343CB

Strings

Unable to set proxy option, error: %d, xrefs: 001343CE
NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 00134325
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 0013432A, 0013438D, 001343DD
# SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 00134381
# SetAutoProxy: Can't get proxy. Err: %d, xrefs: 0013431E
NWebAdvisor::CHttpTransaction::Connect, xrefs: 001343D8
NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 00134388

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast
String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
API String ID: 1452528299-2881327693
Opcode ID: 944910919be2aaa4e52fa4542a2845b9e6b28bfea1af592d44f05c067b0d1f81
Instruction ID: 3a68e62469a6651357845aa2a30d6128d71ad51c2b5535d8d665119e5a2780f1
Opcode Fuzzy Hash: 944910919be2aaa4e52fa4542a2845b9e6b28bfea1af592d44f05c067b0d1f81
Instruction Fuzzy Hash: 10417F75A40319EFEB10DFA4CC85BAEBBF8FF18704F00811AE914A7281D7B5A944CB65

Function 0015E00A Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0015E3E7

Strings

f, xrefs: 0015E111
p, xrefs: 0015E118
p, xrefs: 0015E15E
f, xrefs: 0015E0F5
f, xrefs: 0015E157
p, xrefs: 0015E0FC
:, xrefs: 0015E0CC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: __aulldvrm
String ID: :$f$f$f$p$p$p
API String ID: 1302938615-1434680307
Opcode ID: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
Instruction ID: 95523fa0b27c100e9a7cd5826e636311e818e8802792dcb25394e9cc5a20dab8
Opcode Fuzzy Hash: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
Instruction Fuzzy Hash: 1C026C79E00218DADF288FA4D4946EDB7F6BB04B16FA44156E835BF280E7705F8C8B15

Function 00156940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00156947

Part of subcall function 0010C960: std::_Lockit::_Lockit.LIBCPMT ref: 0010C995
Part of subcall function 0010C960: std::_Lockit::_Lockit.LIBCPMT ref: 0010C9B7
Part of subcall function 0010C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0010C9D7
Part of subcall function 0010C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0010CAB1

Strings

:AM:am:PM:pm, xrefs: 00156CAD
%I : %M : %S %p, xrefs: 00156CA2
%H : %M : %S, xrefs: 00156AE0
%d / %m / %y, xrefs: 00156C7D
%m / %d / %y, xrefs: 00156A3E
%b %d %H : %M : %S %Y, xrefs: 00156BD5
%H : %M, xrefs: 00156A86

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
API String ID: 1383202999-2891247106
Opcode ID: 44e8afecd261cd29c347903dc0bffcb969d62c9498401a5a9c97c75226b43878
Instruction ID: e8e0aef0f34578384d311178405eb5cc0821f78e8a7d11811627ed8488065ef3
Opcode Fuzzy Hash: 44e8afecd261cd29c347903dc0bffcb969d62c9498401a5a9c97c75226b43878
Instruction Fuzzy Hash: 79B1DC7160010AEBCF19DF68C955DFE3BB9EB24306F454119FD62AB291D7318A18CBA0

Function 00151610 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00151617

Part of subcall function 00147DF0: __EH_prolog3.LIBCMT ref: 00147DF7
Part of subcall function 00147DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00147E01
Part of subcall function 00147DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00147E72

Strings

:AM:am:PM:pm, xrefs: 0015197D
%I : %M : %S %p, xrefs: 00151972
%H : %M : %S, xrefs: 001517B0
%d / %m / %y, xrefs: 0015194D
%m / %d / %y, xrefs: 0015170E
%b %d %H : %M : %S %Y, xrefs: 001518A5
%H : %M, xrefs: 00151756

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
API String ID: 1538362411-2891247106
Opcode ID: a0da028673009515712ad425c411087dceaab1b63302af5e83dbd614c8dc3ca6
Instruction ID: 2650d16c28bef1c5fcf949823f89c6df036c9363c1e83ff0e2b6b4d46ed5708a
Opcode Fuzzy Hash: a0da028673009515712ad425c411087dceaab1b63302af5e83dbd614c8dc3ca6
Instruction Fuzzy Hash: 06B18D7690010AFFCF1ADF68C965EFE3BA9FB19306F054119FD22AA251D3318A18DB51

Function 00130C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,428E8EC3,00000000), ref: 00130E20
GetLastError.KERNEL32 ref: 00130E2E

Part of subcall function 00130FA0: GetModuleHandleW.KERNEL32(kernel32.dll,428E8EC3,000000FF,00000000,00000000,0018DF30,000000FF), ref: 00130FE8
Part of subcall function 00130FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00130FF8
Part of subcall function 00130FA0: GetLastError.KERNEL32 ref: 00131058

Part of subcall function 00118650: std::locale::_Init.LIBCPMT ref: 0011882F

Strings

NWebAdvisor::CCabParser::GetContentFile, xrefs: 00130D9B, 00130E3C
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00130DA0, 00130E41, 00130F11
Unable to create destination directory (%d), xrefs: 00130D94
Failed to load cab %s, xrefs: 00130F05
NWebAdvisor::CCabParser::LoadCabFile, xrefs: 00130F0C
CreateFile failed: %d, xrefs: 00130E35

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create destination directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
API String ID: 1808632809-3418505487
Opcode ID: 3b9bceb6e39bd7f0c22aae5c8cfbb5589875d1c191323515f4914c7ee111a6b5
Instruction ID: 537217167b88fd88e71ccb8907cfc54db461a7f1d7673b77708c6080b6c2be79
Opcode Fuzzy Hash: 3b9bceb6e39bd7f0c22aae5c8cfbb5589875d1c191323515f4914c7ee111a6b5
Instruction Fuzzy Hash: 2691C271A00208EFDB14DFA4D956FEEB7B8EF18700F608529F515B7182DB71AA05CB60

Function 0017F5F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23139ab4223b976bea90076469907089423854d950734d267ad2e79042ddebc2
Instruction ID: 80c69982f2540b7ffecb83ab599e6c5657b715538df0bf4488977f66f95d53fe
Opcode Fuzzy Hash: 23139ab4223b976bea90076469907089423854d950734d267ad2e79042ddebc2
Instruction Fuzzy Hash: 2AC1D570A04245EFDF25DFA8D881BAEBBB0AF59304F14806EF9199B391D7319D42CB61

Function 0017B4F0 Relevance: 13.7, APIs: 9, Instructions: 200COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0017B55E
_free.LIBCMT ref: 0017B56A
_free.LIBCMT ref: 0017B693
_free.LIBCMT ref: 0017B69E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 68d1db9131498bfd86ad057600e4d15501bbe222c17576dfa97bed95af96f7a0
Instruction ID: 5736b29c416cc55be5b20598848e83df42eb9755d54f83621f933b21c738b8ee
Opcode Fuzzy Hash: 68d1db9131498bfd86ad057600e4d15501bbe222c17576dfa97bed95af96f7a0
Instruction Fuzzy Hash: 3E61D571A04704AFDB20DF74D881BAAB7F9EF54710F208569FA5AEB281EB709D41CB50

Function 0010E2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

z, xrefs: 0010E369

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: z
API String ID: 0-1657960367
Opcode ID: 3613e390978ae00b1b83d8cbfa5f9f7a928a9f4d62f40cfa2dedaf7df5d45012
Instruction ID: 2b34646961b5903b4891377a98ba4772b819b9c2d5c8ac22b4768e0d2f5200ff
Opcode Fuzzy Hash: 3613e390978ae00b1b83d8cbfa5f9f7a928a9f4d62f40cfa2dedaf7df5d45012
Instruction Fuzzy Hash: BA519371A00209ABEB20DB95CC85FEEB7F8FB54324F14457AF945E7280DBB49945CBA0

Function 000F7107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F7D3D
__Mtx_unlock.LIBCPMT ref: 000F7DC8

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Concurrency::cancel_current_task.LIBCPMT ref: 000F7DFC
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F7EBB

Part of subcall function 00104B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0010521E

Strings

Failed to add event category (, xrefs: 000F71F0
V, xrefs: 000F71E4
Service has not been initialized, xrefs: 000F7E88

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
String ID: Failed to add event category ($Service has not been initialized$V
API String ID: 342047005-375236208
Opcode ID: c9f9bbfd47cf4aca776d913649c12125ac0d9aa5ee7ebff4c9472ed31357a4ac
Instruction ID: c5190e0d142a980426f7501d7a214d3628ae617a7d138a24cca56d38eed41ac9
Opcode Fuzzy Hash: c9f9bbfd47cf4aca776d913649c12125ac0d9aa5ee7ebff4c9472ed31357a4ac
Instruction Fuzzy Hash: CB51F37190424CCFDB14EF64DD55BEE77B4FF18304F5041A9E81AAB282EB759A08CB62

Function 0012C600 Relevance: 12.2, APIs: 8, Instructions: 240COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 0012C641

Part of subcall function 00143084: __EH_prolog3.LIBCMT ref: 0014308B
Part of subcall function 00143084: std::_Lockit::_Lockit.LIBCPMT ref: 00143096
Part of subcall function 00143084: std::locale::_Setgloballocale.LIBCPMT ref: 001430B1
Part of subcall function 00143084: std::_Lockit::~_Lockit.LIBCPMT ref: 00143107

std::_Lockit::_Lockit.LIBCPMT ref: 0012C6CB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0012C713
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0012C748
std::_Lockit::~_Lockit.LIBCPMT ref: 0012C7DD

Part of subcall function 0015E960: _free.LIBCMT ref: 0015E973

std::_Lockit::_Lockit.LIBCPMT ref: 0012C82B
std::_Lockit::~_Lockit.LIBCPMT ref: 0012C84C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0012C85B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_std::locale::_$Locinfo::_$AddfacH_prolog3InitLocimp::_Locimp_Locinfo_ctorLocinfo_dtorSetgloballocale_free
String ID:
API String ID: 3887427400-0
Opcode ID: c839f4fdef84ef8181eeed2dab2c2cb78efe8cc61392da4490b2b6808ba7266b
Instruction ID: d0710bf6f1c5de717b5834b2a8bf762e4711865dab1d6ecfe0d4600ee2f9b1fa
Opcode Fuzzy Hash: c839f4fdef84ef8181eeed2dab2c2cb78efe8cc61392da4490b2b6808ba7266b
Instruction Fuzzy Hash: 40A1ABB0D00748DFEB10DFA8D845B9EBBF4BF14304F144129E815AB692EB75AA48CF91

Function 0017A764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 0017A78E
_free.LIBCMT ref: 0017A867
_free.LIBCMT ref: 0017A894

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: e11d2ea601c23d8966a380317a2f299b06a4d63579e21ce098dc5cb894fcd1dc
Instruction ID: b361898b0cd19f849556cde551a9610a07424ae5e4dd00f00c7224f31a133883
Opcode Fuzzy Hash: e11d2ea601c23d8966a380317a2f299b06a4d63579e21ce098dc5cb894fcd1dc
Instruction Fuzzy Hash: D55199B1945301AFDB24AFB4CC41A6DBBB4EF91314F81C16EF6599B281EB328941CB53

Function 00108690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 0015987E: EnterCriticalSection.KERNEL32(001D77A0,?,00000001,?,001086A7,00000000,?,00000001,?,00000000,?,?,0010C338,-00000010), ref: 00159889
Part of subcall function 0015987E: LeaveCriticalSection.KERNEL32(001D77A0,?,001086A7,00000000,?,00000001,?,00000000,?,?,0010C338,-00000010,?,?,?,428E8EC3), ref: 001598B5

FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 001086D6
LoadResource.KERNEL32(00000000,00000000), ref: 001086E4
LockResource.KERNEL32(00000000), ref: 001086EF
SizeofResource.KERNEL32(00000000,00000000), ref: 001086FD
FindResourceW.KERNEL32(00000000,?,00000006), ref: 00108764
LoadResource.KERNEL32(00000000,00000000), ref: 00108776
LockResource.KERNEL32(00000000), ref: 00108785
SizeofResource.KERNEL32(00000000,00000000), ref: 00108797

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
String ID:
API String ID: 506522749-0
Opcode ID: a55a0309fe312f1686c1f2c3a45ae73c62f0f6b0129e274c5c63236dca258743
Instruction ID: 2a485e096bc3c0c2b2f020350c73b195069db78ce4397854fdfdd143e97dacca
Opcode Fuzzy Hash: a55a0309fe312f1686c1f2c3a45ae73c62f0f6b0129e274c5c63236dca258743
Instruction Fuzzy Hash: D2412431A082219BC725AF28D884A3BB3E8EF94301F10492FFDD597285FFB5DC4486A1

Function 0017087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00171CA9: GetLastError.KERNEL32(00000008,00000016,00000000,00174E01), ref: 00171CAE
Part of subcall function 00171CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 00171D4C

_free.LIBCMT ref: 00170B8A
_free.LIBCMT ref: 00170BA3
_free.LIBCMT ref: 00170BE1
_free.LIBCMT ref: 00170BEA
_free.LIBCMT ref: 00170BF6

Strings

C, xrefs: 001709D9

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$ErrorLast
String ID: C
API String ID: 3291180501-1037565863
Opcode ID: bfa8c8603f9d1152eecd02082207f303c217a8b5f90442c43d33d6e64a95858a
Instruction ID: 9d07776bcd03002194f7663a671bd3c945896a3d9093ea2e4a9b71809fa8ccb2
Opcode Fuzzy Hash: bfa8c8603f9d1152eecd02082207f303c217a8b5f90442c43d33d6e64a95858a
Instruction Fuzzy Hash: 15B11775A01719DBDB25DF28C884AADB7B4FB18304F6085EAE94DA7351D731AE90CF40

Function 00101230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON

Download Yara Rule

APIs

InitOnceBeginInitialize.KERNEL32(001D823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,428E8EC3,?,?), ref: 0010125A
InitOnceComplete.KERNEL32(001D823C,00000000,00000000), ref: 00101278

Strings

[%S:(%d)][%S] Failed to create HMAC traits., xrefs: 001012F8
[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 001013E3
McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 001012EC, 001013D7
C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 001012F3, 001013DE

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitOnce$BeginCompleteInitialize
String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
API String ID: 51270584-3897904871
Opcode ID: 1a890504c966dcf0c658adba64ac7a6b62f9f0cba6147337224770f6a12c009b
Instruction ID: a83ded28061781fe2ae3cba8e91823cc67da193df7600fec88e9e9aa96442112
Opcode Fuzzy Hash: 1a890504c966dcf0c658adba64ac7a6b62f9f0cba6147337224770f6a12c009b
Instruction Fuzzy Hash: 77518C71704305ABDB04EF28DC42BAE77E4BF98705F40452EF945AB291DBB5E904CB92

Function 001052D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON

Download Yara Rule

Strings

UUID, xrefs: 00105ADA, 00105AE2
UUID, xrefs: 00105AC8
kernel32.dll, xrefs: 001057A8
Version, xrefs: 00105911
0.0.0.0, xrefs: 00105816

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
API String ID: 0-1483847951
Opcode ID: 6eb755886aa2f35f908899ba4857b2670c3b093d8b8e736262af007b896a4f01
Instruction ID: 927bb44e7fcfa93fe860d6544019ad45a71750da815a06aedb5936b7a6dc3f66
Opcode Fuzzy Hash: 6eb755886aa2f35f908899ba4857b2670c3b093d8b8e736262af007b896a4f01
Instruction Fuzzy Hash: B4816770A04388CBEB24CFA8C9587DEBBF2AF49314F244219D454AB7D2D7B84A84DF51

Function 000FA6B6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135COMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,428E8EC3,?,?), ref: 000FA531
__Mtx_unlock.LIBCPMT ref: 000FA73D
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FA7AC
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FA989

Strings

Event string is empty, xrefs: 000FA77C
Unexpected return value: , xrefs: 000FA8CC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
String ID: Event string is empty$Unexpected return value:
API String ID: 1703231451-1331613497
Opcode ID: cf146389e74647dcb5f8a21a611b2a88ad78113390906a45fe85964c04d77b15
Instruction ID: 5a121bc0b546377ae9760adef64b8e3c49bcfafb65250a640130853004b65e51
Opcode Fuzzy Hash: cf146389e74647dcb5f8a21a611b2a88ad78113390906a45fe85964c04d77b15
Instruction Fuzzy Hash: 4C51F7B0A0424CDFDF18EFA4CC89BEDB775AF16310F104258E1196B6C2DB709A85DB52

Function 0010C960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0010C995
std::_Lockit::_Lockit.LIBCPMT ref: 0010C9B7
std::_Lockit::~_Lockit.LIBCPMT ref: 0010C9D7
__Getctype.LIBCPMT ref: 0010CA70
std::_Locinfo::~_Locinfo.LIBCPMT ref: 0010CA82
std::_Facet_Register.LIBCPMT ref: 0010CA8F
std::_Lockit::~_Lockit.LIBCPMT ref: 0010CAB1

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
String ID:
API String ID: 3947131827-0
Opcode ID: cf0a6e211d7142cafd9192aa96143d4b604c01246132a7ecd7b6e428ba4ece2a
Instruction ID: 8a9c05c1b12e72dacf2fc9c1f637a1ecf7988baca17ac5f2d1ffd83043a65ce9
Opcode Fuzzy Hash: cf0a6e211d7142cafd9192aa96143d4b604c01246132a7ecd7b6e428ba4ece2a
Instruction Fuzzy Hash: F941EF71A01209CFCB15DF58D841BAEB7B4FF54314F14425AE85AAB3A2EB70EE45CB80

Function 000FA550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,428E8EC3,?,?), ref: 000FA531
__Mtx_unlock.LIBCPMT ref: 000FA58B
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FA989
__Mtx_unlock.LIBCPMT ref: 000FA99D

Strings

Thread signalled when event queue is empty, xrefs: 000FA614
Unexpected return value: , xrefs: 000FA8CC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
String ID: Thread signalled when event queue is empty$Unexpected return value:
API String ID: 3324347728-3645029203
Opcode ID: e0256bb644eb7d0f8976bef7664f2048f59c324d9917c2fe8a09a7ba52d53c66
Instruction ID: 211b5f1accf3162bcc1eefa395997f4a6cf46ae0fc92679505593d2b6133eb1b
Opcode Fuzzy Hash: e0256bb644eb7d0f8976bef7664f2048f59c324d9917c2fe8a09a7ba52d53c66
Instruction Fuzzy Hash: 0E41C1B0E0025C9EDF24EBA4CD49BEDB774AF11310F104198E519BB682EB746B89CB52

Function 0017416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 001741D5
api-ms-, xrefs: 001741C1

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 0f2653580c1ac79413d138a4c8ba939c94455ef2d662f8f44d3182a2d234f9f6
Instruction ID: c865aa8476b0aed2647381c02077d094b6dd1aa77e732df958edee15b3fdeebe
Opcode Fuzzy Hash: 0f2653580c1ac79413d138a4c8ba939c94455ef2d662f8f44d3182a2d234f9f6
Instruction Fuzzy Hash: 9421E772A45221ABCB31DB68EC40A5A37B89B25764F168521FD1EA72D2D730EC51C5E0

Function 0017576D Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(8304488B,0016537C,00000000), ref: 001757B5
__fassign.LIBCMT ref: 00175994
__fassign.LIBCMT ref: 001759B1
WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 001759F9
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00175A39
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00175AE5

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 5158a80d769a475c9d9d39ad3c20ccecd04b3d8b6592937b7c74d4cde2d7ff18
Instruction ID: 4204b2555c6ecf0e5b2e44a06b804847b5bce5eda32f0daea1bfc6b81c4af237
Opcode Fuzzy Hash: 5158a80d769a475c9d9d39ad3c20ccecd04b3d8b6592937b7c74d4cde2d7ff18
Instruction Fuzzy Hash: 7DD19B71D016589FCF15CFA8C8809EDBBB6BF48314F28816AE859FB241D771AE46CB50

Function 0015809D Relevance: 9.2, APIs: 6, Instructions: 224COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00158128
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 001581B6
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00158228
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00158242
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001582A5
CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 001582C2

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 88e8f49ae1f5ef8da6de4f8f3b798b7defef5a565b6c47cfb78dc714686c5640
Instruction ID: f66d6463b292e281046720ed78aedd821fc7c2f0588d9e66e14617eae9565172
Opcode Fuzzy Hash: 88e8f49ae1f5ef8da6de4f8f3b798b7defef5a565b6c47cfb78dc714686c5640
Instruction Fuzzy Hash: 1971807190060AEEDF219FA5CC81AEF7FBAAF49316F150115EC65BA190DF31C849CB64

Function 001468B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00146901
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0014696C
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00146989
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 001469C8
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00146A27
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00146A4A

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 6980c25aab7c304fe50897875f00e7e0b98308302b29a061e8c29a84fb78b98a
Instruction ID: 7ba076bc82452dca3042c628a6142832d66d8a7d8a670c51b0ba86b7e239a124
Opcode Fuzzy Hash: 6980c25aab7c304fe50897875f00e7e0b98308302b29a061e8c29a84fb78b98a
Instruction Fuzzy Hash: 5751D272A00216AFEF209F64CC41FAB7BA9EF45758F258429F914E7160E770DD50CB62

Function 000EE790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 000EE7D7
GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 000EE811
SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 000EE86D
LocalFree.KERNEL32(00000000), ref: 000EE8C7
LocalFree.KERNEL32(00000000), ref: 000EE8DC
LocalFree.KERNEL32(00000000), ref: 000EE917

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
String ID:
API String ID: 2792426717-0
Opcode ID: c97a2f43879b4587fac60c7456e67e3e6ce8b8bd560dce4a35cdc7f676287df6
Instruction ID: de807965e6dff0a8575dea203c3f35e6bf73d18ccbe000424b7f2c14a31982ed
Opcode Fuzzy Hash: c97a2f43879b4587fac60c7456e67e3e6ce8b8bd560dce4a35cdc7f676287df6
Instruction Fuzzy Hash: 97416E71A01288AFEF10DF95DD49BDEBBF9EF04704F24012AF904B6290DB749A44CB60

Function 000E8D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000E8D46
std::_Lockit::_Lockit.LIBCPMT ref: 000E8D66
std::_Lockit::~_Lockit.LIBCPMT ref: 000E8D86
std::_Locinfo::~_Locinfo.LIBCPMT ref: 000E8E57
std::_Facet_Register.LIBCPMT ref: 000E8E64
std::_Lockit::~_Lockit.LIBCPMT ref: 000E8E86

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
String ID:
API String ID: 2966223926-0
Opcode ID: 8afa84ce14909edbf57cf0a7b7124f13d0eacb16ed12c0d367e803477a88404a
Instruction ID: 3315508401277098a05e9935c240d3260e231dd3d685a710cfbc1d8f97c3aac5
Opcode Fuzzy Hash: 8afa84ce14909edbf57cf0a7b7124f13d0eacb16ed12c0d367e803477a88404a
Instruction Fuzzy Hash: AF41CE71901254DFCB15EF56C881BAEBBB0FF60310F14815AE81AAB391DF30AA05CB81

Function 000F3400 Relevance: 9.1, APIs: 6, Instructions: 122COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 000F3435
std::_Lockit::_Lockit.LIBCPMT ref: 000F3457
std::_Lockit::~_Lockit.LIBCPMT ref: 000F3477
std::_Locinfo::~_Locinfo.LIBCPMT ref: 000F353A
std::_Facet_Register.LIBCPMT ref: 000F3547
std::_Lockit::~_Lockit.LIBCPMT ref: 000F3569

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
String ID:
API String ID: 2966223926-0
Opcode ID: 7443d6df19e836fe14d28d9a6a670c491d5aad9134dc96a3caed9e84b58851e1
Instruction ID: a224f535245616ff6431cf73d63083c2ddbc53773029dc10854d5d0ea0ba10c1
Opcode Fuzzy Hash: 7443d6df19e836fe14d28d9a6a670c491d5aad9134dc96a3caed9e84b58851e1
Instruction Fuzzy Hash: 4041CD719016199FCB11DF58C841AAEB7F4FF94320F14425AE805AB662EB34FA45CB90

Function 000E32DE Relevance: 9.1, APIs: 6, Instructions: 70COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 000E32E5
std::_Lockit::_Lockit.LIBCPMT ref: 000E32F2

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 000E3340
std::_Lockit::~_Lockit.LIBCPMT ref: 000E3360
Concurrency::cancel_current_task.LIBCPMT ref: 000E336D
__Towlower.LIBCPMT ref: 000E3388

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
String ID:
API String ID: 2111902878-0
Opcode ID: 00b889910d0d43f69932de836e2d326934452a03a823abaede043a2eb1e88c75
Instruction ID: 5ae2f8f4f1be0045284cd897b11eeb52e56637828c7df510c60eaa34d8a1be1f
Opcode Fuzzy Hash: 00b889910d0d43f69932de836e2d326934452a03a823abaede043a2eb1e88c75
Instruction Fuzzy Hash: 3711C231901149DFCB04FB64D946EAEBBE4AF94711F24010AFA157B2A2DF309F458791

Function 00148203 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0014820A
std::_Lockit::_Lockit.LIBCPMT ref: 00148214

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

moneypunct.LIBCPMT ref: 0014824E
std::_Facet_Register.LIBCPMT ref: 00148265
std::_Lockit::~_Lockit.LIBCPMT ref: 00148285
Concurrency::cancel_current_task.LIBCPMT ref: 00148292

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 6c85ee6aad09d9cb302bad1d11ee23b1c332a969d554a258984aa12d1732e888
Instruction ID: 09f2e58a186c53bb5f0ba479f893012601e70cbffdd2ac6a70eb32cea22aa989
Opcode Fuzzy Hash: 6c85ee6aad09d9cb302bad1d11ee23b1c332a969d554a258984aa12d1732e888
Instruction Fuzzy Hash: 18019E35905159AFCB05EBA8C856ABE77B5BF90710F640509F920BB3E2DFB09E04DB90

Function 00148298 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0014829F
std::_Lockit::_Lockit.LIBCPMT ref: 001482A9

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

moneypunct.LIBCPMT ref: 001482E3
std::_Facet_Register.LIBCPMT ref: 001482FA
std::_Lockit::~_Lockit.LIBCPMT ref: 0014831A
Concurrency::cancel_current_task.LIBCPMT ref: 00148327

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 107294b89a99cc55c92ced020ef8c60e680323631852851b39843e1c031bfebd
Instruction ID: e56bd58bbdae6620789583f442f1b08ab564aa0740df6ec1570b95960e135be7
Opcode Fuzzy Hash: 107294b89a99cc55c92ced020ef8c60e680323631852851b39843e1c031bfebd
Instruction Fuzzy Hash: 50016D35905159AFCB05EFA4C846AAEB7B5BF54710F24050AE8207B3E2DF70DE05DB90

Function 0014832D Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00148334
std::_Lockit::_Lockit.LIBCPMT ref: 0014833E

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

moneypunct.LIBCPMT ref: 00148378
std::_Facet_Register.LIBCPMT ref: 0014838F
std::_Lockit::~_Lockit.LIBCPMT ref: 001483AF
Concurrency::cancel_current_task.LIBCPMT ref: 001483BC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: ba8446a7999f199ac221ef9e13ee9a833dc649f5def75f13dedfd4cc2845c144
Instruction ID: f2c437256a6a1b24b73b235b5c6a09e6d88d98fddcde417b32895d43e5e64b95
Opcode Fuzzy Hash: ba8446a7999f199ac221ef9e13ee9a833dc649f5def75f13dedfd4cc2845c144
Instruction Fuzzy Hash: 810180759051199BCB05EFA4C905ABEB7B5BF94B10F240109F8207B3E2DF74DE059B90

Function 0014435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00144362
std::_Lockit::_Lockit.LIBCPMT ref: 0014436C

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

codecvt.LIBCPMT ref: 001443A6
std::_Facet_Register.LIBCPMT ref: 001443BD
std::_Lockit::~_Lockit.LIBCPMT ref: 001443DD
Concurrency::cancel_current_task.LIBCPMT ref: 001443EA

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
String ID:
API String ID: 2133458128-0
Opcode ID: 35c5573be30bd89389b852220db0fd56dbaaef3c5220c831c85c7c9a9450e710
Instruction ID: 7350b253c3fc3c6ee9857b6914cb888601c94f50c374ad8d88ebcaa586dbd135
Opcode Fuzzy Hash: 35c5573be30bd89389b852220db0fd56dbaaef3c5220c831c85c7c9a9450e710
Instruction Fuzzy Hash: A601CC359011299BCB05FFA4C902BAE77B5BFA0710F240109F820BB3E2DF749A05CB80

Function 001483C2 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001483C9
std::_Lockit::_Lockit.LIBCPMT ref: 001483D3

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

moneypunct.LIBCPMT ref: 0014840D
std::_Facet_Register.LIBCPMT ref: 00148424
std::_Lockit::~_Lockit.LIBCPMT ref: 00148444
Concurrency::cancel_current_task.LIBCPMT ref: 00148451

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 4e81448b455f36f4072c9c33d3f81dc0cee332d6eed68eb1ba0c768893779484
Instruction ID: 297ff1517fe15a7b0ba34af79c1363460368b597c8d8ead390ebeeee6005ebd7
Opcode Fuzzy Hash: 4e81448b455f36f4072c9c33d3f81dc0cee332d6eed68eb1ba0c768893779484
Instruction Fuzzy Hash: FF01D23190112A9BCB05EBA4C8056BE77B5BF90710F240509F9217B3E1DF749E059B91

Function 00154475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0015447C
std::_Lockit::_Lockit.LIBCPMT ref: 00154486

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

collate.LIBCPMT ref: 001544C0
std::_Facet_Register.LIBCPMT ref: 001544D7
std::_Lockit::~_Lockit.LIBCPMT ref: 001544F7
Concurrency::cancel_current_task.LIBCPMT ref: 00154504

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
String ID:
API String ID: 1767075461-0
Opcode ID: ff0f1afec7d13f7ec2b2f38821dc49af9695e56488bd47d2961d11509e8e9127
Instruction ID: 2bc0ea9d4a14ff09126179fd37d4e96d5b63833b16876a7f38c7c4fc361c871a
Opcode Fuzzy Hash: ff0f1afec7d13f7ec2b2f38821dc49af9695e56488bd47d2961d11509e8e9127
Instruction Fuzzy Hash: A001C035904119EBCB05EBA4C8456AE77B5BF90315F24050AF8307B3D2DF709A489B80

Function 0015450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00154511
std::_Lockit::_Lockit.LIBCPMT ref: 0015451B

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

messages.LIBCPMT ref: 00154555
std::_Facet_Register.LIBCPMT ref: 0015456C
std::_Lockit::~_Lockit.LIBCPMT ref: 0015458C
Concurrency::cancel_current_task.LIBCPMT ref: 00154599

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 70a221575668c1a67ba03b057f5716283442915afcd652a371e9b335ed543ff6
Instruction ID: 8b4d2b43e3962a36c501fa99cea7df878abdd66eebfd1477eefb39ed57d8fbdb
Opcode Fuzzy Hash: 70a221575668c1a67ba03b057f5716283442915afcd652a371e9b335ed543ff6
Instruction Fuzzy Hash: D801C035901119DBCB05EBA4C841ABE77B5BF54315F24050AF9207B3D1EF709A48DB80

Function 00148616 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0014861D
numpunct.LIBCPMT ref: 00148661
std::_Facet_Register.LIBCPMT ref: 00148678
std::_Lockit::~_Lockit.LIBCPMT ref: 00148698
Concurrency::cancel_current_task.LIBCPMT ref: 001486A5
std::_Lockit::_Lockit.LIBCPMT ref: 00148627

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 2820680d616205b5e5007d5a61bd0eeb15c9bc33972314c0b5bcbc0ad6530d4a
Instruction ID: a75f0c55f45f902c35e99f53b7472a350529b46c54296e971ce504e19c9af1a7
Opcode Fuzzy Hash: 2820680d616205b5e5007d5a61bd0eeb15c9bc33972314c0b5bcbc0ad6530d4a
Instruction Fuzzy Hash: 9901D235901229DBCB05EBA4C8056FEBBB6BF90714F250009F9247B3E1DF709E448B90

Function 001546C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001546D0
std::_Lockit::_Lockit.LIBCPMT ref: 001546DA

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

moneypunct.LIBCPMT ref: 00154714
std::_Facet_Register.LIBCPMT ref: 0015472B
std::_Lockit::~_Lockit.LIBCPMT ref: 0015474B
Concurrency::cancel_current_task.LIBCPMT ref: 00154758

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: a3010a0813a6a850bf39798c9c0bff44fbc405f26ef05ba74a97e358be65732d
Instruction ID: e3ae8440a24fed763ed1ac7e828e4ae183500e6ef4e0d4f84efb60121446c475
Opcode Fuzzy Hash: a3010a0813a6a850bf39798c9c0bff44fbc405f26ef05ba74a97e358be65732d
Instruction Fuzzy Hash: 2501C03A901119DBCB05EBA4C905ABEB7B5BF94315F250009F8307B3D1DF709A488B80

Function 0015475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00154765
std::_Lockit::_Lockit.LIBCPMT ref: 0015476F

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

moneypunct.LIBCPMT ref: 001547A9
std::_Facet_Register.LIBCPMT ref: 001547C0
std::_Lockit::~_Lockit.LIBCPMT ref: 001547E0
Concurrency::cancel_current_task.LIBCPMT ref: 001547ED

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: c35f891fa1dcb1881cc777dd18663179dbbb8ffe74c86107270c6f931bfa8592
Instruction ID: 073e41f4f2cce160567b8410f9bd1a2dd8d2d6de3eccdd3cccc806d28048d591
Opcode Fuzzy Hash: c35f891fa1dcb1881cc777dd18663179dbbb8ffe74c86107270c6f931bfa8592
Instruction Fuzzy Hash: 8001C036901119DFCB05EFA4C805AAEB7B5BF94719F240109F8207B3D2DF709A48CB80

Function 0010C410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0010C546
Concurrency::cancel_current_task.LIBCPMT ref: 0010C54B
Concurrency::cancel_current_task.LIBCPMT ref: 0010C550

Part of subcall function 0015E960: _free.LIBCMT ref: 0015E973

Strings

true, xrefs: 0010C503
false, xrefs: 0010C4D9

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_task$_free
String ID: false$true
API String ID: 149343396-2658103896
Opcode ID: 509ead0cf31cba993d4369ca6b971a53acd3b870cbe6af2b3cee63ef4e618338
Instruction ID: 92ded926412a5c5e55164fe0381eda4cad62bc77f52329c90928a270081fd0c5
Opcode Fuzzy Hash: 509ead0cf31cba993d4369ca6b971a53acd3b870cbe6af2b3cee63ef4e618338
Instruction Fuzzy Hash: 9A412675A007409FCB209F64DC51BAABBF4AF15304F04865DF8959B792D772E908CFA1

Function 0015D1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,0015D278,?,?,001D77FC,00000000,?,0015D3A3,00000004,InitializeCriticalSectionEx,001B013C,001B0144,00000000), ref: 0015D247

Strings

api-ms-, xrefs: 0015D207

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: c76247b35fdcd727da5723d3a75684e53e4587918693bd3bcaebd4333b751496
Instruction ID: 378f6b9906542f3dac90a2eeaee32fb717ccd9ebfb8f5422ec8fa34074d61d74
Opcode Fuzzy Hash: c76247b35fdcd727da5723d3a75684e53e4587918693bd3bcaebd4333b751496
Instruction Fuzzy Hash: C211A331A41621EBDB329B68FC40B5A37A4AF05761F150251FD25EF2C0E770ED088BD1

Function 0010E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0010E172
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0010E182
RegDeleteKeyW.ADVAPI32(00000000,?), ref: 0010E1C2

Strings

RegDeleteKeyExW, xrefs: 0010E17C
Advapi32.dll, xrefs: 0010E16D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddressDeleteHandleModuleProc
String ID: Advapi32.dll$RegDeleteKeyExW
API String ID: 588496660-2191092095
Opcode ID: c8178dc3c746aea3868f120e86fee970f91777603b986270afa9f07ab7733d87
Instruction ID: 8303fd95ab6e41053ba3b9e872f9c5bc0f283a3921608db9465a222c929f496a
Opcode Fuzzy Hash: c8178dc3c746aea3868f120e86fee970f91777603b986270afa9f07ab7733d87
Instruction Fuzzy Hash: 6E018875205304EAD720DB9BFC04B627BE9E791B61F08482BF144C29E0C7F298D0DB20

Function 001311F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00131210
GetLastError.KERNEL32 ref: 0013121A

Strings

WriteFile failed: %d, xrefs: 00131221
c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 0013122D
NWebAdvisor::CCabParser::Write, xrefs: 00131228

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
API String ID: 442123175-2264278858
Opcode ID: cf65a5a1d36bae90af05746b43507cc65b8d36943423179c815193e789da3866
Instruction ID: a9e638ba170a172d03ca7c913bd6e74ba8f6eebb8e38d7ecdee0d1e4fcc601e2
Opcode Fuzzy Hash: cf65a5a1d36bae90af05746b43507cc65b8d36943423179c815193e789da3866
Instruction Fuzzy Hash: 10F0AF31740108FFDB40EFA8DC02F6EBBF4EB28B05F404069BD09AA191DA719A54D750

Function 001108A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32), ref: 001108A9
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 001108C0
GetCurrentProcess.KERNEL32(?), ref: 001108D7

Strings

IsWow64Process, xrefs: 001108BA
kernel32, xrefs: 001108A4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddressCurrentHandleModuleProcProcess
String ID: IsWow64Process$kernel32
API String ID: 4190356694-3789238822
Opcode ID: afc642f2cb5ba9b71cc050a30b5669400ad84d5590428ce50d790868a1b8d517
Instruction ID: 098203287e9e5d435c6bae22d761e180441f5a360afdce8472be77ab0c987877
Opcode Fuzzy Hash: afc642f2cb5ba9b71cc050a30b5669400ad84d5590428ce50d790868a1b8d517
Instruction Fuzzy Hash: 9EF02732E0532CABCE109BA4AC09AEA77DCDB05711B0046E6FC0893200E7B18DA092D0

Function 0016E940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0016E935,?,?,0016E8FD,00000002,00000002,?), ref: 0016E955
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0016E968
FreeLibrary.KERNEL32(00000000,?,?,0016E935,?,?,0016E8FD,00000002,00000002,?), ref: 0016E98B

Strings

mscoree.dll, xrefs: 0016E94E
CorExitProcess, xrefs: 0016E960

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 110d87a3febd64dde892f7a967901d61bbf02ef11d491823967e41a967c39bce
Instruction ID: 6535e3d25f231fbb4a6f163c28eb1f6e41f060f9ccd7d1ff541b635032d5a220
Opcode Fuzzy Hash: 110d87a3febd64dde892f7a967901d61bbf02ef11d491823967e41a967c39bce
Instruction Fuzzy Hash: FDF08C34A10219FBDB119B51DD0AFDEBFB8EF00B59F490161F404A21A0CBB08EA0DA90

Function 001703F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00172174: RtlAllocateHeap.NTDLL(00000000,?,?,?,0015872D,?,?,000EA1ED,0000002C,428E8EC3), ref: 001721A6

_free.LIBCMT ref: 00170501
_free.LIBCMT ref: 00170518
_free.LIBCMT ref: 00170535
_free.LIBCMT ref: 00170550
_free.LIBCMT ref: 00170567

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$AllocateHeap
String ID:
API String ID: 3033488037-0
Opcode ID: df2baaf861032c7f80686a27bf6c8d4c073f5edcda4b5a30ee1f349be890ef02
Instruction ID: eedc3c8a3bdeb63399289651daf93dc841c66b6e6eaa3a35275ecf2bf64aae85
Opcode Fuzzy Hash: df2baaf861032c7f80686a27bf6c8d4c073f5edcda4b5a30ee1f349be890ef02
Instruction Fuzzy Hash: BD51DF72A00304EFDB22DF69D841A6A77F4EF18724F148669E84AD7250E731EA41CF50

Function 001443F0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001443F7
std::_Lockit::_Lockit.LIBCPMT ref: 00144401

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 00144452
std::_Lockit::~_Lockit.LIBCPMT ref: 00144472
Concurrency::cancel_current_task.LIBCPMT ref: 0014447F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 60e856b706b5f60794d8ee2ac92fb90846ea0de5a250e18148b5e7057c0e71f2
Instruction ID: 403cea7a4508758a0020efac2777adafdece68a21d7eec21251ff41f49fbeb62
Opcode Fuzzy Hash: 60e856b706b5f60794d8ee2ac92fb90846ea0de5a250e18148b5e7057c0e71f2
Instruction Fuzzy Hash: 56018035905119DBCB05FBA4C8057AEB7B5BF94710F28010AF924BB3E2DF749A058B90

Function 00147579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

_Maklocstr.LIBCPMT ref: 00147599
_Maklocstr.LIBCPMT ref: 001475B6
_Maklocstr.LIBCPMT ref: 001475D3
_Maklocchr.LIBCPMT ref: 001475E5
_Maklocchr.LIBCPMT ref: 001475F8

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Maklocstr$Maklocchr
String ID:
API String ID: 2020259771-0
Opcode ID: a0e505b01cb66aefe98ace91af0459ea844840ebb5fb0e8fbc640d1f4d107210
Instruction ID: 6d66fed7a2786ded5a8d38ee47b5923a20db248a80427c0eca2af76b9cff65d7
Opcode Fuzzy Hash: a0e505b01cb66aefe98ace91af0459ea844840ebb5fb0e8fbc640d1f4d107210
Instruction Fuzzy Hash: BD118CB25087447BE320DBA49885F12B7ECAF09310F044919F1858BAA0E365FC5587A5

Function 000E77FD Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 000E7804
std::_Lockit::_Lockit.LIBCPMT ref: 000E7811

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 000E785F
std::_Lockit::~_Lockit.LIBCPMT ref: 000E787F
Concurrency::cancel_current_task.LIBCPMT ref: 000E788C

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_Register
String ID:
API String ID: 3498242614-0
Opcode ID: 9dfd60cab5e7d11ddadd03db2dd29a62ab56e3db859a7adf3962e26c05dda070
Instruction ID: eeb867e20a54237319510fdf12c597bbf41c6344420caf4114192dc06f8d69e5
Opcode Fuzzy Hash: 9dfd60cab5e7d11ddadd03db2dd29a62ab56e3db859a7adf3962e26c05dda070
Instruction Fuzzy Hash: 4101C031905149DFCB08FBA5C9466AD77A5AFA4710F24010AF925BB392DF709E05CBA1

Function 00148044 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0014804B
std::_Lockit::_Lockit.LIBCPMT ref: 00148055

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 001480A6
std::_Lockit::~_Lockit.LIBCPMT ref: 001480C6
Concurrency::cancel_current_task.LIBCPMT ref: 001480D3

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 86fef0a38035e7448be1a862cc0bd66bea1dd30ec5ce9df48ab0df91b37e98f0
Instruction ID: 9bcd95ad26ced6cdc778b3c4768e4d003dfcce34236315d375f963bd549cbc4c
Opcode Fuzzy Hash: 86fef0a38035e7448be1a862cc0bd66bea1dd30ec5ce9df48ab0df91b37e98f0
Instruction Fuzzy Hash: B701C4319142199BCB15EF64C841AAEB7B5BF50710F250109F8207B3E1DF709E499790

Function 001480D9 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001480E0
std::_Lockit::_Lockit.LIBCPMT ref: 001480EA

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 0014813B
std::_Lockit::~_Lockit.LIBCPMT ref: 0014815B
Concurrency::cancel_current_task.LIBCPMT ref: 00148168

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: df3b99556167f2af63687e4d78fbe3e96c847ec9a6e44ade7c8ac27aef507882
Instruction ID: d3fa4240fdbdac2157349a06d3e08619f0ef242d801492d5225e4edbd245400c
Opcode Fuzzy Hash: df3b99556167f2af63687e4d78fbe3e96c847ec9a6e44ade7c8ac27aef507882
Instruction Fuzzy Hash: 7001C031900269AFCB05FBA4C8466AE77B5BF90B10F24040AF8207B3E1DF709E059B90

Function 0014816E Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00148175
std::_Lockit::_Lockit.LIBCPMT ref: 0014817F

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 001481D0
std::_Lockit::~_Lockit.LIBCPMT ref: 001481F0
Concurrency::cancel_current_task.LIBCPMT ref: 001481FD

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 391b23335e8cccc243c49c86256079f9ba507cf4cd77cbf71668f0fb808cbf73
Instruction ID: 7a91fc2fd91c8f2382c1eb52bb3af27a79f7c59aeb0774f0665d80cf31a5c89f
Opcode Fuzzy Hash: 391b23335e8cccc243c49c86256079f9ba507cf4cd77cbf71668f0fb808cbf73
Instruction Fuzzy Hash: AD018035905119AFCB05EBA8C845ABEB7B5BF54720F25050AF920BB3E2DF709E059B90

Function 00148457 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0014845E
std::_Lockit::_Lockit.LIBCPMT ref: 00148468

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 001484B9
std::_Lockit::~_Lockit.LIBCPMT ref: 001484D9
Concurrency::cancel_current_task.LIBCPMT ref: 001484E6

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 0afeb37f514c3143cd5b376a26360abd95107a22bb174c929ca81e80c6c19813
Instruction ID: 1b1fe2a428b37d1fc53239599a43ffa1cfa1db71336b44e921c6ba94935bb36a
Opcode Fuzzy Hash: 0afeb37f514c3143cd5b376a26360abd95107a22bb174c929ca81e80c6c19813
Instruction Fuzzy Hash: 9501C03590411A9FCB05EFA4C8056BE77B5BF50710F240509F8207B3E2DF709A05CB80

Function 001484EC Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001484F3
std::_Lockit::_Lockit.LIBCPMT ref: 001484FD

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 0014854E
std::_Lockit::~_Lockit.LIBCPMT ref: 0014856E
Concurrency::cancel_current_task.LIBCPMT ref: 0014857B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: c41850acb03e9f02fdafdff765a1069c81f8fe719d8d6d8035fd3282af4a796e
Instruction ID: e4fe894f55341b2cca0639f400700f77f4296bcc5a27aa8a3b5560a3833a51c9
Opcode Fuzzy Hash: c41850acb03e9f02fdafdff765a1069c81f8fe719d8d6d8035fd3282af4a796e
Instruction Fuzzy Hash: 3501C0319001199FCB05FBA4D8416AE77B5BF50310F24050AF824BB3E2DF709A05CB81

Function 0015459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001545A6
std::_Lockit::_Lockit.LIBCPMT ref: 001545B0

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 00154601
std::_Lockit::~_Lockit.LIBCPMT ref: 00154621
Concurrency::cancel_current_task.LIBCPMT ref: 0015462E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 9a9404d9a36febe013d38d958957941acb1ab14ff46a5a91158beb81b3450406
Instruction ID: 4412047f05b713bdfe1a0aed3322142f3d92e6b427c91abd54cf01da81f29e20
Opcode Fuzzy Hash: 9a9404d9a36febe013d38d958957941acb1ab14ff46a5a91158beb81b3450406
Instruction Fuzzy Hash: 8C01C035904229EBCB05EBA4C841AAE77B5BF50715F240509F820BB3D2DF70DE48CB80

Function 00148581 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00148588
std::_Lockit::_Lockit.LIBCPMT ref: 00148592

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 001485E3
std::_Lockit::~_Lockit.LIBCPMT ref: 00148603
Concurrency::cancel_current_task.LIBCPMT ref: 00148610

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 7671e752b7ba358bbe1d910b97c076e1d9b668518741e6ba8abd4902bba9411e
Instruction ID: f8bc8a51ed525899e304570cd85e8ec68ffd6302113cbaf70ad27caba2c5d01e
Opcode Fuzzy Hash: 7671e752b7ba358bbe1d910b97c076e1d9b668518741e6ba8abd4902bba9411e
Instruction Fuzzy Hash: AC01CC35905119ABCB05FFA4C802AAEB7B5BF90714F25050AF920BB3E2DF709A058B81

Function 00154634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0015463B
std::_Lockit::_Lockit.LIBCPMT ref: 00154645

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 00154696
std::_Lockit::~_Lockit.LIBCPMT ref: 001546B6
Concurrency::cancel_current_task.LIBCPMT ref: 001546C3

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 409ca92cc005776c1af0df469f51e82831be531ae16c2a4f1e03485b8be9c81d
Instruction ID: 49699be33cb2fda765e13aa5048b067bced666e5d4ed3a4739f367ffaa59f097
Opcode Fuzzy Hash: 409ca92cc005776c1af0df469f51e82831be531ae16c2a4f1e03485b8be9c81d
Instruction Fuzzy Hash: A501C031905119EBCB05EBA4C841AAE77B5BF90315F24050AFC207B3D1DF709E889B80

Function 001486AB Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001486B2
std::_Lockit::_Lockit.LIBCPMT ref: 001486BC

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 0014870D
std::_Lockit::~_Lockit.LIBCPMT ref: 0014872D
Concurrency::cancel_current_task.LIBCPMT ref: 0014873A

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: a5dfb9334824840b1c5d0cdd56451f893d183d1ae65011d079ccdd002ae8c8aa
Instruction ID: 9b8261dd5daf1c676faf5632cd752d42f97bff3f5c6bb4ce8c8c57d53402dc0b
Opcode Fuzzy Hash: a5dfb9334824840b1c5d0cdd56451f893d183d1ae65011d079ccdd002ae8c8aa
Instruction Fuzzy Hash: CA01D235905119DBCB05EBA4C9166BEB7B5BF50311F240009F9207B3E1DF709E45CB90

Function 001487D5 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001487DC
std::_Lockit::_Lockit.LIBCPMT ref: 001487E6

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 00148837
std::_Lockit::~_Lockit.LIBCPMT ref: 00148857
Concurrency::cancel_current_task.LIBCPMT ref: 00148864

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: d07fbb47ccd7a2f991c9af221382706b8ff2a3eccb11a8b2321cec72a35c5c9d
Instruction ID: f63c8e83c0c4f34c673281f7331a4b3b266ec5233848b22735846a88c9080245
Opcode Fuzzy Hash: d07fbb47ccd7a2f991c9af221382706b8ff2a3eccb11a8b2321cec72a35c5c9d
Instruction Fuzzy Hash: D401C03190422ADFCB05EBA4C801ABE77B5BF50710F640409F9207B3E2DF709A04CB90

Function 001547F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001547FA
std::_Lockit::_Lockit.LIBCPMT ref: 00154804

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 00154855
std::_Lockit::~_Lockit.LIBCPMT ref: 00154875
Concurrency::cancel_current_task.LIBCPMT ref: 00154882

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: c132176424cbe0631a2ffa17badc4f85df0f5aa25819ed602c10b525555f3592
Instruction ID: e030af70430663242954b20a7eaca03bd42d71330738cec27d3044bdecdf48cd
Opcode Fuzzy Hash: c132176424cbe0631a2ffa17badc4f85df0f5aa25819ed602c10b525555f3592
Instruction Fuzzy Hash: A501C032904269DBCB09EBA4C811AAEB7B5BF90725F240009F9307B3D1DF709E49CB80

Function 00154888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 0015488F
std::_Lockit::_Lockit.LIBCPMT ref: 00154899

Part of subcall function 000E2D14: std::_Lockit::_Lockit.LIBCPMT ref: 000E2D30
Part of subcall function 000E2D14: std::_Lockit::~_Lockit.LIBCPMT ref: 000E2D4C

std::_Facet_Register.LIBCPMT ref: 001548EA
std::_Lockit::~_Lockit.LIBCPMT ref: 0015490A
Concurrency::cancel_current_task.LIBCPMT ref: 00154917

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 715db307472dfcbcee2cd35cdc86642a9bf42cbbc3600bfd9d8dbb89f09a9aaa
Instruction ID: 3467a31fc2c074d9bc4b15b0c26c42c845649da898d090537b1b1019f217f8f1
Opcode Fuzzy Hash: 715db307472dfcbcee2cd35cdc86642a9bf42cbbc3600bfd9d8dbb89f09a9aaa
Instruction Fuzzy Hash: 8F01A135900119DBCB05EBA4C806AAEB7B5BF54315F14010AE8206B2D1DF709A488B80

Function 0017B487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0017B49F

Part of subcall function 00172098: RtlFreeHeap.NTDLL(00000000,00000000,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?), ref: 001720AE
Part of subcall function 00172098: GetLastError.KERNEL32(?,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?,?), ref: 001720C0

_free.LIBCMT ref: 0017B4B1
_free.LIBCMT ref: 0017B4C3
_free.LIBCMT ref: 0017B4D5
_free.LIBCMT ref: 0017B4E7

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: fe5f608240f10583a291d0724bee7b80af76edbb4e76af602397e2f02af69442
Instruction ID: ea772ad8c0b42fca7d791aa401076b0d2026720e077b87070d6c9d782a37065f
Opcode Fuzzy Hash: fe5f608240f10583a291d0724bee7b80af76edbb4e76af602397e2f02af69442
Instruction Fuzzy Hash: 17F0FF72608704AB8630DB68E9C6D1677FEEB04710B948819F14FD7A01CB30FCC68660

Function 001588B0 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(001D742C,?,?,000F4086,001D827C,001968E0,?), ref: 001588BA
LeaveCriticalSection.KERNEL32(001D742C,?,?,000F4086,001D827C,001968E0,?), ref: 001588ED
RtlWakeAllConditionVariable.NTDLL ref: 00158964
SetEvent.KERNEL32(?,000F4086,001D827C,001968E0,?), ref: 0015896E
ResetEvent.KERNEL32(?,000F4086,001D827C,001968E0,?), ref: 0015897A

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
String ID:
API String ID: 3916383385-0
Opcode ID: debf5c85c95a1099bd02e97745d147a0f386207ff893a96e7f05f4d66b6a7bd8
Instruction ID: 8eb41c771c5df63856fdff7ab3c5d7161575dc060c661cbfef59f795b5ab3bd5
Opcode Fuzzy Hash: debf5c85c95a1099bd02e97745d147a0f386207ff893a96e7f05f4d66b6a7bd8
Instruction Fuzzy Hash: F601F671606120DFC706AF28FC889997FA9EB4D715705406BF90197B71DB705891CB91

Function 00130720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 00130726
GetLastError.KERNEL32 ref: 00130730

Strings

c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00130743
CloseHandle failed: %d, xrefs: 00130737
NWebAdvisor::CCabParser::Close, xrefs: 0013073E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
API String ID: 918212764-1823807987
Opcode ID: f1a43ec8a7cf925e4738df38296cfb8b9a0243d16d5c56ded5eaa47d11347069
Instruction ID: c27fa6e27186afdfd88ee5f78e5f0a5bc2cfbd37c4b43829e6fa35370bfa3826
Opcode Fuzzy Hash: f1a43ec8a7cf925e4738df38296cfb8b9a0243d16d5c56ded5eaa47d11347069
Instruction Fuzzy Hash: C5D05B35380310AEE7205B6CFC0AF6639D49B06724F000A69B655914F1D7E2A8D18755

Function 00163207 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 0016338D
__freea.LIBCMT ref: 001633A9

Strings

am/pm, xrefs: 0016340D
a/p, xrefs: 00163471

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: d7b1542b0316941c5d7c9866892797c9c54910c4c9af9cccc3d336ca5bc83b32
Instruction ID: 3982aab3a2040cfd39ef6c6cc20a8077b873fb3216a630a00730815fbf4f2733
Opcode Fuzzy Hash: d7b1542b0316941c5d7c9866892797c9c54910c4c9af9cccc3d336ca5bc83b32
Instruction Fuzzy Hash: CAC11435D00216DBCB298F68CD99ABEBBB1FF15704F264149E822AB350D7319F61CB61

Function 000FB6E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 219COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FB886

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FB93D

Strings

Failed to convert byte to wide, xrefs: 000FB856
Failed to convert wide to byte, xrefs: 000FB90D

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitialize
String ID: Failed to convert byte to wide$Failed to convert wide to byte
API String ID: 1656330964-1708777540
Opcode ID: 491ac578689753bbc36e98e94bc916f9a8df6e53d3ae8910c0c61c33a3bc72dd
Instruction ID: eee51c4cb0eeb9c061a3ba43016cd319b6e11a6913b515e9cc65fe79f2db5b76
Opcode Fuzzy Hash: 491ac578689753bbc36e98e94bc916f9a8df6e53d3ae8910c0c61c33a3bc72dd
Instruction Fuzzy Hash: 60810EB0E002488FDF18EFA4C985BEDBBB5EF45304F108058E9057B682DB759A4ACF61

Function 001851F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

\\?\, xrefs: 001853C0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: \\?\
API String ID: 0-4282027825
Opcode ID: e568a87866bbea6beb97f315eb4f029c537af196af1f59f8b3d193741ce1e56c
Instruction ID: d8fde1b3d07051e4c06b07588de67a927715c18dfe6e9aca531bba4275d21f1c
Opcode Fuzzy Hash: e568a87866bbea6beb97f315eb4f029c537af196af1f59f8b3d193741ce1e56c
Instruction Fuzzy Hash: 78715D71D00618DBCF14EFA8C894AEDBBF6FF54310F640629E415E7291E7309A41CBA1

Function 000EB420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000EB64C

Strings

ios_base::badbit set, xrefs: 000EB5CF, 000EB5F8, 000EB621
ios_base::failbit set, xrefs: 000EB5D9
ios_base::eofbit set, xrefs: 000EB5DE

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 323602529-1866435925
Opcode ID: 8014b93dcf501b7aee768547673805a1e89b66099314f8e3ccae73baca407248
Instruction ID: f48a195ef7073fea968438047242cb7bbcd6320c9822a3bd2142833846bf8289
Opcode Fuzzy Hash: 8014b93dcf501b7aee768547673805a1e89b66099314f8e3ccae73baca407248
Instruction Fuzzy Hash: 1E718AB1A00649DFCB15CF59C984BAAFBF4FF08314F14816AE914AB791D7B5EA05CB80

Function 00184620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON

Download Yara Rule

APIs

WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 001846E4
GetLastError.KERNEL32 ref: 00184728
WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 00184768

Strings

MCRG, xrefs: 0018466F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: PrivateProfileStructWrite$ErrorLast
String ID: MCRG
API String ID: 3778923442-1523812224
Opcode ID: 07e64951100f5ee65cbbcb094d73f7470c2d35540a81b79acdcd418bd6a12258
Instruction ID: faed4f45cf99b10c172f329d802653f5147b7cd8f2039278b9599b7e4706d4ea
Opcode Fuzzy Hash: 07e64951100f5ee65cbbcb094d73f7470c2d35540a81b79acdcd418bd6a12258
Instruction Fuzzy Hash: AD519E75900649EFDB10DFA8D845F9EBBF8EF49324F14825AF815AB2A1DB709904CF90

Function 000F0490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00143D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,000F04D5,?,?,428E8EC3), ref: 00143DAE

LocalFree.KERNEL32(00000000), ref: 000F05CC
Concurrency::cancel_current_task.LIBCPMT ref: 000F05F6

Strings

unknown error, xrefs: 000F04FE
generic, xrefs: 000F0610

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
String ID: generic$unknown error
API String ID: 3868770561-3628847473
Opcode ID: 480b4a747f222204131683d34ddeb026577e52e1d2a2daf8ce3c147228fe9509
Instruction ID: 967e16323ca674bcdb617364b251ee34c5edade7146bdf615301622cc61919fe
Opcode Fuzzy Hash: 480b4a747f222204131683d34ddeb026577e52e1d2a2daf8ce3c147228fe9509
Instruction Fuzzy Hash: 3741E6B0900709DFDB209F68C84577FBBF4EF54714F10062EF92297682D7B895049B91

Function 0016EA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe, xrefs: 0016EA50, 0016EA57, 0016EA8B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\is-0OCHQ.tmp\prod0_extract\saBSI.exe
API String ID: 0-183028882
Opcode ID: 0b3c4ef2376de0a52ba85ef325950e8ea3ef957e970b73651ff3bd9d3d8481f4
Instruction ID: 4f0bd2f1430b0cf30a647e7e6ca9ee58833be45a1b6194e70fddd7c18565b11e
Opcode Fuzzy Hash: 0b3c4ef2376de0a52ba85ef325950e8ea3ef957e970b73651ff3bd9d3d8481f4
Instruction Fuzzy Hash: 8231A0B5A01218EFCB25DF9DDC85DAEBBF8EB94310B144266F405E7210EB709E54CB60

Function 000E4A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 000E4A51

Strings

/affid, xrefs: 000E4A7B
MSAD_Subinfo, xrefs: 000E4AF3
affid, xrefs: 000E4AEE, 000E4B44

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: H_prolog3_
String ID: /affid$MSAD_Subinfo$affid
API String ID: 2427045233-3897642808
Opcode ID: 909cdabe257b67fc955cef0a219f0eb1dc4f88a4957f526016d959994fc72078
Instruction ID: 3b8e530b523503985ef63df68d10fdb6b044186a7ff44b1c75fbaae89f9faa45
Opcode Fuzzy Hash: 909cdabe257b67fc955cef0a219f0eb1dc4f88a4957f526016d959994fc72078
Instruction Fuzzy Hash: 69419E70D05348DECB18DFA5C895AEDBBB4FF18314F58406EE806B7281DB309A4ACB65

Function 00152F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00152F57

Part of subcall function 00147DF0: __EH_prolog3.LIBCMT ref: 00147DF7
Part of subcall function 00147DF0: std::_Lockit::_Lockit.LIBCPMT ref: 00147E01
Part of subcall function 00147DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00147E72

_Find_elem.LIBCPMT ref: 00152FF3

Strings

0123456789-, xrefs: 00152FA3
%.0Lf, xrefs: 00152F9E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
String ID: %.0Lf$0123456789-
API String ID: 2544715827-3094241602
Opcode ID: 94b05125d0e0d0fa412e787e56a4982d2dc4bf0788333e39a1fa9f69d4b266e4
Instruction ID: 9461cc4aaa38c1679a56d08516d95b571ad1630813b1d9f7a8d3b10031528265
Opcode Fuzzy Hash: 94b05125d0e0d0fa412e787e56a4982d2dc4bf0788333e39a1fa9f69d4b266e4
Instruction Fuzzy Hash: 9A415C71900218DFCF15EFA4C880AEDBBB5FF15315F50015AF921AB2A5DB30DA5ACBA1

Function 00153200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00153207

Part of subcall function 000E32DE: __EH_prolog3_GS.LIBCMT ref: 000E32E5
Part of subcall function 000E32DE: std::_Lockit::_Lockit.LIBCPMT ref: 000E32F2
Part of subcall function 000E32DE: std::_Lockit::~_Lockit.LIBCPMT ref: 000E3360

_Find_elem.LIBCPMT ref: 001532A3

Strings

0123456789-, xrefs: 00153253
0123456789-, xrefs: 0015324E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
String ID: 0123456789-$0123456789-
API String ID: 3328206922-2494171821
Opcode ID: 3dfb8b68fc9c8ab5809297e786bec5eb4e7d47082cfdc2cb3f53ce4a59702c39
Instruction ID: 7bfe8a5345fcdd3a4bf7d9bbfc5b402c34f4458da7b61c16cb4eee9fedbc4625
Opcode Fuzzy Hash: 3dfb8b68fc9c8ab5809297e786bec5eb4e7d47082cfdc2cb3f53ce4a59702c39
Instruction Fuzzy Hash: 1C415B71900218DFCF05EFE4C894AEDBBB5FF09351F100069F920AB256DB309A5ACBA1

Function 00157470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00157477

Part of subcall function 0010C960: std::_Lockit::_Lockit.LIBCPMT ref: 0010C995
Part of subcall function 0010C960: std::_Lockit::_Lockit.LIBCPMT ref: 0010C9B7
Part of subcall function 0010C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0010C9D7
Part of subcall function 0010C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0010CAB1

_Find_elem.LIBCPMT ref: 00157511

Strings

0123456789-, xrefs: 001574C3
0123456789-, xrefs: 001574BE

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
String ID: 0123456789-$0123456789-
API String ID: 3042121994-2494171821
Opcode ID: 603944d7bfbb6e2a1274ad583cf8574f4e2a45b4774e391a88cbebc06865ac7f
Instruction ID: 5cd786e538c3d3bd61c5f2bfc1dd024920d5532131303c42fca62ab341736cfa
Opcode Fuzzy Hash: 603944d7bfbb6e2a1274ad583cf8574f4e2a45b4774e391a88cbebc06865ac7f
Instruction Fuzzy Hash: 2E419F71904248DFCF05EFA4E881AEEBBB5FF14311F50005AF921AB292DB30DA06CB51

Function 0010D700 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32(001AD7E8,00000000,00000000,?,428E8EC3), ref: 0010D75C
CoTaskMemFree.OLE32(00000000), ref: 0010D7D4

Strings

%s\%s, xrefs: 0010D77B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FolderFreeKnownPathTask
String ID: %s\%s
API String ID: 969438705-4073750446
Opcode ID: d19081373335628b0556e84d8230163d55336fffccce8ba5d55648f831a2e078
Instruction ID: 650b6fc2825e9cd94509c47d5dca4eb5ddda5349cf1bafb6b749eb9433c8bb61
Opcode Fuzzy Hash: d19081373335628b0556e84d8230163d55336fffccce8ba5d55648f831a2e078
Instruction Fuzzy Hash: DB2151B1A00258AFDB04DFA5DC85FEEB7F9FB58714F500529E811A3680DB74A904CB60

Function 000F7156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

Part of subcall function 00104B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0010521E

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F7D3D
__Mtx_unlock.LIBCPMT ref: 000F7DC8

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

Strings

Failed to add event category (, xrefs: 000F71F0
V, xrefs: 000F71E4

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
String ID: Failed to add event category ($V
API String ID: 2287862619-1647955383
Opcode ID: c76e96a6c422b97351e5d2785aee9af45ab344c01fc1b22d641cd0160fbbbe06
Instruction ID: fb2a8843c1f60815aed71e7519c44f0e3a64d0049adedb99c7650af8e59abccd
Opcode Fuzzy Hash: c76e96a6c422b97351e5d2785aee9af45ab344c01fc1b22d641cd0160fbbbe06
Instruction Fuzzy Hash: 07319370904288CFDF14EF64D955BED7BB4FF55304F5040A9E8066B242EB75AA08DBA2

Function 000FA7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,428E8EC3,?,?), ref: 000FA531
__Mtx_unlock.LIBCPMT ref: 000FA7EC
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FA989

Part of subcall function 000FF110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000FF268

Strings

Unexpected return value: , xrefs: 000FA8CC

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
String ID: Unexpected return value:
API String ID: 1703231451-3613193034
Opcode ID: 9e861d427b2ff1e31b3f02b772164c0ec059e824ecccdfde414563210819ea4e
Instruction ID: 84f72b2894640858903307009f5463b7b16f5f55042448a800fcdcc7eb8b167d
Opcode Fuzzy Hash: 9e861d427b2ff1e31b3f02b772164c0ec059e824ecccdfde414563210819ea4e
Instruction Fuzzy Hash: 8221E5B0E0024C9BDF14DBA4CC89BFDB775AF46310F104258E219AB6D2DB709A85DA52

Function 000F7052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 000E9BB0: InitOnceBeginInitialize.KERNEL32(001D80C4,00000000,428E8EC3,00000000,428E8EC3,000EA219,001D80CC,?,?,?,?,?,?,000EA219,?,?), ref: 000E9BE5
Part of subcall function 000E9BB0: InitOnceComplete.KERNEL32(001D80C4,00000000,00000000), ref: 000E9C1D

Part of subcall function 000E9940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000E9A12

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 000F7D3D
__Mtx_unlock.LIBCPMT ref: 000F7DC8

Strings

P, xrefs: 000F7077
Service has not been initialized, xrefs: 000F7083

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
String ID: P$Service has not been initialized
API String ID: 920826028-2917841385
Opcode ID: 19285ca100a7a6ce0acf467e46ccee14c5ad1538ba63244d5cc793668d80fb92
Instruction ID: 2f3b13ebbebc4278492242b76cab09612791fdca202d2d1be28646abac5dbf0d
Opcode Fuzzy Hash: 19285ca100a7a6ce0acf467e46ccee14c5ad1538ba63244d5cc793668d80fb92
Instruction Fuzzy Hash: 7C01A77190428CCFDF14EFA0D552BED7774EF54300F908069F90667242EB35A60CDA52

Function 000E308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 000E3095
std::_Lockit::_Lockit.LIBCPMT ref: 000E30A2
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 000E30DF

Strings

bad locale name, xrefs: 000E30F0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 4089677319-1405518554
Opcode ID: 4f93168e91d07e4db98fb5af6e000d0456508c585d50be2aaee5ebb324318491
Instruction ID: 93f5da1bb0112041bf6aac9e560a79094a842a1b9c2c17e89870250398a5d37b
Opcode Fuzzy Hash: 4f93168e91d07e4db98fb5af6e000d0456508c585d50be2aaee5ebb324318491
Instruction Fuzzy Hash: DB011271505B84DEC7319F7A848154AFEE0BF29700B94896EE09D97A51CB30A644CB59

Function 0010D6D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,000E4E6C,428E8EC3), ref: 0010D6D5
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0010D6E5

Strings

SetDefaultDllDirectories, xrefs: 0010D6DF
kernel32.dll, xrefs: 0010D6D0

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: SetDefaultDllDirectories$kernel32.dll
API String ID: 1646373207-2102062458
Opcode ID: 44caf18fdbed091911e40e6bb3420ce6c73e4699cf97c52107dc9b51db12919d
Instruction ID: 16cb9ff2d6f021815781109fdae26fd97b98547618e8651bd117963ff753e854
Opcode Fuzzy Hash: 44caf18fdbed091911e40e6bb3420ce6c73e4699cf97c52107dc9b51db12919d
Instruction Fuzzy Hash: 7DD0123474471566DE005BF25E09B4E16846B41BC2F0C4891F045D70D0CFF5C450CA21

Function 001724F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0017257F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
Instruction ID: 920342fb4ba199cd5cc376bb4eb26a1927bb946a45d0e1599182163350c8d1b3
Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
Instruction Fuzzy Hash: F6B137329042859FDB15CF28C891BEEBBF5EF65350F24C16AE859DB241D7349E42CB50

Function 00182AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON

Download Yara Rule

APIs

Part of subcall function 000E463F: GetProcessHeap.KERNEL32(?,?,?,000EE97C,428E8EC3,?,?,?,?,00189590,000000FF), ref: 000E4676

WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,0018FB28,000000FF), ref: 00182BF4

Part of subcall function 001075F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00182B5D,?,00000000), ref: 00107628
Part of subcall function 001075F0: LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00182B5D,?,00000000,?,?,?,?,?,0018FB28), ref: 00107636
Part of subcall function 001075F0: LockResource.KERNEL32(00000000,?,?,?,?,?,00182B5D,?,00000000,?,?,?,?,?,0018FB28,000000FF), ref: 00107641
Part of subcall function 001075F0: SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00182B5D,?,00000000,?,?,?,?,?,0018FB28), ref: 0010764F

FindResourceW.KERNEL32(00000000,?,00000006), ref: 00182B74

Part of subcall function 00107580: LoadResource.KERNEL32(?,?,?,80070057,8007000E,80004005,00000000,?,?,?,?,?,?,?,0010480F,428E8EC3), ref: 00107589
Part of subcall function 00107580: LockResource.KERNEL32(00000000,?,80070057,8007000E,80004005,00000000,?,?,?,?,?,?,?,0010480F,428E8EC3), ref: 00107594
Part of subcall function 00107580: SizeofResource.KERNEL32(?,?,?,80070057,8007000E,80004005,00000000,?,?,?,?,?,?,?,0010480F,428E8EC3), ref: 001075A8

WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00182BAB
WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0018FB28,000000FF), ref: 00182C2E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
String ID:
API String ID: 2838002939-0
Opcode ID: 609981bc6260421e677c60272571c034240acec562bfba79dd815fd9577fd1cb
Instruction ID: b2a56d4b23dafd80b45cbc048aead1a652232879ec22c42d073fa4d0a610d5d5
Opcode Fuzzy Hash: 609981bc6260421e677c60272571c034240acec562bfba79dd815fd9577fd1cb
Instruction Fuzzy Hash: 7F51CD30200241AFE726EF18CC89F2AB7E8EF54710F24466DF6459B2D1EBB4AA40CF55

Function 0015C0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0015C1A8
___AdjustPointer.LIBCMT ref: 0015C1CB
___AdjustPointer.LIBCMT ref: 0015C267

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: d0972bab93320bb6c9fced17c0d67079d321621947848f540f17d08bcfa71086
Instruction ID: e57963b0fcf0b08142f63e2c75d162b3f551f14e7256b44fb25094d9780a278b
Opcode Fuzzy Hash: d0972bab93320bb6c9fced17c0d67079d321621947848f540f17d08bcfa71086
Instruction Fuzzy Hash: 5C51AF76600706DFDB299F94C881BAAB7A4FF54716F144129EC255E292E731AC88CBD0

Function 00173531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ae02a2518ae4417f301386229574eabb3df47158690ce9aca630e46653414d
Instruction ID: 9d80b1b962ed196e940b65e7cbb665da587d33670148c88d4a8378c25f03e605
Opcode Fuzzy Hash: 50ae02a2518ae4417f301386229574eabb3df47158690ce9aca630e46653414d
Instruction Fuzzy Hash: F641D9B2A00704BFD725AF78C846B5ABBB5EF98710F108529F125DB381D771DB459B80

Function 0018174E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0018181E
_free.LIBCMT ref: 00181847
SetEndOfFile.KERNEL32(00000000,001800BA,00000000,001802C3,?,?,?,?,?,?,?,001800BA,001802C3,00000000), ref: 00181879
GetLastError.KERNEL32(?,?,?,?,?,?,?,001800BA,001802C3,00000000,?,?,?,?,00000000), ref: 00181895

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 5ab3a3eca0c00c068cb10d6306493d1de9ebd925b4aa6c1ccd7fc7b360ba2327
Instruction ID: 8e6783c4937f0ef1ec3e0f1269be3b55b5d6333e38bb03626a5c79486c336afa
Opcode Fuzzy Hash: 5ab3a3eca0c00c068cb10d6306493d1de9ebd925b4aa6c1ccd7fc7b360ba2327
Instruction Fuzzy Hash: C541C573900605BBDB21BBB8DC43A9D37BDAF55360F240114F824A7292EB34DA468B61

Function 0010EBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON

Download Yara Rule

APIs

RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0010EBCB
RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0010EC28
RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 0010EC4F

Part of subcall function 0010EBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 0010EC7E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CloseEnumOpenSecurity
String ID:
API String ID: 611561417-0
Opcode ID: 4e48a6dd61d6663bea02ac855958a1c23882df3fe659540f49ca5a57654532e1
Instruction ID: 9820823b4c116a06fb84eeb94c356708e6b1173958a0ab9842eeb348105ccba3
Opcode Fuzzy Hash: 4e48a6dd61d6663bea02ac855958a1c23882df3fe659540f49ca5a57654532e1
Instruction Fuzzy Hash: 29318472A0021CABDB20DF55DD49FEAB7F8FB18700F0005A6F955E6191DBB19E90DB50

Function 0016E0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bca0cf134c591b3332f4deb42da9b1f053f0033f4dc4553660bdb0826440e6c3
Instruction ID: 286853bb7ce7cb2661342381355804ebe04ea8c68aacd0c7128c8247fcbdc29c
Opcode Fuzzy Hash: bca0cf134c591b3332f4deb42da9b1f053f0033f4dc4553660bdb0826440e6c3
Instruction Fuzzy Hash: B021D4B9204209AFEB20AF64DC95D3B77EDEF163687104715F82587190DB30DC6197A0

Function 001075F0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

APIs

Part of subcall function 0015987E: EnterCriticalSection.KERNEL32(001D77A0,?,00000001,?,001086A7,00000000,?,00000001,?,00000000,?,?,0010C338,-00000010), ref: 00159889
Part of subcall function 0015987E: LeaveCriticalSection.KERNEL32(001D77A0,?,001086A7,00000000,?,00000001,?,00000000,?,?,0010C338,-00000010,?,?,?,428E8EC3), ref: 001598B5

FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,00182B5D,?,00000000), ref: 00107628
LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,00182B5D,?,00000000,?,?,?,?,?,0018FB28), ref: 00107636
LockResource.KERNEL32(00000000,?,?,?,?,?,00182B5D,?,00000000,?,?,?,?,?,0018FB28,000000FF), ref: 00107641
SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,00182B5D,?,00000000,?,?,?,?,?,0018FB28), ref: 0010764F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
String ID:
API String ID: 529824247-0
Opcode ID: 6633a087db1468948d0cf2e771f8d8add0e6758c0a2e7e582dbec3c9c110b7ab
Instruction ID: fd8dd20961e9c36e93a96b91845e3c8d76d5a42d08f4c2d3164bd61e0a43cbe2
Opcode Fuzzy Hash: 6633a087db1468948d0cf2e771f8d8add0e6758c0a2e7e582dbec3c9c110b7ab
Instruction Fuzzy Hash: F0112932B086165BE7355B1D9C44A3BB398EBC0391F140D2EF993872D0FBA2EC148650

Function 00181647 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(0016537C,001440A9,?,00000000,0016537C,?,0017F9C7,0016537C,00000001,0016537C,0016537C,?,00175B42,00000000,8304488B,0016537C), ref: 0018165E
GetLastError.KERNEL32(?,0017F9C7,0016537C,00000001,0016537C,0016537C,?,00175B42,00000000,8304488B,0016537C,00000000,0016537C,?,00176096,00000010), ref: 0018166A

Part of subcall function 00181630: CloseHandle.KERNEL32(FFFFFFFE,0018167A,?,0017F9C7,0016537C,00000001,0016537C,0016537C,?,00175B42,00000000,8304488B,0016537C,00000000,0016537C), ref: 00181640

___initconout.LIBCMT ref: 0018167A

Part of subcall function 001815F0: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0018161F,0017F9B4,0016537C,?,00175B42,00000000,8304488B,0016537C,00000000), ref: 00181603

WriteConsoleW.KERNEL32(0016537C,001440A9,?,00000000,?,0017F9C7,0016537C,00000001,0016537C,0016537C,?,00175B42,00000000,8304488B,0016537C,00000000), ref: 0018168F

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: cf76bbd02591a5b7ce08af801fe9bd2fbb047d306d64daed8b17b74573dfda67
Instruction ID: 16a19330b5910c82c380bea09906f0211ca5633ba7f9abf02af0639ae3f88260
Opcode Fuzzy Hash: cf76bbd02591a5b7ce08af801fe9bd2fbb047d306d64daed8b17b74573dfda67
Instruction Fuzzy Hash: C7F01C37002124BBCF226F91DC05A9E3F6AFB493A0F188011FA0985530D77289619F90

Function 00158982 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,0015891F,00000064), ref: 001589A5
LeaveCriticalSection.KERNEL32(001D742C,000F1171,?,0015891F,00000064,?,?,?,000F402B,001D827C,428E8EC3,?,000F1171,?), ref: 001589AF
WaitForSingleObjectEx.KERNEL32(000F1171,00000000,?,0015891F,00000064,?,?,?,000F402B,001D827C,428E8EC3,?,000F1171,?), ref: 001589C0
EnterCriticalSection.KERNEL32(001D742C,?,0015891F,00000064,?,?,?,000F402B,001D827C,428E8EC3,?,000F1171,?), ref: 001589C7

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 699a8107dc23939c358678944e83914c89bd0e0493b9fabbd8a219e43bdfd6f3
Instruction ID: 33406d11b7401815e3084f65f680bc12fdb2e43d9ceb9602c5f7332458226893
Opcode Fuzzy Hash: 699a8107dc23939c358678944e83914c89bd0e0493b9fabbd8a219e43bdfd6f3
Instruction Fuzzy Hash: 64E0D832606224FBCB032B50EC0899D7F6DFF48B11B040023F905666B1DBB108908BD2

Function 0016F540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0016F549

Part of subcall function 00172098: RtlFreeHeap.NTDLL(00000000,00000000,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?), ref: 001720AE
Part of subcall function 00172098: GetLastError.KERNEL32(?,?,0017B729,?,00000000,?,?,?,0017B9CC,?,00000007,?,?,0017BDD6,?,?), ref: 001720C0

_free.LIBCMT ref: 0016F55C
_free.LIBCMT ref: 0016F56D
_free.LIBCMT ref: 0016F57E

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a0acf98afe99658b129ebb26c6f2463bef833c40002cb4dcf955e3a591bb1b63
Instruction ID: 3a4752d12ee49167177f1d8ef2fb60aba949a87b45648c1cd9dd4f4214b56e44
Opcode Fuzzy Hash: a0acf98afe99658b129ebb26c6f2463bef833c40002cb4dcf955e3a591bb1b63
Instruction Fuzzy Hash: EAE0B6B19A7621AE87226F3DBC014493B31A7647107414047F44D56B71EF3A15DEDBA1

Function 001452EC Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 001452F3

Part of subcall function 0010BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0010BE2F
Part of subcall function 0010BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0010BE51
Part of subcall function 0010BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0010BE71
Part of subcall function 0010BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0010BFFC

_Find_elem.LIBCPMT ref: 001454EF

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 0014535B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 3042121994-2799312399
Opcode ID: 2561aa2edda89796893ef75e411bde519c3d9417dd7cc92914c96416fd0f5250
Instruction ID: bb0ccb1f3d0caad68a0abc2360f6d8c64ef08b70f4691bf10e4bde4030af559b
Opcode Fuzzy Hash: 2561aa2edda89796893ef75e411bde519c3d9417dd7cc92914c96416fd0f5250
Instruction Fuzzy Hash: 4CC17B30E046888FDF25DFA4C590BECBBB3AF56300F694169D8856F2A7DB609D46CB50

Function 001222F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 262COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?), ref: 00122319
FreeLibrary.KERNEL32(00000000), ref: 00122369

Strings

_=nil}, xrefs: 001225ED

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FreeLibrary
String ID: _=nil}
API String ID: 3664257935-1856519683
Opcode ID: f66fa366971b5d5073af31d8af86dc90ab3a19f5a83f84e3990ccc777033ce1f
Instruction ID: df10b75d68a21372f189b6459a039fc1745b3459265805c77610fa499cf84a1e
Opcode Fuzzy Hash: f66fa366971b5d5073af31d8af86dc90ab3a19f5a83f84e3990ccc777033ce1f
Instruction Fuzzy Hash: C3A10671900258AFCB24DF64EC45BAEB7F4FF04304F088559E549AB692D774EA94CB90

Function 00184440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

Part of subcall function 00182AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00182B74
Part of subcall function 00182AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 00182BAB
Part of subcall function 00182AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,0018FB28,000000FF), ref: 00182C2E

WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 0018453C
WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 00184598

Strings

MCRG, xrefs: 00184480

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
String ID: MCRG
API String ID: 2178413835-1523812224
Opcode ID: d7450348e8443f0038649fb7a3126998d417121fe7d6da99a348d37befd90bcd
Instruction ID: c114ba6eee93803df585b53731c4b84bc6f1fc91d9157d2149d8b61736a8b54b
Opcode Fuzzy Hash: d7450348e8443f0038649fb7a3126998d417121fe7d6da99a348d37befd90bcd
Instruction Fuzzy Hash: 82616871A01549EFDB01DFA8C844B9EFBF5EF59320F148259E815AB2A1DB70AA05CF90

Function 0015C6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0015C707

Strings

RCC, xrefs: 0015C721
MOC, xrefs: 0015C719

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 4b4332f7788570a9e20621b1b6dab1ca34f0a9b6b4950a6d7dc06e05149b2e35
Instruction ID: 5fa7532f4f8ae007d126a63d150f98d9cd8d6ef5af341cfb4a06ec72727783b3
Opcode Fuzzy Hash: 4b4332f7788570a9e20621b1b6dab1ca34f0a9b6b4950a6d7dc06e05149b2e35
Instruction Fuzzy Hash: 38413572900209EFCF16DF98CC81AAEBBB5BF48305F148199FD24AB211D3359994DF91

Function 00157720 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00157727
__cftoe.LIBCMT ref: 001577A5

Strings

!%x, xrefs: 0015773B

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: H_prolog3___cftoe
String ID: !%x
API String ID: 855520168-1893981228
Opcode ID: a3ddbed75b6457da7cd0b6bc7b012a7d5dbc02eec802be3733421cb6f22cf63d
Instruction ID: e8eb11983d23c63617d699f040ed7012f425b04b26ddbefd370ff7fe5eab68ce
Opcode Fuzzy Hash: a3ddbed75b6457da7cd0b6bc7b012a7d5dbc02eec802be3733421cb6f22cf63d
Instruction Fuzzy Hash: 92316D75918248EFDF04DF94E845AEEBBB5EF19301F140019F854BB282D7359A49CFA0

Function 0010E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

CLSIDFromString.OLE32(0000007B,?), ref: 0010E650

Strings

@, xrefs: 0010E608
{, xrefs: 0010E627

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: FromString
String ID: @${
API String ID: 1694596556-3118734784
Opcode ID: 6261849c513c62257f5da8276f3f87a2b1b2902c3b74952a98dda827f45b0d8b
Instruction ID: 0fbbd3eb82bf35aee583d7981d6ccf8d9471660dfaa17ca8fa3765c7d5ad92b1
Opcode Fuzzy Hash: 6261849c513c62257f5da8276f3f87a2b1b2902c3b74952a98dda827f45b0d8b
Instruction Fuzzy Hash: EF01A9316002189BCB14DF59D900B9EB3F8FF69714F40819EB845E7150DF70AA84CB90

Function 001597CD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 000E44F8: InitializeCriticalSectionEx.KERNEL32(001D77A0,00000000,00000000,001D778C,001597FC,?,?,?,000E11BA), ref: 000E44FE
Part of subcall function 000E44F8: GetLastError.KERNEL32(?,?,?,000E11BA), ref: 000E4508

IsDebuggerPresent.KERNEL32(?,?,?,000E11BA), ref: 00159800
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,000E11BA), ref: 0015980F

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0015980A

Memory Dump Source

Source File: 0000000A.00000002.2958479277.00000000000D1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 000D0000, based on PE: true

Associated: 0000000A.00000002.2958363382.00000000000D0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2958963380.000000000019E000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959143867.00000000001CF000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959247582.00000000001D4000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959359492.00000000001D6000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.2959437652.00000000001D9000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_d0000_saBSI.jbxd

Similarity

API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3511171328-631824599
Opcode ID: be8df0ae5dbeacfc936767fa0c608767eb6a3016e8a2781853e1f2f6ad36a0b5
Instruction ID: 3e53d4f1d789c83e269e7d20bc8e382f78f7b52ae44a82c7231a2016a8740eaf
Opcode Fuzzy Hash: be8df0ae5dbeacfc936767fa0c608767eb6a3016e8a2781853e1f2f6ad36a0b5
Instruction Fuzzy Hash: A3E092B0300710CFD7209F65E9043427BE4AF05745F00892EE8AAC6651DBB4E48DCBA2

Description:	Adversaries may gather information about the victim's host software that can be used during targeting. Information about installed software may include a variety of details such as types and versions on specific hosts, as well as the presence of additional components that might be indicative of added defensive protections (ex: antivirus, SIEMs, etc.).
Tactics:	Reconnaissance
Data Sources:	Internet Scan: Response Content
Platforms:	PRE
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\WeatherZero\Newtonsoft.Json.dll

C:\Program Files (x86)\WeatherZero\WeatherZero.exe

C:\Program Files (x86)\WeatherZero\WeatherZero.exe.config

C:\Program Files (x86)\WeatherZero\WeatherZeroService.exe

C:\Program Files (x86)\WeatherZero\uninstall.exe

C:\Program Files (x86)\WeatherZero\wz.ico

C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FB5.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER63BD.tmp.WERInternalMetadata.xml

Windows Analysis Report
http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre